From 3de460658d28d42a76ed61b68d7a1660a773388b Mon Sep 17 00:00:00 2001 From: wolter <11@gmail> Date: Fri, 21 Nov 2025 09:31:55 +0800 Subject: [PATCH] =?UTF-8?q?feat:=E6=8E=A5=E5=85=A5=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config/config_test.yaml | 10 ++++++- internal/biz/do/handle.go | 61 +++++++++++++++++++++++++++++++++++++++ internal/config/config.go | 26 ++++++++++++----- 3 files changed, 88 insertions(+), 9 deletions(-) diff --git a/config/config_test.yaml b/config/config_test.yaml index ff2d2d8..973afa0 100644 --- a/config/config_test.yaml +++ b/config/config_test.yaml @@ -64,4 +64,12 @@ default_prompt: 提取出图片中对用户可能有用的关键信息(例如金额、日期、标题、编号、联系信息、商品名称等)。 若图片为文档类(如合同、发票、收据),请结构化输出关键字段(如客户名称、金额、开票日期等)。 ' - user_prompt: '识别图片内容' \ No newline at end of file + user_prompt: '识别图片内容' +# 权限配置 +permissionConfig: + # 统一登录平台基础URL + unified_login_platform_base_url: "https://api.test.user.1688sup.com" + # 白名单接口 + white_list: + - "chat" # 聊天接口 + - "bug_optimization_submit" # 优化建议提交接口 diff --git a/internal/biz/do/handle.go b/internal/biz/do/handle.go index 4c2803d..bfbd76f 100644 --- a/internal/biz/do/handle.go +++ b/internal/biz/do/handle.go @@ -16,6 +16,9 @@ import ( "context" "encoding/json" "fmt" + "github.com/gofiber/fiber/v2/log" + "gorm.io/gorm/utils" + "net/http" "strings" ) @@ -90,6 +93,14 @@ func (r *Handle) HandleMatch(ctx context.Context, requireData *entitys.RequireDa if pointTask == nil || pointTask.Index == "other" { return r.OtherTask(ctx, requireData) } + + // 校验用户权限 + if err = r.PermissionAuth(requireData, pointTask); err != nil { + log.Errorf("权限验证失败: %s", err.Error()) + entitys.ResLog(requireData.Ch, "", "权限验证失败:"+err.Error()) + return + } + switch constants.TaskType(pointTask.Type) { case constants.TaskTypeApi: return r.handleApiTask(ctx, requireData, pointTask) @@ -252,3 +263,53 @@ func (r *Handle) handleApiTask(ctx context.Context, requireData *entitys.Require return } + +// 权限验证 +func (r *Handle) PermissionAuth(requireData *entitys.RequireData, pointTask *model.AiTask) (err error) { + // 白名单接口不要校验权限 + if utils.Contains(r.conf.PermissionConfig.WhiteList, pointTask.Index) { + return nil + } + + // 查询用户权限 + var ( + request l_request.Request + ) + + request.Url = r.conf.PermissionConfig.UnifiedLoginPlatformBaseURL + + request.Method = "GET" + request.Headers = map[string]string{ + "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36", + "Accept": "application/json, text/plain, */*", + "Authorization": "Bearer " + requireData.Auth, + } + + // 发送请求 + res, err := request.Send() + if err != nil { + return err + } + + // 检查响应状态码 + if res.StatusCode != http.StatusOK { + return fmt.Errorf("unexpected status code: %d", res.StatusCode) + } + + type resp struct { + Codes []string `json:"codes"` + } + // 解析响应体 + var respBody resp + err = json.Unmarshal([]byte(res.Text), &respBody) + if err != nil { + return err + } + + // 检查权限 + if !utils.Contains(respBody.Codes, pointTask.Index) { + return fmt.Errorf("用户权限不足: %s", pointTask.Name) + } + + return nil +} diff --git a/internal/config/config.go b/internal/config/config.go index d39d80a..b2350f7 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -9,14 +9,15 @@ import ( // Config 应用配置 type Config struct { - Server ServerConfig `mapstructure:"server"` - Ollama OllamaConfig `mapstructure:"ollama"` - Sys SysConfig `mapstructure:"sys"` - Tools ToolsConfig `mapstructure:"tools"` - Logging LoggingConfig `mapstructure:"logging"` - Redis Redis `mapstructure:"redis"` - DB DB `mapstructure:"db"` - DefaultPrompt SysPrompt `mapstructure:"default_prompt"` + Server ServerConfig `mapstructure:"server"` + Ollama OllamaConfig `mapstructure:"ollama"` + Sys SysConfig `mapstructure:"sys"` + Tools ToolsConfig `mapstructure:"tools"` + Logging LoggingConfig `mapstructure:"logging"` + Redis Redis `mapstructure:"redis"` + DB DB `mapstructure:"db"` + DefaultPrompt SysPrompt `mapstructure:"default_prompt"` + PermissionConfig PermissionConfig `mapstructure:"permissionConfig"` // LLM *LLM `mapstructure:"llm"` } @@ -107,6 +108,15 @@ type LoggingConfig struct { Format string `mapstructure:"format"` } +// PermissionConfig 权限校验配置 +type PermissionConfig struct { + UnifiedLoginPlatformBaseURL string `mapstructure:"unified_login_platform_base_url"` // 统一登录平台基础URL + // 白名单任务 + WhiteList []string `mapstructure:"white_list"` // 白名单任务列表 +} + +// 权限校验配置 + // LoadConfig 加载配置 func LoadConfig(configPath string) (*Config, error) { viper.SetConfigFile(configPath)