feat:接入权限

config/config_test.yaml

@@ -65,3 +65,11 @@ default_prompt:
        若图片为文档类（如合同、发票、收据），请结构化输出关键字段（如客户名称、金额、开票日期等）。
       '
     user_prompt: '识别图片内容'
+# 权限配置
+permissionConfig:
+  # 统一登录平台基础URL
+  unified_login_platform_base_url: "https://api.test.user.1688sup.com"
+  # 白名单接口
+  white_list:
+    - "chat" # 聊天接口
+    - "bug_optimization_submit" # 优化建议提交接口

internal/biz/do/handle.go

@@ -16,6 +16,9 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	"github.com/gofiber/fiber/v2/log"
+	"gorm.io/gorm/utils"
+	"net/http"
 	"strings"
 )
 
@@ -90,6 +93,14 @@ func (r *Handle) HandleMatch(ctx context.Context, requireData *entitys.RequireDa
 	if pointTask == nil || pointTask.Index == "other" {
 		return r.OtherTask(ctx, requireData)
 	}
+
+	// 校验用户权限
+	if err = r.PermissionAuth(requireData, pointTask); err != nil {
+		log.Errorf("权限验证失败: %s", err.Error())
+		entitys.ResLog(requireData.Ch, "", "权限验证失败:"+err.Error())
+		return
+	}
+
 	switch constants.TaskType(pointTask.Type) {
 	case constants.TaskTypeApi:
 		return r.handleApiTask(ctx, requireData, pointTask)
@@ -252,3 +263,53 @@ func (r *Handle) handleApiTask(ctx context.Context, requireData *entitys.Require
 
 	return
 }
+
+// 权限验证
+func (r *Handle) PermissionAuth(requireData *entitys.RequireData, pointTask *model.AiTask) (err error) {
+	// 白名单接口不要校验权限
+	if utils.Contains(r.conf.PermissionConfig.WhiteList, pointTask.Index) {
+		return nil
+	}
+
+	// 查询用户权限
+	var (
+		request l_request.Request
+	)
+
+	request.Url = r.conf.PermissionConfig.UnifiedLoginPlatformBaseURL
+
+	request.Method = "GET"
+	request.Headers = map[string]string{
+		"User-Agent":    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
+		"Accept":        "application/json, text/plain, */*",
+		"Authorization": "Bearer " + requireData.Auth,
+	}
+
+	// 发送请求
+	res, err := request.Send()
+	if err != nil {
+		return err
+	}
+
+	// 检查响应状态码
+	if res.StatusCode != http.StatusOK {
+		return fmt.Errorf("unexpected status code: %d", res.StatusCode)
+	}
+
+	type resp struct {
+		Codes []string `json:"codes"`
+	}
+	// 解析响应体
+	var respBody resp
+	err = json.Unmarshal([]byte(res.Text), &respBody)
+	if err != nil {
+		return err
+	}
+
+	// 检查权限
+	if !utils.Contains(respBody.Codes, pointTask.Index) {
+		return fmt.Errorf("用户权限不足: %s", pointTask.Name)
+	}
+
+	return nil
+}

internal/config/config.go

@@ -9,14 +9,15 @@ import (
 
 // Config 应用配置
 type Config struct {
-	Server        ServerConfig  `mapstructure:"server"`
-	Ollama        OllamaConfig  `mapstructure:"ollama"`
-	Sys           SysConfig     `mapstructure:"sys"`
-	Tools         ToolsConfig   `mapstructure:"tools"`
-	Logging       LoggingConfig `mapstructure:"logging"`
-	Redis         Redis         `mapstructure:"redis"`
-	DB            DB            `mapstructure:"db"`
-	DefaultPrompt SysPrompt     `mapstructure:"default_prompt"`
+	Server           ServerConfig     `mapstructure:"server"`
+	Ollama           OllamaConfig     `mapstructure:"ollama"`
+	Sys              SysConfig        `mapstructure:"sys"`
+	Tools            ToolsConfig      `mapstructure:"tools"`
+	Logging          LoggingConfig    `mapstructure:"logging"`
+	Redis            Redis            `mapstructure:"redis"`
+	DB               DB               `mapstructure:"db"`
+	DefaultPrompt    SysPrompt        `mapstructure:"default_prompt"`
+	PermissionConfig PermissionConfig `mapstructure:"permissionConfig"`
 	//	LLM     *LLM          `mapstructure:"llm"`
 }
 
@@ -107,6 +108,15 @@ type LoggingConfig struct {
 	Format string `mapstructure:"format"`
 }
 
+// PermissionConfig 权限校验配置
+type PermissionConfig struct {
+	UnifiedLoginPlatformBaseURL string `mapstructure:"unified_login_platform_base_url"` // 统一登录平台基础URL
+	// 白名单任务
+	WhiteList []string `mapstructure:"white_list"` // 白名单任务列表
+}
+
+// 权限校验配置
+
 // LoadConfig 加载配置
 func LoadConfig(configPath string) (*Config, error) {
 	viper.SetConfigFile(configPath)