增加创作者白名单校验

ecodeclub · Mar 12, 2024 · 765a83b · 765a83b
1 parent d269660
commit 765a83b
Show file tree

Hide file tree

Showing 12 changed files with 82 additions and 30 deletions.
diff --git a/internal/question/internal/integration/handler_test.go b/internal/question/internal/integration/handler_test.go
@@ -97,7 +97,8 @@ func (s *HandlerTestSuite) SetupSuite() {
 	server := egin.Load("server").Build()
 	server.Use(func(ctx *gin.Context) {
 		ctx.Set("_session", session.NewMemorySession(session.Claims{
-			Uid: uid,
+			Uid:  uid,
+			Data: map[string]string{"creator": "true"},
 		}))
 	})
 	handler.PrivateRoutes(server.Engine)

diff --git a/internal/question/internal/web/handler.go b/internal/question/internal/web/handler.go
@@ -15,6 +15,8 @@
 package web
 
 import (
+	"fmt"
+	"net/http"
 	"time"
 
 	"github.com/ecodeclub/ekit/slice"
@@ -61,10 +63,10 @@ func NewHandler(svc service.Service) (*Handler, error) {
 }
 
 func (h *Handler) PrivateRoutes(server *gin.Engine) {
-	server.POST("/question/save", ginx.BS[SaveReq](h.Save))
-	server.POST("/question/list", ginx.BS[Page](h.List))
-	server.POST("/question/detail", ginx.BS[Qid](h.Detail))
-	server.POST("/question/publish", ginx.BS[SaveReq](h.Publish))
+	server.POST("/question/save", ginx.S(h.Permission), ginx.BS[SaveReq](h.Save))
+	server.POST("/question/list", ginx.S(h.Permission), ginx.BS[Page](h.List))
+	server.POST("/question/detail", ginx.S(h.Permission), ginx.BS[Qid](h.Detail))
+	server.POST("/question/publish", ginx.S(h.Permission), ginx.BS[SaveReq](h.Publish))
 	server.POST("/question/pub/list", ginx.B[Page](h.PubList))
 	server.POST("/question/pub/detail", ginx.B[Qid](h.PubDetail))
 }
@@ -167,3 +169,12 @@ func (h *Handler) PubDetail(ctx *ginx.Context, req Qid) (ginx.Result, error) {
 		Data: vo,
 	}, err
 }
+
+func (h *Handler) Permission(ctx *ginx.Context, sess session.Session) (ginx.Result, error) {
+	if sess.Claims().Get("creator").StringOrDefault("") != "true" {
+		ctx.AbortWithStatus(http.StatusInternalServerError)
+		return ginx.Result{}, fmt.Errorf("非法访问创作中心 uid: %d", sess.Claims().Uid)
+	}
+	ctx.Next()
+	return ginx.Result{}, nil
+}
diff --git a/internal/user/internal/integration/handler_test.go b/internal/user/internal/integration/handler_test.go
@@ -35,7 +35,7 @@ func (s *HandleTestSuite) SetupSuite() {
 	require.NoError(s.T(), err)
 	econf.Set("server", map[string]string{})
 	server := egin.Load("server").Build()
-	hdl := startup.InitHandler(nil)
+	hdl := startup.InitHandler(nil, nil)
 	server.Use(func(ctx *gin.Context) {
 		ctx.Set("_session", session.NewMemorySession(session.Claims{
 			Uid: 123,

diff --git a/internal/user/internal/integration/startup/wire.go b/internal/user/internal/integration/startup/wire.go
@@ -13,7 +13,7 @@ import (
 	"github.com/google/wire"
 )
 
-func InitHandler(weSvc service.OAuth2Service) *user.Handler {
+func InitHandler(weSvc service.OAuth2Service, creators []string) *user.Handler {
 	wire.Build(web.NewHandler,
 		testioc.BaseSet,
 		service.NewUserService,

diff --git a/internal/user/internal/integration/startup/wire_gen.go b/internal/user/internal/integration/startup/wire_gen.go
diff --git a/internal/user/internal/web/handler.go b/internal/user/internal/web/handler.go
@@ -1,8 +1,9 @@
 package web
 
 import (
-	"net/http"
+	"strconv"
 
