casbin init

conf/model.conf

+# Request定义
+[request_definition]
+r = sub, obj, act
+
+# 策略定义
+[policy_definition]
+p = sub, obj, act
+
+# 角色定义
+[role_definition]
+g = _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+# 匹配器定义
+[matchers]
+m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act || r.sub=="admin"
\ No newline at end of file

conf/policy.csv

+p,zhangsan,data1,read
\ No newline at end of file

go.mod

@@ -8,29 +8,29 @@ require (
 	github.com/astaxie/beego v1.12.0
 	github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f // indirect
 	github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc
+	github.com/casbin/casbin/v2 v2.26.1
+	github.com/casbin/gorm-adapter/v3 v3.2.6
 	github.com/dgrijalva/jwt-go v3.2.1-0.20190620180102-5e25c22bd5d6+incompatible
 	github.com/fatih/color v1.8.0 // indirect
 	github.com/gin-gonic/gin v1.5.0
 	github.com/go-ini/ini v1.44.0
 	github.com/go-siris/siris v7.4.0+incompatible // indirect
-	github.com/go-sql-driver/mysql v1.4.1
+	github.com/go-sql-driver/mysql v1.5.0
 	github.com/gomodule/redigo v2.0.1-0.20190322064113-39e2c31b7ca3+incompatible
 	github.com/howeyc/fsnotify v0.9.0 // indirect
 	github.com/jinzhu/gorm v1.9.10
-	github.com/jinzhu/now v1.0.1
+	github.com/jinzhu/now v1.1.1
 	github.com/kr/pretty v0.2.0 // indirect
 	github.com/labstack/echo v3.3.10+incompatible // indirect
 	github.com/labstack/gommon v0.3.0 // indirect
-	github.com/mattn/go-colorable v0.1.6 // indirect
 	github.com/oxequa/interact v0.0.0-20171114182912-f8fb5795b5d7 // indirect
 	github.com/oxequa/realize v2.0.2+incompatible // indirect
 	github.com/pilu/config v0.0.0-20131214182432-3eb99e6c0b9a // indirect
 	github.com/pilu/fresh v0.0.0-20190826141211-0fa698148017 // indirect
 	github.com/robfig/cron v1.2.0
-	github.com/satori/go.uuid v1.2.0 // indirect
 	github.com/valyala/fasttemplate v1.1.0 // indirect
 	github.com/xinliangnote/go-util v0.0.0-20200323134426-527984dc34bf
-	golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c
+	golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
 	golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527 // indirect
 	gopkg.in/go-playground/validator.v9 v9.29.1
 	gopkg.in/ini.v1 v1.51.1 // indirect

middleware/auth/casbin.go

+package auth
+
+import (
+	"bwallet/pkg/errno"
+	"bwallet/pkg/handler"
+	"bwallet/pkg/util"
+	"fmt"
+	"github.com/casbin/casbin/v2"
+	"github.com/casbin/gorm-adapter/v3"
+	"github.com/gin-gonic/gin"
+	_ "github.com/go-sql-driver/mysql"
+)
+
+func Casbin() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		// Initialize a Xorm adapter with MySQL database.
+		//a, _ := gormadapter.NewAdapter("mysql", "root:fVkWkJZoOQcpunqC@tcp(172.16.101.45:3306)/pc_manage", true)
+		// e, err := casbin.NewEnforcer("./conf/model.conf", "./conf/policy.csv")
+
+		claim := c.MustGet("userClaim").(*util.Claims)
+		path := c.Request.URL.Path
+		method := c.Request.Method
+		username := claim.UserInfo.Username
+		fmt.Println(path, "----", method, "---", username)
+
+		a, _ := gormadapter.NewAdapter("mysql", "root:fVkWkJZoOQcpunqC@tcp(172.16.101.45:3306)/pc_manage", true)
+		e, err := casbin.NewEnforcer("./conf/model.conf", a)
+		if err != nil {
+			handler.SendResponse(c, errno.InternalServerError, nil)
+			c.Abort()
+			return
+		}
+		//sub := "alice" // the user that wants to access a resource.
+		//obj := "data1" // the resource that is going to be accessed.
+		//act := "read"  // the operation that the user performs on the resource.
+		//added, err := e.AddPolicy("alice", "data1", "read")
+
+		//added,err := e.AddGroupingPolicy("alice", "admin")
+		//fmt.Println(added)
+		//if err != nil {
+		//	fmt.Println("添加权限错误，错误内容：", err)
+		//}
+		//ok, err := e.Enforce(sub, obj, act)
+
+		ok, err := e.Enforce(username, path, method)
+
+		if err != nil {
+			handler.SendResponse(c, errno.InternalServerError, nil)
+			c.Abort()
+			return
+		}
+
+		if ok != true {
+			handler.SendResponse(c, errno.PermissionDenied, nil)
+			c.Abort()
+			return
+		}
+
+		c.Next()
+
+	}
+}

