Merge pull request #15 from xh-polaris/moonlight

feat:普通登录签发token，Alarm,Conversation服务添加鉴权

Author: universero

biz/adaptor/controller/core_api/conversation.go

@@ -2,13 +2,14 @@ package core_api
 
 import (
 	"context"
+
 	"github.com/cloudwego/hertz/pkg/app"
 	"github.com/cloudwego/hertz/pkg/protocol/consts"
+	"github.com/xh-polaris/psych-core-api/biz/adaptor/middleware"
 	"github.com/xh-polaris/psych-core-api/biz/application/dto/core_api"
 	"github.com/xh-polaris/psych-core-api/biz/cst"
 	"github.com/xh-polaris/psych-core-api/pkg/httpx"
 	"github.com/xh-polaris/psych-core-api/provider"
-	//"github.com/xh-polaris/psych-idl/kitex_gen/core_api"
 )
 
 // ==========================================
@@ -34,6 +35,7 @@ func DashboardGetDataOverview(ctx context.Context, c *app.RequestContext) {
 		return
 	}
 
+	middleware.StoreToken(ctx, c, &req)
 	p := provider.Get()
 	resp, err := p.DashboardService.DashboardGetDataOverview(ctx, &req)
 	httpx.PostProcess(ctx, c, &req, resp, err)
@@ -58,6 +60,7 @@ func DashboardGetDataTrend(ctx context.Context, c *app.RequestContext) {
 		return
 	}
 
+	middleware.StoreToken(ctx, c, &req)
 	p := provider.Get()
 	resp, err := p.DashboardService.DashboardGetDataTrend(ctx, &req)
 	httpx.PostProcess(ctx, c, &req, resp, err)
@@ -81,6 +84,7 @@ func DashboardListUnits(ctx context.Context, c *app.RequestContext) {
 		return
 	}
 
+	middleware.StoreToken(ctx, c, &req)
 	p := provider.Get()
 	resp, err := p.DashboardService.DashboardListUnits(ctx, &req)
 	httpx.PostProcess(ctx, c, &req, resp, err)
@@ -105,6 +109,7 @@ func DashboardGetPsychTrend(ctx context.Context, c *app.RequestContext) {
 		return
 	}
 
+	middleware.StoreToken(ctx, c, &req)
 	p := provider.Get()
 	resp, err := p.DashboardService.DashboardGetPsychTrend(ctx, &req)
 	httpx.PostProcess(ctx, c, &req, resp, err)
@@ -129,6 +134,7 @@ func DashboardGetAlarmOverview(ctx context.Context, c *app.RequestContext) {
 		return
 	}
 
+	middleware.StoreToken(ctx, c, &req)
 	p := provider.Get()
 	resp, err := p.AlarmService.Overview(ctx, &req)
 	httpx.PostProcess(ctx, c, &req, resp, err)
@@ -158,6 +164,7 @@ func DashboardListAlarmRecords(ctx context.Context, c *app.RequestContext) {
 		return
 	}
 
+	middleware.StoreToken(ctx, c, &req)
 	p := provider.Get()
 	resp, err := p.AlarmService.ListRecords(ctx, &req)
 	httpx.PostProcess(ctx, c, &req, resp, err)
@@ -184,6 +191,7 @@ func DashboardListClasses(ctx context.Context, c *app.RequestContext) {
 		return
 	}
 
+	middleware.StoreToken(ctx, c, &req)
 	p := provider.Get()
 	resp, err := p.DashboardService.DashboardListClasses(ctx, &req)
 	httpx.PostProcess(ctx, c, &req, resp, err)
@@ -213,6 +221,7 @@ func DashboardListUsers(ctx context.Context, c *app.RequestContext) {
 		return
 	}
 
+	middleware.StoreToken(ctx, c, &req)
 	p := provider.Get()
 	resp, err := p.DashboardService.DashboardListUsers(ctx, &req)
 	httpx.PostProcess(ctx, c, &req, resp, err)
@@ -594,6 +603,7 @@ func DashboardUserConvRecords(ctx context.Context, c *app.RequestContext) {
 		return
 	}
 
+	middleware.StoreToken(ctx, c, &req)
 	p := provider.Get()
 	resp, err := p.DashboardService.DashboardUserConvRecords(ctx, &req)
 	httpx.PostProcess(ctx, c, &req, resp, err)
@@ -610,6 +620,7 @@ func DashboardUpdateAlarm(ctx context.Context, c *app.RequestContext) {
 		return
 	}
 
