What middleware should Veb have to make it easier to use in production environments

[Avey777]

• Authentication management middleware | 鉴权管理中间件
• Log middleware | 日志中间件 LogHandler)
• Circuit breaker middleware| 熔断中间件
• Content Security Middleware | 内容安全中间件
• Decryption middleware | 解密中间件
• Compression management middleware |压缩管理中间件
• ContentLength Management Middleware | ContentLength 管理中间件
• Current limiting middleware | 限流中间件
• Indicator statistics middleware | 指标统计中间件
• Prometheus Indicator Middleware | 普罗米修斯指标中间件
• Panic recovery middleware | panic 恢复中间件
• Load monitoring middleware | 负载监控中间件
• Timeout middleware | 超时中间件
• Link tracing middleware | 链路追踪中间件

[Avey777]

The authentication management middleware is currently the only obstacle that prevents our team from using V language for production projects.
There are two options below:

1. Translate cassette into v language using go to v
2. Call cash cpp between v

Neither solution is simple, I still hope that the community can have similar V replacement products

@medvednikov

[jorgeluismireles]

In fact, I would like that Gitly would use an standard that the rest of V apps could reuse.

[JalonSolov]

casbin-cpp

I think that through the cash cpp project, using the code call capability from V to C, perhaps this can be achieved. But this is difficult for our team

No, casbin-cpp doesn't help, unless it has a C interface. V only interoperates with C, not C++.

[JalonSolov]

In fact, I would like that Gitly would use an standard that the rest of V apps could reuse.

gitly uses OAUTH.

[Avey777]

Gitly's permission authentication is too simple, we need to support RBAC, need role inheritance and data-level inheritance permissions

[Avey777]

I don't know how to translate the function to V, I see casbin (go) rely on the external library very few, you can consider the go version of casbin translated into V

[Avey777]

authority_middleware.go

package middleware

import (
	"context"
	"errors"
	"net/http"

	"github.com/casbin/casbin/v2"
	"github.com/redis/go-redis/v9"
	"github.com/suyuan32/simple-admin-common/config"
	"github.com/suyuan32/simple-admin-common/enum/errorcode"
	"github.com/suyuan32/simple-admin-common/orm/ent/entctx/rolectx"
	"github.com/zeromicro/go-zero/core/errorx"
	"github.com/zeromicro/go-zero/core/logx"
	"github.com/zeromicro/go-zero/rest/httpx"

	"github.com/suyuan32/simple-admin-common/i18n"
	"github.com/suyuan32/simple-admin-common/utils/jwt"
)

type AuthorityMiddleware struct {
	Cbn   *casbin.Enforcer
	Rds   redis.UniversalClient
	Trans *i18n.Translator
}

func NewAuthorityMiddleware(cbn *casbin.Enforcer, rds redis.UniversalClient, trans *i18n.Translator) *AuthorityMiddleware {
	return &AuthorityMiddleware{
		Cbn:   cbn,
		Rds:   rds,
		Trans: trans,
	}
}

func (m *AuthorityMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		// get the path
		obj := r.URL.Path
		// get the method
		act := r.Method
		// get the role id
		roleIds, err := rolectx.GetRoleIDFromCtx(r.Context())
		if err != nil {
			httpx.Error(w, err)
			return
		}

		// check jwt blacklist
		jwtResult, err := m.Rds.Get(context.Background(), config.RedisTokenPrefix+jwt.StripBearerPrefixFromToken(r.Header.Get("Authorization"))).Result()
		if err != nil && !errors.Is(err, redis.Nil) {
			logx.Errorw("redis error in jwt", logx.Field("detail", err.Error()))
			httpx.Error(w, errorx.NewApiError(http.StatusInternalServerError, err.Error()))
			return
		}
		if jwtResult == "1" {
			logx.Errorw("token in blacklist", logx.Field("detail", r.Header.Get("Authorization")))
			httpx.Error(w, errorx.NewApiErrorWithoutMsg(http.StatusUnauthorized))
			return
		}

		result := batchCheck(m.Cbn, roleIds, act, obj)

		if result {
			logx.Infow("HTTP/HTTPS Request", logx.Field("UUID", r.Context().Value("userId").(string)),
				logx.Field("path", obj), logx.Field("method", act))
			next(w, r)
			return
		} else {
			logx.Errorw("the role is not permitted to access the API", logx.Field("roleId", roleIds),
				logx.Field("path", obj), logx.Field("method", act))
			httpx.Error(w, errorx.NewCodeError(errorcode.PermissionDenied, m.Trans.Trans(
				context.WithValue(context.Background(), "lang", r.Header.Get("Accept-Language")),
				i18n.PermissionDeny)))
			return
		}
	}
}

func batchCheck(cbn *casbin.Enforcer, roleIds []string, act, obj string) bool {
	var checkReq [][]any
	for _, v := range roleIds {
		checkReq = append(checkReq, []any{v, obj, act})
	}

	result, err := cbn.BatchEnforce(checkReq)
	if err != nil {
		logx.Errorw("Casbin enforce error", logx.Field("detail", err.Error()))
		return false
	}

	for _, v := range result {
		if v {
			return true
		}
	}

	return false
}

https://github.com/suyuan32/simple-admin-core/blob/main/api/internal/middleware/authority_middleware.go

[Avey777]

Online Preview

Administrator Tenant Account
Enterprise: admin
Account: admin
Password: simple-admin