middleware/jwt/jwt.go

@@ -18,7 +18,7 @@ func JWT() gin.HandlerFunc {
 		if token == "" {
 			code = e.INVALID_PARAMS
 		} else {
-			_, err := util.ParseToken(token)
+			claims, err := util.ParseToken(token)
 			if err != nil {
 				switch err.(*jwt.ValidationError).Errors {
 				case jwt.ValidationErrorExpired:
@@ -27,6 +27,7 @@ func JWT() gin.HandlerFunc {
 					code = e.ERROR_AUTH_CHECK_TOKEN_FAIL
 				}
 			}
+			c.Set("userClaim", claims)
 		}
 
 		if code != e.SUCCESS {

models/admin_role.go

+package models
+
+import (
+	"bwallet/pkg/setting"
+	"github.com/jinzhu/gorm"
+)
+
+type AdminRole struct {
+	Model
+
+	Uid    uint8 `json:"uid"`
+	RoleId uint8 `json:"role_id"`
+}
+
+func (c AdminRole) TableName() string {
+	return setting.DatabaseSetting.Name_Manage + ".gli_admin_role"
+}
+
+func AddAdminRole(data map[string]interface{}) (error) {
+	role := AdminRole{
+		Uid:    data["uid"].(uint8),
+		RoleId: data["role_id"].(uint8),
+	}
+	if err := db.Create(&role).Error; err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func DeleteAdminRole(id int) error {
+	if err := db.Where("id = ?", id).Delete(AdminRole{}).Error; err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func GetAdminRoles(pageNum, pageSize int, maps interface{}) ([]*AdminRole, error) {
+	var roles []*AdminRole
+	err := db.Where(maps).Offset(pageNum).Limit(pageSize).Find(&roles).Error
+	if err != nil && err != gorm.ErrRecordNotFound {
+		return nil, err
+	}
+
+	return roles, nil
+}

models/casbin_role.go

+package models
+
+import (
+	"bwallet/pkg/setting"
+	"github.com/jinzhu/gorm"
+)
+
+type Role struct {
+	Model
+
+	RoleName    string `json:"role_name"`
+	Description string `json:"description"`
+	PlatformId  int64  `json:"platform_id"`
+}
+
+func (c Role) TableName() string {
+	return setting.DatabaseSetting.Name_Manage + ".gli_role"
+}
+
+func GetRole(id int) (*Role, error) {
+	var role Role
+	err := db.Where("id = ?", id).First(&role).Error
+	if err != nil && err != gorm.ErrRecordNotFound {
+		return nil, err
+	}
+
+	err = db.Model(&role).Error
+	if err != nil && err != gorm.ErrRecordNotFound {
+		return nil, err
+	}
+
+	return &role, nil
+}
+
+func AddRole(data map[string]interface{}) (error) {
+	role := Role{
+		RoleName:    data["role_name"].(string),
+		Description: data["description"].(string),
+		PlatformId:  data["platform_id"].(int64),
+	}
+	if err := db.Create(&role).Error; err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func EditRole(id int, data interface{}) error {
+	if err := db.Model(&Role{}).Where("id = ?", id).Updates(data).Error; err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func DeleteRole(id int) error {
+	if err := db.Where("id = ?", id).Delete(Role{}).Error; err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func GetRoles(maps interface{}) ([]*Role, error) {
+	var roles []*Role
+	err := db.Where(maps).Find(&roles).Error
+	if err != nil && err != gorm.ErrRecordNotFound {
+		return nil, err
+	}
+
+	return roles, nil
+}

