在进行casbin的接入的时候。本来是用的 c.Request.RequestURI,发现他不仅包含路径也包括请求所带的参数。所以在policy.csv中是无法定义的。改用c.Request.URL.Path
正确如下:
这样就解决了get 方法携带querystring参数不能正确匹配policy.csv的问题
var E *casbin.Enforcer
func SetupGinRouter(mode string, enableHttps bool) *gin.Engine {
e, err := casbin.NewEnforcer("./router/model.conf", "./router/policy.csv")
if err != nil {
fmt.Println(err)
return err
}
E = e
E.EnableLog(true)
if mode == gin.ReleaseMode {
gin.SetMode(gin.ReleaseMode) // gin设置成release 发布模式 不设置默认debug模式
}
r := gin.New()
r.Use(CORSMiddleware())
if enableHttps {
r.Use(TlsHandler())
}
r.Use(RBAC())
}
func RBAC() gin.HandlerFunc {
return func(c *gin.Context) {
user := c.Request.Header.Get("key")
fmt.Println(user)
fmt.Printf("\n %v %v \n", c.Request.RequestURI, c.Request.Method)
fmt.Printf("\n %v %v \n", c.Request.URL.Path, c.Request.Method)
access, err := E.Enforce(user, c.Request.URL.Path, c.Request.Method)
if err != nil || !access {
fmt.Printf("err: %v ", err)
fmt.Printf("\n access: %v ", access)
c.AbortWithStatusJSON(403, gin.H{"message": "forbidden"})
} else {
c.Next()
}
}
}
policy.csv文件:
p, admin, /api/task/mytask, GET
g, bob, admin, /api/task/mytask
apifox请求 :
GET http://127.0.0.1:8080/api/task/mytask?address=0x8dAdddgr76EF4F0e4d885D13F1714A62e4C18Aa1
输出:
2022/09/27 16:27:49 Request: admin, /api/task/mytask, GET ---> true
Hit Policy:
0x8dAdddgr76EF4F0e4d885D13F1714A62e4C18Aa1
为true
更新, 存代码
##model.conf
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[role_definition]
g = _, _
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act
## policy.csv
p, admin, /api/kol/ranking, GET
p, admin, /api/task/findtask, POST
p, admin, /api/task/mytask, GET
g, hp, admin, /api/kol/ranking
g, hp, admin, /api/task/findtask
g, hp, admin, /api/task/mytask