update middleware

MissMeo · Feb 3, 2023 · 5bafd92 · 5bafd92
1 parent 45f35ad
commit 5bafd92
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 6 deletions.
diff --git a/app/mgmt/internal/handler/middleware/auth.go b/app/mgmt/internal/handler/middleware/auth.go
@@ -19,6 +19,11 @@ var dontCheckTokenMap = map[string]bool{
 
 func Auth(rc *redis.Redis) gin.HandlerFunc {
 	return func(c *gin.Context) {
+		// 只有POST请求才需要验证
+		if c.Request.Method != "POST" {
+			dontCheckToken(c)
+			return
+		}
 		if _, ok := dontCheckTokenMap[c.Request.URL.Path]; ok {
 			dontCheckToken(c)
 			return

diff --git a/app/mgmt/internal/handler/middleware/perms.go b/app/mgmt/internal/handler/middleware/perms.go
@@ -27,6 +27,11 @@ func Perms(tx *gorm.DB) gin.HandlerFunc {
 		allApiPathsInited = true
 	}
 	return func(c *gin.Context) {
+		// 只有POST请求才需要验证
+		if c.Request.Method != "POST" {
+			dontCheckToken(c)
+			return
+		}
 		if _, ok := dontCheckTokenMap[c.Request.URL.Path]; ok {
 			c.Next()
 			return

diff --git a/app/mgmt/internal/handler/mshandler/menu.go b/app/mgmt/internal/handler/mshandler/menu.go
@@ -5,6 +5,7 @@ import (
 	"github.com/cherish-chat/xxim-server/app/mgmt/internal/logic"
 	"github.com/cherish-chat/xxim-server/common/pb"
 	"github.com/gin-gonic/gin"
+	"github.com/zeromicro/go-zero/core/logx"
 )
 
 // getAllMenuList 获取所有菜单列表
@@ -92,6 +93,7 @@ func (r *MSHandler) getMenuDetail(ctx *gin.Context) {
 func (r *MSHandler) addMenu(ctx *gin.Context) {
 	in := &pb.AddMSMenuReq{}
 	if err := ctx.ShouldBind(in); err != nil {
+		logx.Errorf("addMenu err: %v", err)
 		ctx.AbortWithStatus(400)
 		return
 	}

diff --git a/app/mgmt/internal/server/httpserver.go b/app/mgmt/internal/server/httpserver.go
@@ -27,14 +27,14 @@ func (s *MgmtServiceServer) NewHttpServer() *HttpServer {
 		gin.SetMode(gin.ReleaseMode)
 	}
 	engine := gin.New()
-	engine.Use(gin.Logger())
-	engine.Use(middleware.Recovery())
-	engine.Use(middleware.Cors(s.svcCtx.Config.Gin.Cors))
-	engine.Use(middleware.Auth(s.svcCtx.Redis()))
-	engine.Use(middleware.Perms(s.svcCtx.Mysql()))
 	// routes
+	engine.GET("/api/swagger/*any", gs.WrapHandler(swaggerFiles.Handler))
 	apiGroup := engine.Group("/api")
-	apiGroup.GET("/swagger/*any", gs.WrapHandler(swaggerFiles.Handler))
+	apiGroup.Use(gin.Logger())
+	apiGroup.Use(middleware.Recovery())
+	apiGroup.Use(middleware.Cors(s.svcCtx.Config.Gin.Cors))
+	apiGroup.Use(middleware.Auth(s.svcCtx.Redis()))
+	apiGroup.Use(middleware.Perms(s.svcCtx.Mysql()))
 	serverhandler.NewServerHandler(s.svcCtx).Register(apiGroup)
 	mshandler.NewMSHandler(s.svcCtx).Register(apiGroup)
 	return &HttpServer{svcCtx: s.svcCtx, Engine: engine}