+	"github.com/ecodeclub/ekit/slice"
 	"github.com/ecodeclub/ginx"
 	"github.com/ecodeclub/ginx/session"
 	"github.com/ecodeclub/webook/internal/user/internal/domain"
@@ -16,23 +17,23 @@ var _ ginx.Handler = &Handler{}
 type Handler struct {
 	weSvc   service.OAuth2Service
 	userSvc service.UserService
+	// 白名单
+	creators []string
 }
 
 func NewHandler(weSvc service.OAuth2Service,
-	userSvc service.UserService) *Handler {
+	userSvc service.UserService, creators []string) *Handler {
 	return &Handler{
-		weSvc:   weSvc,
-		userSvc: userSvc,
+		weSvc:    weSvc,
+		userSvc:  userSvc,
+		creators: creators,
 	}
 }
 
 func (h *Handler) PrivateRoutes(server *gin.Engine) {
 	users := server.Group("/users")
 	users.GET("/profile", ginx.S(h.Profile))
 	users.POST("/profile", ginx.BS[EditReq](h.Edit))
-	users.GET("/401", func(ctx *gin.Context) {
-		ctx.String(http.StatusUnauthorized, "test")
-	})
 }
 
 func (h *Handler) PublicRoutes(server *gin.Engine) {
@@ -106,15 +107,21 @@ func (h *Handler) Callback(ctx *ginx.Context, req WechatCallback) (ginx.Result,
 	if err != nil {
 		return systemErrorResult, err
 	}
-	_, err = session.NewSessionBuilder(ctx, user.Id).Build()
+	creator := slice.Contains(h.creators, user.WechatInfo.UnionId)
+	_, err = session.NewSessionBuilder(ctx, user.Id).
+		// 设置是否 creator 的标记位，后续引入权限控制再来改造
+		SetJwtData(map[string]string{
+			"creator": strconv.FormatBool(creator),
+		}).Build()
 	if err != nil {
 		return systemErrorResult, err
 	}
 	return ginx.Result{
 		Data: Profile{
-			Id:       user.Id,
-			Nickname: user.Nickname,
-			Avatar:   user.Avatar,
+			Id:        user.Id,
+			Nickname:  user.Nickname,
+			Avatar:    user.Avatar,
+			IsCreator: creator,
 		},
 	}, nil
 }
diff --git a/internal/user/internal/web/vo.go b/internal/user/internal/web/vo.go
@@ -1,9 +1,10 @@
 package web
 
 type Profile struct {
-	Id       int64  `json:"id"`
-	Nickname string `json:"nickname"`
-	Avatar   string `json:"avatar"`
+	Id        int64  `json:"id,omitempty"`
+	Nickname  string `json:"nickname,omitempty"`
+	Avatar    string `json:"avatar,omitempty"`
+	IsCreator bool   `json:"isCreator,omitempty"`
 }
 
 type WechatCallback struct {

diff --git a/internal/user/wire.go b/internal/user/wire.go
@@ -21,7 +21,7 @@ var ProviderSet = wire.NewSet(web.NewHandler,
 	service.NewUserService,
 	repository.NewCachedUserRepository)
 
-func InitHandler(db *egorm.Component, cache ecache.Cache) *Handler {
+func InitHandler(db *egorm.Component, cache ecache.Cache, creators []string) *Handler {
 	wire.Build(ProviderSet)
 	return new(Handler)
 }

diff --git a/internal/user/wire_gen.go b/internal/user/wire_gen.go
diff --git a/ioc/user.go b/ioc/user.go
@@ -0,0 +1,34 @@
+// Copyright 2023 ecodeclub
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package ioc
+
+import (
+	"github.com/ecodeclub/ecache"
+	"github.com/ecodeclub/webook/internal/user"
+	"github.com/ego-component/egorm"
+	"github.com/gotomicro/ego/core/econf"
+)
+
+func InitUserHandler(db *egorm.Component, ec ecache.Cache) *user.Handler {
+	type UserConfig struct {
+		Creators []string `json:"creators"`
+	}
+	var cfg UserConfig
+	err := econf.UnmarshalKey("user", &cfg)
+	if err != nil {
+		panic(err)
+	}
+	return user.InitHandler(db, ec, cfg.Creators)
+}
diff --git a/ioc/wire.go b/ioc/wire.go
@@ -5,7 +5,6 @@ package ioc
 import (
 	"github.com/ecodeclub/webook/internal/cos"
 	baguwen "github.com/ecodeclub/webook/internal/question"
-	"github.com/ecodeclub/webook/internal/user"
 	"github.com/google/wire"
 )
 
@@ -17,7 +16,7 @@ func InitApp() (*App, error) {
 		cos.InitHandler,
 		baguwen.InitHandler,
 		baguwen.InitQuestionSetHandler,
-		user.InitHandler,
+		InitUserHandler,
 		InitSession,
 		initGinxServer)
 	return new(App), nil

diff --git a/ioc/wire_gen.go b/ioc/wire_gen.go