🐛修复新增管理员时密码未hash

2024-03-14 15:33:54 +08:00 · 2024-03-14 15:33:54 +08:00 · 763443bad2
commit 763443bad2
parent 8dfef5192e
5 changed files with 45 additions and 13 deletions
--- a/middleware/permission.go
+++ b/middleware/permission.go
@ -0,0 +1,30 @@
+package middleware
+
+import (
+	"github.com/gin-gonic/gin"
+	"wireguard-dashboard/constant"
+	"wireguard-dashboard/model/entity"
+	"wireguard-dashboard/utils"
+)
+
+// Permission
+// @description: 权限验证，一些操作权限
+// @return gin.HandlerFunc
+func Permission() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		userInfo, ok := c.Get("user")
+		if !ok {
+			utils.GinResponse(c).AuthorizationFailed()
+			c.Abort()
+			return
+		}
+
+		if userInfo.(*entity.User).IsAdmin != constant.SuperAdmin {
+			utils.GinResponse(c).FailedWithMsg("你暂无权限操作")
+			c.Abort()
+			return
+		}
+
+		c.Next()
+	}
+}
--- a/repository/user.go
+++ b/repository/user.go
@ -78,6 +78,8 @@ func (r user) Save(ent *entity.User) (err error) {
 	defaultPassword := utils.Password().GenerateHashPassword("admin123")
 	if ent.Password == "" { // 没有密码给一个默认密码
 		ent.Password = defaultPassword
+	} else {
+		ent.Password = utils.Password().GenerateHashPassword(ent.Password)
 	}

 	// 没有头像就生成一个头像
--- a/route/client.go
+++ b/route/client.go
@ -10,8 +10,8 @@ func ClientApi(r *gin.RouterGroup) {
 	apiGroup := r.Group("client", middleware.Authorization())
 	{
 		apiGroup.GET("list", api.Client().List)                              // 客户端列表
-		apiGroup.POST("save", api.Client().Save)                          // 新增/编辑客户端
-		apiGroup.DELETE(":id", api.Client().Delete)                       // 删除客户端
+		apiGroup.POST("save", middleware.Permission(), api.Client().Save)    // 新增/编辑客户端
+		apiGroup.DELETE(":id", middleware.Permission(), api.Client().Delete) // 删除客户端
 		apiGroup.POST("download/:id", api.Client().Download)                 // 下载客户端配置文件
 		apiGroup.POST("generate-qrcode/:id", api.Client().GenerateQrCode)    // 生成客户端二维码
 	}
--- a/route/server.go
+++ b/route/server.go
@ -10,6 +10,6 @@ func ServerApi(r *gin.RouterGroup) {
 	apiGroup := r.Group("server", middleware.Authorization())
 	{
 		apiGroup.GET("", api.Server().GetServer)                            // 获取服务端信息
-		apiGroup.POST("", api.Server().SaveServer) // 新增/更新服务端信息
+		apiGroup.POST("", middleware.Permission(), api.Server().SaveServer) // 新增/更新服务端信息
 	}
 }
--- a/route/user.go
+++ b/route/user.go
@ -18,9 +18,9 @@ func UserApi(r *gin.RouterGroup) {
 	{
 		userApi.DELETE("logout", api.UserApi().Logout)                                       // 用户退出登陆
 		userApi.GET("", api.UserApi().GetUser)                                               // 获取登陆用户信息
-		userApi.POST("save", api.UserApi().Save)                      // 新增/编辑用户信息
+		userApi.POST("save", middleware.Permission(), api.UserApi().Save)                    // 新增/编辑用户信息
 		userApi.POST("change-password", api.UserApi().ChangePassword)                        // 更改密码
-		userApi.GET("list", api.UserApi().List)                       // 用户列表
-		userApi.PUT("change-status", api.UserApi().ChangeUserState)   // 变更状态
+		userApi.GET("list", middleware.Permission(), api.UserApi().List)                     // 用户列表
+		userApi.PUT("change-status", middleware.Permission(), api.UserApi().ChangeUserState) // 变更状态
 	}
 }