0

我做了一个自定义功能,应该检查用户使用请求的权限。我可以监控请求 LocationInfo 吗?可以这样看吗?

if (!User.accessTo.contains(CALL_LOCATION_INFO)){
call.respond(HttpStatusCode.BadRequest) }

那是我的功能代码:

data class UserRights(
        val haveFullAccess:Boolean,
        val accessTo:List<String>,
        val canUpdate:Boolean,
        val canDelete:Boolean,
        val canBan:Boolean,
        val canMute:Boolean)

var User = UserRights(false, listOf(""),false,false,false,false)

class RightsChecker(configuration: Configuration) {
    val prop = configuration.prop // get snapshot of config into immutable property
    class Configuration {
        var prop = "value"
    }
    companion object Feature : ApplicationFeature<ApplicationCallPipeline, Configuration, RightsChecker> {
        override val key = AttributeKey<RightsChecker>("RightsChecker")
        override fun install(pipeline: ApplicationCallPipeline, configure: Configuration.() -> Unit): RightsChecker {
            val configuration = RightsChecker.Configuration().apply(configure)
            val feature = RightsChecker(configuration)

            val FilterPhase = PipelinePhase("CallFilter")
            pipeline.insertPhaseAfter(ApplicationCallPipeline.Infrastructure, FilterPhase)

            pipeline.intercept(FilterPhase) {
                val session = call.sessions.get<SessionData>() ?: SessionData(0, "Guest")
                when (session.role) {
                    "Guest" -> User = UserRights(
                            haveFullAccess = false,
                            accessTo = listOf(""),
                            canUpdate = false,
                            canDelete = false,
                            canBan = false,
                            canMute = false)
                    "User" -> User = UserRights(
                            haveFullAccess = false,
                            accessTo = listOf("lUsers"),
                            canUpdate = false,
                            canDelete = false,
                            canBan = false,
                            canMute = false)                       
                    "Admin" -> User = UserRights(
                            haveFullAccess = true,
                            accessTo = listOf("lUsers"),
                            canUpdate = true,
                            canDelete = true,
                            canBan = true,
                            canMute = true)
                }
                if (!User.accessTo.contains(CALL_LOCATION_INFO)){
                    call.respond(HttpStatusCode.BadRequest)
                }
            }
            return feature
        }
    }
}

你怎么看,我正在使用具有权限的 UserRights 数据类。“accesTo” - 是用户可以使用的位置名称列表(格式可以更改)。功能必须在请求处理之前检查“accesTo”列表中包含的位置名称。

谢谢你的帮助!

UPD:位置代码:

@Location("/login") data class lLoginData(val email:String, val password: String)
@Location("/users") data class lGetUsers(val page:Int, val limit:Int)
@Location("/users/user") data class lUser(val email: String)
@Location("/users") data class lUpdateData(val userID: Int, val datatype:String, val newData:String)
@Location("/users") data class lRegData(val email: String, val username:String, val userpass:String)
4

1 回答 1

0

如果我对您的理解正确,那么您只是想知道调用了什么路由/uri。

这是一个小型服务器,它通过调用的路由进行应答。

私有 val locationKey = AttributeKey("位置")

val module = fun Application.() {
    install(Routing) {
        intercept(ApplicationCallPipeline.Call) {
            val location = call.request.local.uri
            call.attributes.put(locationKey, location)
        }

        get("{...}") {
            val location = call.attributes[locationKey]
            call.respond(location)
        }
    }
}

可以看出,我正在使用call.request.local.uri来获取呼叫的 uri。

当我导航到http://localhost:5001/hello/route时,服务器回答为/hello/route

这回答了你的问题了吗?

于 2018-08-07T07:06:11.647 回答