+	middleware.StoreToken(ctx, c, &req)
 	p := provider.Get()
 	resp, err := p.AlarmService.UpdateAlarm(ctx, &req)
 	httpx.PostProcess(ctx, c, &req, resp, err)
@@ -626,6 +637,7 @@ func DashboardGetReport(ctx context.Context, c *app.RequestContext) {
 		return
 	}
 
+	middleware.StoreToken(ctx, c, &req)
 	p := provider.Get()
 	resp, err := p.DashboardService.DashboardGetReport(ctx, &req)
 	httpx.PostProcess(ctx, c, &req, resp, err)

biz/adaptor/controller/core_api/core_api.go

@@ -0,0 +1,34 @@
+package middleware
+
+import (
+	"context"
+
+	"github.com/cloudwego/hertz/pkg/app"
+	"github.com/xh-polaris/psych-core-api/biz/cst"
+	"github.com/xh-polaris/psych-core-api/biz/infra/util"
+	"github.com/xh-polaris/psych-core-api/pkg/errorx"
+	"github.com/xh-polaris/psych-core-api/pkg/httpx"
+	"github.com/xh-polaris/psych-core-api/types/errno"
+)
+
+func StoreToken(ctx context.Context, c *app.RequestContext, req any) {
+	authHeader := c.GetHeader("Authorization")
+	if len(authHeader) == 0 {
+		httpx.PostProcess(ctx, c, req, nil, errorx.New(errno.ErrUnAuth))
+		c.Abort()
+		return
+	}
+
+	// 验证JWT的有效性
+	_, err := util.ParseJwt(string(authHeader))
+	if err != nil {
+		httpx.PostProcess(ctx, c, req, nil, errorx.New(errno.ErrJWTPrase))
+		c.Abort()
+		return
+	}
+
+	// 使用context.WithValue传递token
+	newCtx := context.WithValue(ctx, cst.CtxKeyToken, string(authHeader))
+	c.Set(cst.CtxKeyToken, newCtx)
+	c.Next(ctx)
+}

biz/adaptor/middleware/auth.go

@@ -2,11 +2,12 @@ package service
 
 import (
 	"context"
-	"github.com/xh-polaris/psych-core-api/biz/application/dto/core_api"
-	"github.com/xh-polaris/psych-core-api/biz/infra/util"
 	"sync"
 	"time"
 
+	"github.com/xh-polaris/psych-core-api/biz/application/dto/core_api"
+	"github.com/xh-polaris/psych-core-api/biz/infra/util"
+
 	"github.com/xh-polaris/psych-core-api/biz/infra/mapper/conversation"
 	"github.com/xh-polaris/psych-core-api/biz/infra/mapper/report"
 
@@ -40,6 +41,22 @@ var AlarmServiceSet = wire.NewSet(
 )
 
 func (s *AlarmService) Overview(ctx context.Context, req *core_api.DashboardGetAlarmOverviewReq) (resp *core_api.DashboardGetAlarmOverviewResp, err error) {
+	// 鉴权
+	userMeta, err := util.ExtraUserMeta(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	if req.UnitId != "" {
+		if !userMeta.HasUnitAdminAuth() || userMeta.UserId != req.UnitId {
+			return nil, errorx.New(errno.ErrInsufficientAuth)
+		}
+	}
+	if req.UnitId == "" && !userMeta.HasSuperAdminAuth() {
+		return nil, errorx.New(errno.ErrInsufficientAuth)
+	}
+
+	// 提取unitID
 	unitOID, err := bson.ObjectIDFromHex(req.UnitId)
 	if err != nil {
 		return nil, errorx.New(errno.ErrInvalidParams, errorx.KV("field", "UnitID"), errorx.KV("value", "单位ID"))
@@ -48,7 +65,7 @@ func (s *AlarmService) Overview(ctx context.Context, req *core_api.DashboardGetA
 	st, err := s.AlarmMapper.AggregateStats(ctx, unitOID, time.Time{}, time.Time{})
 	if err != nil {
 		logs.Errorf("aggregate alarm error: %s", errorx.ErrorWithoutStack(err))
-		return nil, err
+		return nil, errorx.New(errno.ErrDashboardAlarmUserStat)
 	}
 