models/casbin_rule.go

+package models
+
+import (
+	"bwallet/pkg/setting"
+)
+
+type CasbinRule struct {
+	Model
+
+	Ptype string `json:"ptype"`
+	V0    string `json:"v0"`
+	V1    string `json:"v1"`
+	V2    string `json:"v2"`
+	V3    string `json:"v3"`
+	V4    string `json:"v4"`
+	V5    string `json:"v5"`
+}
+
+func (c CasbinRule) TableName() string {
+	return setting.DatabaseSetting.Name_Manage + ".casbin_rule"
+}
+
+func AddRuleRelation(data map[string]interface{}) (error) {
+	rule_relation := CasbinRule{
+		Ptype: data["ptype"].(string),
+		V0:    data["v0"].(string),
+		V1:    data["v1"].(string),
+		V2:    data["v2"].(string),
+		V3:    data["v3"].(string),
+		V4:    data["v4"].(string),
+		V5:    data["v5"].(string),
+	}
+	if err := db.Create(&rule_relation).Error; err != nil {
+		return err
+	}
+
+	return nil
+}

pkg/errno/errno.go

@@ -69,6 +69,8 @@ var (
 	ErrSn         = &Errno{Code: 20004, Message: "Sn error."}
 	ErrAk         = &Errno{Code: 20005, Message: "Ak error."}
 
+	PermissionDenied = &Errno{Code:403, Message:"Permission Denied"}
+
 	// coin errors
 	ErrCoinNotFound = &Errno{Code: 20101, Message: "The coin was not found."}
 	ErrCountCoin    = &Errno{Code: 20102, Message: "The coins statistic error."}
@@ -204,4 +206,11 @@ var (
 	ErrAddClientApp      = &Errno{Code: 20103, Message: "The client app add error."}
 	ErrUpdateClientApp   = &Errno{Code: 20104, Message: "The client app update error."}
 	ErrDeleteClientApp   = &Errno{Code: 20105, Message: "The client app delete error."}
+
+	// role errors
+	ErrRoleNotFound = &Errno{Code: 20101, Message: "The role was not found."}
+	ErrCountRole    = &Errno{Code: 20102, Message: "The roles statistic error."}
+	ErrAddRole      = &Errno{Code: 20103, Message: "The role add error."}
+	ErrUpdateRole   = &Errno{Code: 20104, Message: "The role update error."}
+	ErrDeleteRole   = &Errno{Code: 20105, Message: "The role delete error."}
 )

routers/api/backend/admin_role.go

+package backend
+
+import (
+	"bwallet/pkg/errno"
+	"bwallet/pkg/handler"
+	"bwallet/service/casbin_service"
+	"bwallet/validate_service"
+	"github.com/gin-gonic/gin"
+	"strings"
+)
+
+func GetAdminRoles(c *gin.Context) {
+
+}
+
+func AddAdminRole(c *gin.Context) {
+	role := validate_service.AdminRole{}
+	c.ShouldBindJSON(&role)
+
+	if ok, errors := validate_service.ValidateInputs(role); !ok {
+		for _, err := range errors {
+			handler.SendResponse(c, errno.ErrBind, strings.Join(err, " "))
+			return
+		}
+	}
+
+	roleService := role_service.AdminRole{
+		Uid:    role.Uid,
+		RoleId: role.RoleId,
+	}
+
+	if err := roleService.AddAdminRole(); err != nil {
+		handler.SendResponse(c, errno.ErrAddWallet, nil)
+		return
+	}
+
+	handler.SendResponse(c, nil, nil)
+}
+
+func EditAdminRole(c *gin.Context) {
+
+}
+
+func DeleteAdminRole(c *gin.Context) {
+
+}

