鉴权

src/config/config.local.ts

@@ -1,5 +1,5 @@
 import { MidwayConfig } from '@midwayjs/core';
-const redisHost = '127.0.0.1';
+const redisHost = '120.48.146.1';
 const redisPwd = '123456';
 const redisDB = 6;
 export default {
@@ -19,6 +19,10 @@ export default {
       },
     },
   },
+  authUri: {
+    getRouteCode: '/cxyy/api/token/gerRouterInfo',
+    getUserApiCode: '/cxyy/api/token/getUserApiCodes',
+  },
   redis: {
     client: {
       port: 6379, // Redis port

src/controller/home.controller.ts

@@ -1,8 +1,8 @@
 import { All, Controller, Get, Inject, Put } from '@midwayjs/core';
 import { Context } from '@midwayjs/koa';
 import { ProxyService } from '../service/proxy.service';
-import { FrameworkErrorEnum, LoginError } from '../error/login.error';
 import { SingleSignOnService } from '../service/singleSignOn.service';
+import { PermissionService } from '../service/permission.service';
 @Controller('/')
 export class HomeController {
   @Inject()
@@ -14,6 +14,9 @@ export class HomeController {
   @Inject()
   singleSignOnService: SingleSignOnService;
 
+  @Inject()
+  permissionService: PermissionService;
+
   @Get('/')
   async home(): Promise<string> {
     return 'proxy starting....';
@@ -24,16 +27,17 @@ export class HomeController {
 
   @All('/**')
   async proxy() {
-    // const rb = this.service.getRequstBase();
-    // TODO:1.检查请求是否在白名单
+    // TODO:检查请求是否在白名单
     const inWhiteList = true;
     if (!inWhiteList) {
-      // 2.不在白名单上则检查登录
+      // 不在白名单上则检查登录
       await this.singleSignOnService.index();
-      // 2-1.通过检查(不报异常中断程序)即可以发送请求
-      return await this.service.toProxy();
+      // 检查权限
+      await this.permissionService.index();
+      // 通过检查(不报异常中断程序)即可以发送请求
+      return await this.service.index();
     }
     // 3.发送请求
-    return await this.service.toProxy();
+    return await this.service.index();
   }
 }

src/service/permission.service.ts

@@ -0,0 +1,54 @@
+import { Config, Inject, InjectClient, Provide } from '@midwayjs/core';
+import { RequestBase } from '../interface/proxy.interface';
+import { ProxyService } from './proxy.service';
+import { HttpServiceFactory, HttpService } from '@midwayjs/axios';
+import { get } from 'lodash';
+
+@Provide()
+export class PermissionService {
+  @Config('axios.clients')
+  axiosClients: object;
+  @Config('authUri')
+  authUriObject: any;
+
+  authBase = '/cxyy/api';
+  @Inject()
+  proxyService: ProxyService;
+  @InjectClient(HttpServiceFactory, 'default')
+  serviceAxios: HttpService;
+  /**
+   * 检查用户权限
+   *  1.获取请求 完整的uri和method
+   *  2.然后带着token去请求到 服务的 tokenController中,把路由信息和权限码都拿来
+   *  3.查询权限码中的api设置是不是当前
+   */
+  async index() {
+    const rb: RequestBase = this.proxyService.getRequstBase();
+    const clientConfig = this.axiosClients[this.authBase];
+    const baseURL = clientConfig.baseURL;
+    const getRouteCodeUrl = `${baseURL}${this.authUriObject.getRouteCode}`;
+    const getRouteConfig = {
+      url: getRouteCodeUrl,
+      method: 'Post',
+      data: { uri: rb.path, method: rb.method },
+      headers: { token: get(rb, 'header.token') },
+    };
+    const rcResult: string = await this.toRequest(getRouteConfig);
+
+    const userApiCodesUrl = `${baseURL}${this.authUriObject.getUserApiCode}`;
+    const getUserApiCodeConfig = {
+      url: userApiCodesUrl,
+      method: 'Post',
+      headers: { token: get(rb, 'header.token') },
+    };
+    const uacResult: Array<string> = await this.toRequest(getUserApiCodeConfig);
+    if (uacResult.includes(rcResult)) return true;
+    throw new Error('no auth');
+  }
+
+  async toRequest(config: any) {
+    const result = await this.serviceAxios.request(config);
+    if (result.status !== 200) throw new Error('proxy service request error');
+    return get(result, 'data.data');
+  }
+}

src/service/proxy.service.ts

@@ -17,7 +17,10 @@ export class ProxyService {
 
   @Inject()
   sf: HttpServiceFactory;
-
+  /**
+   * 组织请求所需要的参数
+   * @returns {RequestBase} result
+   */
   getRequstBase(): RequestBase {
     const request = this.ctx.request;
     const result: RequestBase = pick(request, [
@@ -35,8 +38,11 @@ export class ProxyService {
 
     return result;
   }
-
-  async toProxy() {
+  /**
+   * 代理执行函数
+   * @returns
+   */
+  async index() {
     const rb: RequestBase = this.getRequstBase();
     // 解析路由前缀
     const uri = rb.originalUrl;
@@ -67,13 +73,4 @@ export class ProxyService {
     if (res.status !== 200) throw new Error('proxy service request error');
     return res.data;
   }
-
-  async getAxios(clientConfig: object): Promise<Axios.AxiosInstance> {
-    const rb: RequestBase = this.getRequstBase();
-    const axi = await this.sf.createInstance({
-      ...clientConfig,
-      header: get(rb, 'header'),
-    });
-    return axi;
-  }
 }

src/service/singleSignOn.service.ts

@@ -57,10 +57,16 @@ export class SingleSignOnService {
    * 检查路由是否在白名单中
    */
   inWhiteList(): boolean {
-    const whiteList = {
-      uri: '/login',
-      desc: '',
-    };
+    const whiteList = [
+      {
+        uri: '/login',
+        desc: '登陆接口',
+      },
+      {
+        uri: '/dict',
+        desc: '字典接口',
+      },
+    ];
 
     return true;
   }