|
|
@@ -201,20 +201,24 @@ func (c *BaseAuthController) Prepare() {
|
|
|
api += v.Api + ","
|
|
|
}
|
|
|
//处理uri请求,去除前缀和参数
|
|
|
- api = strings.TrimRight(api,",")
|
|
|
- uri = strings.Replace(uri,"/adminapi","",1)
|
|
|
- uris := strings.Split(uri,"?")
|
|
|
+ api = strings.TrimRight(api, ",")
|
|
|
+ uri = strings.Replace(uri, "/adminapi", "", 1)
|
|
|
+ uris := strings.Split(uri, "?")
|
|
|
uri = uris[0]
|
|
|
- fmt.Println("uri:",uri)
|
|
|
+ fmt.Println("uri:", uri)
|
|
|
apis := strings.Split(api, "&")
|
|
|
apiMap := make(map[string]bool, 0)
|
|
|
for _, s := range apis {
|
|
|
apiMap[s] = true
|
|
|
}
|
|
|
- if!apiMap[uri] {
|
|
|
+ //if !apiMap[uri] {
|
|
|
+ // c.JSON(models.BaseResponse{Ret: 403, Msg: "无权访问!", ErrMsg: "无权访问!"}, false, false)
|
|
|
+ // c.StopRun()
|
|
|
+ // return
|
|
|
+ //}
|
|
|
+ if !strings.Contains(api, uri) {
|
|
|
c.JSON(models.BaseResponse{Ret: 403, Msg: "无权访问!", ErrMsg: "无权访问!"}, false, false)
|
|
|
c.StopRun()
|
|
|
- return
|
|
|
}
|
|
|
}
|
|
|
|
zwxi