UNPKG

egg-jianghu

Version:

egg-jianghu

openjianghu.org

fsll-tech/egg-jianghu

67 lines (57 loc) 2.58 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
'use strict'; const { BizError, errorInfoEnum } = require('../constant/error'); const { userStatusEnum, tableEnum } = require('../constant/constant'); module.exports = option => { return async (ctx, next) => { const { packageResource, userInfo } = ctx; const { user, userAppList, userGroupRoleList, allowResourceList } = userInfo; const { resourceId } = packageResource; const isLoginUser = user && user.userId; const { config, jianghuKnex } = ctx.app; const { appType, appId } = config; const { groupId } = ctx.request.body.appData.actionData; const { isGroupIdRequired } = ctx.packageResource.resourceData; // 对于 public 的 resource ====》不需要做 用户状态的校验 // public: { user: "*", group: "public", role: "*" } const allUserGroupRoleResourceList = await jianghuKnex(tableEnum._user_group_role_resource).select(); const isNotPublic = !allUserGroupRoleResourceList.find(rule => rule.group === 'public' && rule.role === '*' && rule.resource === resourceId); // 1. 判断用户是否有当前app的权限 if (isNotPublic && appType === 'multiApp') { const targetUserApp = userAppList && userAppList.find(x => x.appId === appId); if (!targetUserApp) { throw new BizError(errorInfoEnum.request_app_forbidden); } } // 2 判断用户状态 if (isNotPublic && isLoginUser) { const { userStatus } = user; if (userStatus === userStatusEnum.banned) { throw new BizError(errorInfoEnum.user_banned); } if (userStatus !== userStatusEnum.active) { throw new BizError(errorInfoEnum.user_status_error); } } // 3 判断当前请求groupId 是否在用户 group列表中 if (isGroupIdRequired === true) { if (!groupId) { throw new BizError({ ...errorInfoEnum.request_data_invalid, errorReason: 'groupId is required' }); } const currentUserGroupRole = userGroupRoleList.find(userGroupRole => userGroupRole.groupId === groupId); if (!currentUserGroupRole) { throw new BizError(errorInfoEnum.request_group_forbidden); } } // 4. 判断用户是否有 当前 packageResource 的权限 if (allowResourceList.findIndex(x => x.resourceId === resourceId) === -1) { // 3.1 若未登陆 则 提示用户登陆后再来 请求这个 resource if (!isLoginUser) { throw new BizError(errorInfoEnum.request_token_invalid); } else { throw new BizError(errorInfoEnum.resource_forbidden); } } await next(); }; };