 	return &core_api.DashboardGetAlarmOverviewResp{
@@ -60,12 +77,28 @@ func (s *AlarmService) Overview(ctx context.Context, req *core_api.DashboardGetA
 		ProcessedChange: st.ProcessedChange,
 		PendingChange:   st.PendingChange,
 		TrackChange:     st.TrackChange,
-		Code:            200,
+		Code:            0,
 		Msg:             "success",
 	}, nil
 }
 
 func (s *AlarmService) ListRecords(ctx context.Context, req *core_api.DashboardListAlarmRecordsReq) (resp *core_api.DashboardListAlarmRecordsResp, err error) {
+	// 鉴权
+	userMeta, err := util.ExtraUserMeta(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	if req.UnitId != "" {
+		if !userMeta.HasUnitAdminAuth() || userMeta.UserId != req.UnitId {
+			return nil, errorx.New(errno.ErrInsufficientAuth)
+		}
+	}
+	if req.UnitId == "" && !userMeta.HasSuperAdminAuth() {
+		return nil, errorx.New(errno.ErrInsufficientAuth)
+	}
+
+	// 提取unitID
 	unitOID, err := bson.ObjectIDFromHex(req.UnitId)
 	if err != nil {
 		return nil, errorx.New(errno.ErrInvalidParams, errorx.KV("field", "UnitID"), errorx.KV("value", "单位ID"))
@@ -76,7 +109,7 @@ func (s *AlarmService) ListRecords(ctx context.Context, req *core_api.DashboardL
 	if total == 0 {
 		return &core_api.DashboardListAlarmRecordsResp{
 			Pagination: util.PaginationRes(total, req.PaginationOptions),
-			Code:       200,
+			Code:       0,
 			Msg:        "success",
 		}, nil
 	}
@@ -94,7 +127,7 @@ func (s *AlarmService) ListRecords(ctx context.Context, req *core_api.DashboardL
 	return &core_api.DashboardListAlarmRecordsResp{
 		Records:    completeAlarm,
 		Pagination: util.PaginationRes(total, req.PaginationOptions),
-		Code:       200,
+		Code:       0,
 		Msg:        "success",
 	}, err2
 }
@@ -180,6 +213,16 @@ func (s *AlarmService) completeAlarm(ctx context.Context, dbAlarms []*alarm.Alar
 }
 
 func (s *AlarmService) UpdateAlarm(ctx context.Context, req *core_api.DashboardUpdateAlarmReq) (resp *core_api.DashboardUpdateAlarmResp, err error) {
+	// 初步鉴权-需要有UnitAdmin权限
+	userMeta, err := util.ExtraUserMeta(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	if !userMeta.HasUnitAdminAuth() {
+		return nil, errorx.New(errno.ErrInsufficientAuth)
+	}
+
 	// 参数校验
 	if req.Alarm == nil {
 		return nil, errorx.New(errno.ErrMissingParams, errorx.KV("field", "预警信息"))
@@ -192,6 +235,17 @@ func (s *AlarmService) UpdateAlarm(ctx context.Context, req *core_api.DashboardU
 		return nil, errorx.New(errno.ErrInvalidParams, errorx.KV("field", "预警ID"))
 	}
 
+	// 二次鉴权：需要在统一unit下
+	oldAlarm, err := s.AlarmMapper.FindOneById(ctx, alarmId)
+	// optimize 查不到时考虑直接创建而非报错
+	if err != nil {
+		logs.Errorf("find alarm error: %s", errorx.ErrorWithoutStack(err))
+		return nil, errorx.New(errno.ErrNotFound)
+	}
+	if userMeta.UnitId != oldAlarm.UnitID.Hex() {
+		return nil, errorx.New(errno.ErrInsufficientAuth)
+	}
+
 	// 构建更新字段
 	update := bson.M{}
 
@@ -225,13 +279,13 @@ func (s *AlarmService) UpdateAlarm(ctx context.Context, req *core_api.DashboardU
 	if len(update) > 0 {
 		if err = s.AlarmMapper.UpdateFields(ctx, alarmId, update); err != nil {
 			logs.Errorf("update alarm error: %s", errorx.ErrorWithoutStack(err))
-			return nil, err
+			return nil, errorx.New(errno.ErrInternalError)
 		}
 	}
 
 	// 构造返回结果
 	return &core_api.DashboardUpdateAlarmResp{
-		Code: 200,
+		Code: 0,
 		Msg:  "success",
 	}, nil
 }