routers/api/backend/role.go

+package backend
+
+import (
+	"bwallet/pkg/errno"
+	"bwallet/pkg/handler"
+	"bwallet/pkg/util"
+	"bwallet/service/casbin_service"
+	"bwallet/validate_service"
+	"github.com/Unknwon/com"
+	"github.com/astaxie/beego/validation"
+	"github.com/gin-gonic/gin"
+	"strings"
+)
+
+func GetRoles(c *gin.Context) {
+	role_name := ""
+	if arg := c.Query("role_name"); arg != "" {
+		role_name = c.Query("role_name")
+	}
+
+	description := ""
+	if arg := c.Query("description"); arg != "" {
+		description = c.Query("description")
+	}
+
+	token := c.Request.Header.Get("Token")
+	user, _ := util.ParseToken(token)
+
+	group := user.UserInfo.Group
+	platform_id := user.UserInfo.PlatformId
+	roleService := role_service.Role{}
+	if ("administrator" == group) {
+		if arg := c.Query("platform_id"); arg != "" {
+			platform_id = com.StrTo(c.Query("platform_id")).MustInt()
+		}
+	}
+
+	roleService = role_service.Role{
+		RoleName:    role_name,
+		Description: description,
+		PlatformId:  int64(platform_id),
+	}
+
+	roles, err := roleService.GetAllRoles()
+	if err != nil {
+		handler.SendResponse(c, errno.InternalServerError, nil)
+		return
+	}
+
+	handler.SendResponse(c, nil, roles)
+}
+
+func AddRole(c *gin.Context) {
+	role := validate_service.Role{}
+	c.ShouldBindJSON(&role)
+
+	if ok, errors := validate_service.ValidateInputs(role); !ok {
+		for _, err := range errors {
+			handler.SendResponse(c, errno.ErrBind, strings.Join(err, " "))
+			return
+		}
+	}
+
+	token := c.Request.Header.Get("Token")
+	user, _ := util.ParseToken(token)
+	platform_id := int64(user.UserInfo.PlatformId)
+
+	roleService := role_service.Role{
+		RoleName:    role.RoleName,
+		Description: role.Description,
+		PlatformId:  platform_id,
+	}
+
+	if err := roleService.AddRole(); err != nil {
+		handler.SendResponse(c, errno.ErrAddRole, nil)
+		return
+	}
+
+	handler.SendResponse(c, nil, nil)
+}
+
+func EditRole(c *gin.Context) {
+	role_tmp := validate_service.EditRole{}
+	c.ShouldBindJSON(&role_tmp)
+
+	if ok, errors := validate_service.ValidateInputs(role_tmp); !ok {
+		for _, err := range errors {
+			handler.SendResponse(c, errno.ErrBind, strings.Join(err, " "))
+			return
+		}
+	}
+
+	roleService := role_service.Role{Id: role_tmp.Id}
+	role, err := roleService.GetRole()
+	if err != nil {
+		handler.SendResponse(c, errno.ErrRoleNotFound, nil)
+		return
+	}
+	token := c.Request.Header.Get("Token")
+	user, _ := util.ParseToken(token)
+	platform_id := int64(user.UserInfo.PlatformId)
+	if platform_id != role.PlatformId {
+		handler.SendResponse(c, errno.ErrUpdateRole, nil)
+		return
+	}
+	roleService = role_service.Role{
+		Id:          role_tmp.Id,
+		RoleName:    role_tmp.RoleName,
+		Description: role_tmp.Description,
+	}
+	if err := roleService.EditRole(); err != nil {
+		handler.SendResponse(c, errno.ErrUpdateRole, nil)
+		return
+	}
+	handler.SendResponse(c, nil, nil)
+}
+
+func DeleteRole(c *gin.Context) {
+	id := com.StrTo(c.DefaultQuery("id", "0")).MustInt()
+	valid := validation.Validation{}
+	valid.Min(id, 1, "id").Message("ID必须大于0")
+	if valid.HasErrors() {
+		handler.SendResponse(c, errno.ErrValidation, nil)
+		return
+	}
+
+	roleService := role_service.Role{Id: id}
+	role, err := roleService.GetRole()
+
+	if err != nil {
+		handler.SendResponse(c, errno.ErrRoleNotFound, nil)
+		return
+	}
+	token := c.Request.Header.Get("Token")
+	user, _ := util.ParseToken(token)
+	platform_id := int64(user.UserInfo.PlatformId)
+	if platform_id != role.PlatformId {
+		handler.SendResponse(c, errno.ErrUpdateRole, nil)
+		return
+	}
+
+	err = roleService.DeleteRole()
+	if err != nil {
+		handler.SendResponse(c, errno.ErrDeleteWallet, nil)
+		return
+	}
+
+	handler.SendResponse(c, nil, nil)
+}

