[fix] casbin权限验证分布式问题

chinaofwarrior · May 17, 2019 · 91fcad8 · 91fcad8
1 parent 0c075d5
commit 91fcad8
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 10 deletions.
diff --git a/go.mod b/go.mod
@@ -6,16 +6,19 @@ require (
 	github.com/Unknwon/goconfig v0.0.0-20190425194916-3dba17dd7b9e // indirect
 	github.com/astaxie/beego v1.11.1
 	github.com/beego/i18n v0.0.0-20161101132742-e9308947f407
+	github.com/billcobbler/casbin-redis-watcher v0.0.0-20180829182704-69cab1cdcf44
 	github.com/casbin/casbin v1.8.1
 	github.com/dchest/captcha v0.0.0-20170622155422-6a29415a8364
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/dgryski/dgoogauth v0.0.0-20190221195224-5a805980a5f3
+	github.com/garyburd/redigo v1.6.0 // indirect
 	github.com/go-sql-driver/mysql v1.4.1
 	github.com/golang/protobuf v1.3.1
 	github.com/icepy/go-dingtalk v0.0.0-20180430151047-e8997a391814
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
 	github.com/kr/pretty v0.1.0 // indirect
 	github.com/lib/pq v1.1.0 // indirect
+	github.com/rafaeljusto/redigomock v0.0.0-20190202135759-257e089e14a1 // indirect
 	github.com/skip2/go-qrcode v0.0.0-20190110000554-dc11ecdae0a9
 	github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a // indirect
 	github.com/spf13/cobra v0.0.3

diff --git a/go.sum b/go.sum
@@ -13,6 +13,8 @@ github.com/beego/i18n v0.0.0-20161101132742-e9308947f407 h1:WtJfx5HqASTQp7HfiZld
 github.com/beego/i18n v0.0.0-20161101132742-e9308947f407/go.mod h1:KLeFCpAMq2+50NkXC8iiJxLLiiTfTqrGtKEVm+2fk7s=
 github.com/beego/x2j v0.0.0-20131220205130-a0352aadc542/go.mod h1:kSeGC/p1AbBiEp5kat81+DSQrZenVBZXklMLaELspWU=
 github.com/belogik/goes v0.0.0-20151229125003-e54d722c3aff/go.mod h1:PhH1ZhyCzHKt4uAasyx+ljRCgoezetRNf59CUtwUkqY=
+github.com/billcobbler/casbin-redis-watcher v0.0.0-20180829182704-69cab1cdcf44 h1:6IUAqiLy9jbnkun5V2TE+RzFu4fy+qqn/bS80I+L0B4=
+github.com/billcobbler/casbin-redis-watcher v0.0.0-20180829182704-69cab1cdcf44/go.mod h1:7gAaWqZ3MW7v5114HJaUNsNxaVCV6LHknrrwQtnjGX4=
 github.com/bradfitz/gomemcache v0.0.0-20180710155616-bc664df96737/go.mod h1:PmM6Mmwb0LSuEubjR8N7PtNe1KxZLtOUHtbeikc5h60=
 github.com/casbin/casbin v1.7.0/go.mod h1:c67qKN6Oum3UF5Q1+BByfFxkwKvhwW57ITjqwtzR1KE=
 github.com/casbin/casbin v1.8.1 h1:BVvL6H0nc+1y68nwIe8ZxwMIOEVUgg9y00yeD3GTDCc=
@@ -32,6 +34,8 @@ github.com/dgryski/dgoogauth v0.0.0-20190221195224-5a805980a5f3/go.mod h1:hEfFau
 github.com/edsrzf/mmap-go v0.0.0-20170320065105-0bce6a688712/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M=
 github.com/elazarl/go-bindata-assetfs v1.0.0 h1:G/bYguwHIzWq9ZoyUQqrjTmJbbYn3j3CKKpKinvZLFk=
 github.com/elazarl/go-bindata-assetfs v1.0.0/go.mod h1:v+YaWX3bdea5J/mo8dSETolEo7R71Vk1u8bnjau5yw4=
+github.com/garyburd/redigo v1.6.0 h1:0VruCpn7yAIIu7pWVClQC8wxCJEcG3nyzpMSHKi1PQc=
+github.com/garyburd/redigo v1.6.0/go.mod h1:NR3MbYisc3/PwhQ00EMzDiPmrwpPxAn5GI05/YaO1SY=
 github.com/go-redis/redis v6.14.2+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
 github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA=
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
@@ -67,6 +71,8 @@ github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsO
 github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/rafaeljusto/redigomock v0.0.0-20190202135759-257e089e14a1 h1:+kGqA4dNN5hn7WwvKdzHl0rdN5AEkbNZd0VjRltAiZg=
+github.com/rafaeljusto/redigomock v0.0.0-20190202135759-257e089e14a1/go.mod h1:JaY6n2sDr+z2WTsXkOmNRUfDy6FN0L6Nk7x06ndm4tY=
 github.com/siddontang/go v0.0.0-20180604090527-bdc77568d726/go.mod h1:3yhqj7WBBfRhbBlzyOC3gUxftwsU0u8gqevxwIHQpMw=
 github.com/siddontang/ledisdb v0.0.0-20181029004158-becf5f38d373/go.mod h1:mF1DpOSOUiJRMR+FDqaqu3EBqrybQtrDDszLUZ6oxPg=
 github.com/siddontang/rdb v0.0.0-20150307021120-fc89ed2e418d/go.mod h1:AMEsy7v5z92TR1JKMkLLoaOQk++LVnOKL3ScbJ8GNGA=

