2025-03-29 15:02:49 +08:00
|
|
|
package service
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
|
2025-10-13 11:59:49 +08:00
|
|
|
"git.apinb.com/bsm-sdk/core/crypto/token"
|
|
|
|
|
"git.apinb.com/bsm-sdk/core/env"
|
2025-03-29 15:02:49 +08:00
|
|
|
"git.apinb.com/bsm-sdk/core/errcode"
|
|
|
|
|
"git.apinb.com/bsm-sdk/core/utils"
|
|
|
|
|
"google.golang.org/grpc/metadata"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// 解析Context中MetaData的数据
|
|
|
|
|
type ParseOptions struct {
|
|
|
|
|
RoleValue string // 判断角色的值
|
|
|
|
|
MustPrivateAllow bool // 是否只允许私有IP访问
|
|
|
|
|
}
|
|
|
|
|
|
2025-10-13 11:59:49 +08:00
|
|
|
func ParseMetaCtx(ctx context.Context, opts *ParseOptions) (*token.Claims, error) {
|
2025-03-29 15:02:49 +08:00
|
|
|
// 解析metada中的信息并验证
|
|
|
|
|
md, ok := metadata.FromIncomingContext(ctx)
|
|
|
|
|
if !ok {
|
2025-10-11 23:45:55 +08:00
|
|
|
return nil, errcode.ErrTokenAuthNotFound
|
2025-03-29 15:02:49 +08:00
|
|
|
}
|
|
|
|
|
|
2025-04-08 15:20:22 +08:00
|
|
|
var Authorizations []string = md.Get("authorization")
|
|
|
|
|
if len(Authorizations) == 0 || Authorizations[0] == "" {
|
2025-10-11 23:45:55 +08:00
|
|
|
return nil, errcode.ErrTokenAuthNotFound
|
2025-03-30 13:23:46 +08:00
|
|
|
}
|
2025-04-08 15:20:22 +08:00
|
|
|
|
2025-10-13 11:59:49 +08:00
|
|
|
claims, err := token.New(env.Runtime.JwtSecretKey).ParseJwt(Authorizations[0])
|
2025-04-08 15:20:22 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2025-03-29 15:02:49 +08:00
|
|
|
if opts != nil {
|
2025-04-09 10:19:15 +08:00
|
|
|
if !checkRole(claims, "role", opts.RoleValue) {
|
2025-03-29 15:02:49 +08:00
|
|
|
return nil, errcode.ErrPermissionDenied
|
|
|
|
|
}
|
|
|
|
|
if opts.MustPrivateAllow {
|
2025-04-09 10:19:15 +08:00
|
|
|
if utils.IsPublicIP(claims.Client) {
|
2025-03-29 15:02:49 +08:00
|
|
|
return nil, errcode.ErrPermissionDenied
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2025-04-09 10:19:15 +08:00
|
|
|
return claims, nil
|
2025-03-29 15:02:49 +08:00
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2025-10-13 11:59:49 +08:00
|
|
|
func checkRole(claims *token.Claims, roleKey, roleValue string) bool {
|
2025-03-29 15:02:49 +08:00
|
|
|
if roleValue == "" {
|
|
|
|
|
return true
|
|
|
|
|
}
|
2025-04-09 10:19:15 +08:00
|
|
|
if role, exists := claims.Extend[roleKey]; !exists || role != roleValue {
|
2025-03-29 15:02:49 +08:00
|
|
|
return false
|
|
|
|
|
} else {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
}
|