routers/router.go

@@ -44,16 +44,15 @@ func InitRouter() *gin.Engine {
 	client.GET("/live-charge", app.GetLiveCharge)
 	client.GET("/live/status", app.LiveStatus)
 	client.POST("/live/notifyUrl", app.NotifyUrl)
-	client.POST("/live/verify",app.VerifyStatus)
-	client.GET("/live-banners",app.GetLiveBanners)
+	client.POST("/live/verify", app.VerifyStatus)
+	client.GET("/live-banners", app.GetLiveBanners)
 
-	client.GET("/fees/recommended",app.GetTransactionGas)
-	client.GET("/tokenview/explore",app.Explore)
+	client.GET("/fees/recommended", app.GetTransactionGas)
+	client.GET("/tokenview/explore", app.Explore)
 
 	api := r.Group("/api")
 
-	//api.Use(auth.AUTH())
-	api.Use(jwt.JWT())
+	api.Use(jwt.JWT()) //.Use(auth.Casbin())
 	api.POST("/log", backend.AddOperationLog)
 	api.GET("/logs", backend.GetOperationLogs)
 	api.Use(log.LogMiddleware(e.HandleTableName))
@@ -108,8 +107,8 @@ func InitRouter() *gin.Engine {
 		api.PUT("/recommend-coin", backend.EditRecommendCoin)
 		api.DELETE("/recommend-coin", backend.DeleteRecommendCoin)
 		api.GET("/transaction-fees", backend.GetTransactionFees)
-		api.GET("/transaction-coins", backend.GetTransactionCoins)
 		api.PUT("/transaction-fees", backend.EditTransactionFees)
+		api.GET("/transaction-coins", backend.GetTransactionCoins)
 
 		api.GET("/trusteeship-coins", backend.GetTrusteeshipCoins)
 		api.POST("/trusteeship-coin", backend.AddTrusteeshipCoin)
@@ -148,10 +147,18 @@ func InitRouter() *gin.Engine {
 		api.PUT("/live-charge", backend.EditLiveCharge)
 
 		api.GET("/managers", backend.GetManagers)
-		//api.GET("/user", backend.GetUser)
 		api.POST("/manager", backend.AddManager)
 		api.PUT("/manager", backend.EditManager)
 		api.DELETE("/manager", backend.DeleteManager)
+
+		api.GET("/roles", backend.GetRoles)
+		api.POST("/role", backend.AddRole)
+		api.PUT("/role", backend.EditRole)
+		api.DELETE("/role", backend.DeleteRole)
+
+		api.GET("/user-roles", backend.GetAdminRoles)
+		api.POST("/user-role", backend.AddAdminRole)
+		api.DELETE("/user-role", backend.DeleteAdminRole)
 	}
 
