feat:service mod

2025-03-29 15:02:49 +08:00
parent d131495f4f
commit 922cfd6a02
7 changed files with 325 additions and 11 deletions
--- a/service/meta.go
+++ b/service/meta.go
@@ -0,0 +1,73 @@
+package service
+
+import (
+	"context"
+	"encoding/json"
+	"strconv"
+
+	"git.apinb.com/bsm-sdk/core/errcode"
+	"git.apinb.com/bsm-sdk/core/utils"
+	"google.golang.org/grpc/metadata"
+)
+
+type Meta struct {
+	ID       uint              `json:"id"`
+	IDENTITY string            `json:"identity"`
+	EXTEND   map[string]string `json:"extend"`
+	CLIENT   string            `json:"client"`
+}
+
+// 解析Context中MetaData的数据
+type ParseOptions struct {
+	RoleValue        string // 判断角色的值
+	MustPrivateAllow bool   // 是否只允许私有IP访问
+}
+
+func ParseMetaCtx(ctx context.Context, opts *ParseOptions) (*Meta, error) {
+	// 解析metada中的信息并验证
+	md, ok := metadata.FromIncomingContext(ctx)
+	if !ok {
+		return nil, errcode.ErrJWTAuthNotFound
+	}
+
+	meta := &Meta{
+		IDENTITY: md["authorization_identity"][0],
+		CLIENT:   md["client"][0],
+	}
+
+	if id, err := strconv.Atoi(md["authorization_id"][0]); err != nil {
+		return nil, errcode.ErrJWTAuthKeyId
+	} else {
+		meta.ID = uint(id)
+	}
+
+	data := make(map[string]string)
+	if err := json.Unmarshal([]byte(md["authorization_extend"][0]), &data); err == nil {
+		meta.EXTEND = data
+	}
+
+	if opts != nil {
+		if !meta.CheckRole("role", opts.RoleValue) {
+			return nil, errcode.ErrPermissionDenied
+		}
+		if opts.MustPrivateAllow {
+			if utils.IsPublicIP(meta.CLIENT) {
+				return nil, errcode.ErrPermissionDenied
+			}
+		}
+	}
+
+	return meta, nil
+
+}
+
+func (m *Meta) CheckRole(roleKey, roleValue string) bool {
+	if roleValue == "" {
+		return true
+	}
+	if role, exists := m.EXTEND[roleKey]; !exists || role != roleValue {
+		return false
+	} else {
+		return true
+	}
+}