删除服务端材质渲染功能及system_config表，转为环境变量配置，初步配置管理员功能

2025-12-08 19:12:30 +08:00
parent 399e6f096f
commit 9b0a60033e
37 changed files with 1135 additions and 3913 deletions
--- a/internal/middleware/auth.go
+++ b/internal/middleware/auth.go
@@ -6,7 +6,7 @@ import (
 	"strings"

 	"carrotskin/pkg/auth"
-	
+
 	"github.com/gin-gonic/gin"
 )

@@ -51,7 +51,7 @@ func AuthMiddleware(jwtService *auth.JWTService) gin.HandlerFunc {
 		// 将用户信息存储到上下文中
 		c.Set("user_id", claims.UserID)
 		c.Set("username", claims.Username)
-		c.Set("role", claims.Role)
+		c.Set("user_role", claims.Role)

 		c.Next()
 	})
@@ -69,7 +69,7 @@ func OptionalAuthMiddleware(jwtService *auth.JWTService) gin.HandlerFunc {
 				if err == nil {
 					c.Set("user_id", claims.UserID)
 					c.Set("username", claims.Username)
-					c.Set("role", claims.Role)
+					c.Set("user_role", claims.Role)
 				}
 			}
 		}
--- a/internal/middleware/casbin.go
+++ b/internal/middleware/casbin.go
@@ -0,0 +1,109 @@
+package middleware
+
+import (
+	"net/http"
+
+	"carrotskin/pkg/auth"
+
+	"github.com/gin-gonic/gin"
+)
+
+// CasbinMiddleware Casbin权限中间件
+// 需要先经过AuthMiddleware获取用户信息
+func CasbinMiddleware(casbinService *auth.CasbinService, resource, action string) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		// 从上下文获取用户角色（由AuthMiddleware设置）
+		role, exists := c.Get("user_role")
+		if !exists {
+			c.JSON(http.StatusUnauthorized, gin.H{
+				"success": false,
+				"message": "未授权访问",
+			})
+			c.Abort()
+			return
+		}
+
+		roleStr, ok := role.(string)
+		if !ok || roleStr == "" {
+			roleStr = "user" // 默认角色
+		}
+
+		// 检查权限
+		if !casbinService.CheckPermission(roleStr, resource, action) {
+			c.JSON(http.StatusForbidden, gin.H{
+				"success": false,
+				"message": "权限不足",
+			})
+			c.Abort()
+			return
+		}
+
+		c.Next()
+	}
+}
+
+// RequireAdmin 要求管理员权限的中间件
+func RequireAdmin() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		role, exists := c.Get("user_role")
+		if !exists {
+			c.JSON(http.StatusUnauthorized, gin.H{
+				"success": false,
+				"message": "未授权访问",
+			})
+			c.Abort()
+			return
+		}
+
+		roleStr, ok := role.(string)
+		if !ok || roleStr != "admin" {
+			c.JSON(http.StatusForbidden, gin.H{
+				"success": false,
+				"message": "需要管理员权限",
+			})
+			c.Abort()
+			return
+		}
+
+		c.Next()
+	}
+}
+
+// RequireRole 要求指定角色的中间件
+func RequireRole(allowedRoles ...string) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		role, exists := c.Get("user_role")
+		if !exists {
+			c.JSON(http.StatusUnauthorized, gin.H{
+				"success": false,
+				"message": "未授权访问",
+			})
+			c.Abort()
+			return
+		}
+
+		roleStr, ok := role.(string)
+		if !ok {
+			c.JSON(http.StatusForbidden, gin.H{
+				"success": false,
+				"message": "权限不足",
+			})
+			c.Abort()
+			return
+		}
+
+		// 检查是否在允许的角色列表中
+		for _, allowed := range allowedRoles {
+			if roleStr == allowed {
+				c.Next()
+				return
+			}
+		}
+
+		c.JSON(http.StatusForbidden, gin.H{
+			"success": false,
+			"message": "权限不足",
+		})
+		c.Abort()
+	}
+}