diff --git a/pkg/components/perm.go b/pkg/components/perm.go
@@ -1,6 +1,10 @@
 package components
 
 import (
+	"fmt"
+	"github.com/astaxie/beego"
+	"github.com/astaxie/beego/logs"
+	"github.com/billcobbler/casbin-redis-watcher"
 	"github.com/casbin/casbin"
 	"path/filepath"
 	"sync"
@@ -11,6 +15,12 @@ var (
 	permOnce *perm
 )
 
+// 监听权限是否有变化，有变化则重新加载到内存
+func updateCallback(msg string) {
+	logs.Info(msg)
+	_ = permOnce.enforcer.LoadPolicy()
+}
+
 func NewPerm() *perm {
 	permSync.Do(func() {
 		rbacmodelconf, err := filepath.Abs(Args.ConfigFile + "/rbac_model.conf")
@@ -21,6 +31,15 @@ func NewPerm() *perm {
 		permOnce = &perm{
 			casbin.NewEnforcer(rbacmodelconf, a),
 		}
+
+		// 设置观察者，实现分布式
+		redisHost := beego.AppConfig.String("redis_conn")
+		redisPort := beego.AppConfig.String("redis_port")
+		redisPws := beego.AppConfig.String("redis_pwd")
+		host := fmt.Sprintf("%s:%s", redisHost, redisPort)
+		w, _ := rediswatcher.NewWatcher(host, rediswatcher.Password(redisPws))
+		permOnce.enforcer.SetWatcher(w)
+		_ = w.SetUpdateCallback(updateCallback)
 		// permOnce.enforcer.EnableAutoSave(true)
 	})
 
@@ -75,8 +94,3 @@ func (p *perm) GetAllPermByRoleName(role string, domain string) [][]string {
 func (p *perm) CommitChange() {
 	p.enforcer.SavePolicy()
 }
-
-// 重新载入内存
-func (p *perm) LoadPolicyToRAM() {
-	p.enforcer.LoadPolicy()
-}
diff --git a/pkg/service/role.go b/pkg/service/role.go
@@ -148,11 +148,6 @@ func (r *RoleService) AssignPerm(domainId int, roleId int, menuIds string) error
 		}
 	}
 
-	// 权限有变化重新加载策略到内存
-	if len(addV1s) > 0 || len(delV1s) > 0 {
-		perm.LoadPolicyToRAM()
-	}
-
 	return nil
 }