From e8d1d0470f4a39b9710306b225a8cbb939055430 Mon Sep 17 00:00:00 2001
From: TsMask <340112800@qq.com>
Date: Fri, 1 Dec 2023 17:22:32 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E6=8E=A5=E5=8F=A3=E8=BA=AB=E4=BB=BD?=
 =?UTF-8?q?=E8=AE=A4=E8=AF=81=E7=99=BD=E5=90=8D=E5=8D=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/framework/middleware/pre_authorize.go | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/src/framework/middleware/pre_authorize.go b/src/framework/middleware/pre_authorize.go
index 4ded217f..81f42897 100644
--- a/src/framework/middleware/pre_authorize.go
+++ b/src/framework/middleware/pre_authorize.go
@@ -1,6 +1,8 @@
 package middleware
 
 import (
+	"strings"
+
 	AdminConstants "ems.agt/src/framework/constants/admin"
 	commonConstants "ems.agt/src/framework/constants/common"
 	"ems.agt/src/framework/i18n"
@@ -11,6 +13,9 @@ import (
 	"github.com/gin-gonic/gin"
 )
 
+/**无Token可访问白名单 */
+var URL_WHITE_LIST = []string{"/performanceManagement", "/faultManagement"}
+
 // PreAuthorize 用户身份授权认证校验
 //
 // 只需含有其中角色 "hasRoles": {"xxx"},
@@ -24,6 +29,21 @@ func PreAuthorize(options map[string][]string) gin.HandlerFunc {
 	return func(c *gin.Context) {
 		language := ctxUtils.AcceptLanguage(c)
 
+		requestURI := c.Request.RequestURI
+
+		// 判断白名单
+		isWhite := false
+		for _, w := range URL_WHITE_LIST {
+			if strings.Contains(requestURI, w) {
+				isWhite = true
+				break
+			}
+		}
+		if isWhite {
+			c.Next()
+			return
+		}
+
 		// 获取请求头标识信息
 		tokenStr := ctxUtils.Authorization(c)
 		if tokenStr == "" {
@@ -61,7 +81,7 @@ func PreAuthorize(options map[string][]string) gin.HandlerFunc {
 			perms := loginUser.Permissions
 			verifyOk := verifyRolePermission(roles, perms, options)
 			if !verifyOk {
-				msg := i18n.TTemplate(language, "app.common.err403", map[string]any{"method": c.Request.Method, "requestURI": c.Request.RequestURI})
+				msg := i18n.TTemplate(language, "app.common.err403", map[string]any{"method": c.Request.Method, "requestURI": requestURI})
 				c.JSON(403, result.CodeMsg(403, msg))
 				c.Abort() // 停止执行后续的处理函数
 				return