 	return r

service/casbin_service/admin_role.go

+package role_service
+
+import (
+	"bwallet/models"
+)
+
+type AdminRole struct {
+	Id     int
+	Uid    uint8
+	RoleId uint8
+
+	PageNum  int
+	PageSize int
+}
+
+func (r *AdminRole) GetAdminRole() (*models.Role, error) {
+	role, err := models.GetRole(r.Id)
+	if err != nil {
+		return nil, err
+	}
+
+	return role, nil
+}
+
+func (r *AdminRole) GetAllAdminRoles() ([]*models.AdminRole, error) {
+	roles, err := models.GetAdminRoles(r.PageNum, r.PageSize, r.getMaps())
+	if err != nil {
+		return nil, err
+	}
+
+	return roles, nil
+}
+
+func (r *AdminRole) AddAdminRole() error {
+	role := map[string]interface{}{
+		"uid":     r.Uid,
+		"role_id": r.RoleId,
+	}
+
+	if err := models.AddAdminRole(role); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (r *AdminRole) DeleteAdminRole() error {
+	return models.DeleteAdminRole(r.Id)
+}
+
+func (r *AdminRole) getMaps() (map[string]interface{}) {
+	maps := make(map[string]interface{})
+
+	if r.Id != 0 {
+		maps["id"] = r.Id
+	}
+
+	if r.Uid != 0 {
+		maps["uid"] = r.Uid
+	}
+
+	return maps
+}

service/casbin_service/role.go

+package role_service
+
+import (
+	"bwallet/models"
+)
+
+type Role struct {
+	Id          int
+	RoleName    string
+	Description string
+	PlatformId  int64
+}
+
+func (r *Role) GetRole() (*models.Role, error) {
+	role, err := models.GetRole(r.Id)
+	if err != nil {
+		return nil, err
+	}
+
+	return role, nil
+}
+
+func (r *Role) GetAllRoles() ([]*models.Role, error) {
+	roles, err := models.GetRoles(r.getMaps())
+	if err != nil {
+		return nil, err
+	}
+
+	return roles, nil
+}
+
+func (r *Role) AddRole() error {
+	role := map[string]interface{}{
+		"role_name":   r.RoleName,
+		"description": r.Description,
+		"platform_id": r.PlatformId,
+	}
+
+	if err := models.AddRole(role); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (r *Role) EditRole() error {
+	return models.EditRole(r.Id, map[string]interface{}{
+		"role_name":   r.RoleName,
+		"description": r.Description,
+	})
+}
+
+func (r *Role) DeleteRole() error {
+	return models.DeleteRole(r.Id)
+}
+
+func (r *Role) getMaps() (map[string]interface{}) {
+	maps := make(map[string]interface{})
+
+	if r.Id != 0 {
+		maps["id"] = r.Id
+	}
+
+	if r.RoleName != "" {
+		maps["role_name"] = r.RoleName
+	}
+
+	if r.Description != "" {
+		maps["description"] = r.Description
+	}
+
+	if r.PlatformId != 0 {
+		maps["platform_id"] = r.PlatformId
+	}
+
+	return maps
+}

validate_service/admin_role.go

+package validate_service
+
+type AdminRole struct {
+	Uid    uint8 `json:"uid" validate:"required"`
+	RoleId uint8 `json:"role_id" validate:"required"`
+}

validate_service/role.go

+package validate_service
+
+type Role struct {
+	RoleName    string `json:"role_name" validate:"required"`
+	Description string `json:"description" validate:"required"`
+	PlatformId  int64  `json:"platform_id, omitempty"`
+}
+
+type EditRole struct {
+	Role
+	Id int `json:"id" validate:"required"`
+}