图书增加权限校验

Author: shen100

config.example.json

@@ -17,9 +17,8 @@
 		"MaxIdle"   : 3,          /*最大的空闲连接数*/
 		"MaxActive" : 5           /*最大的激活连接数*/
 	},
-	"mongodb": {
-		"URL"      : "", /*mongodb连接地址, 可以不填，不填的话,就没有计划任务和数据统计功能*/	
-		"Database" : "golang123"
+	"mongodb": { /*mongodb连接地址, 可以不填，不填的话,就没有数据统计功能*/
+		"URL" : ""	
 	},
 	"go": {
 		"APIPoweredBy"        : "Golang123 API",/*后台go加的X-Powered-By*/
@@ -30,12 +29,12 @@
 		"LogDir"              : "", /*日志文件所在的目录，如果不设的话，默认在项目目录下*/          
 		"APIPrefix"           : "/api", /*api服务请求前缀*/
 		/*图片上传的目录, 默认是golang123/website/static/upload/img目录*/
-		/*如果要修改的话，请使用绝对路径，不要使用相对路径*/
+		/*如果要修改的话，请使用绝对路径，不要使用相对路径, 并在Nginx配置中，将修改后的目录配置为静态目录*/
 		"UploadImgDir"        : "",
 		"ImgPath"             : "/upload/img",        /*上传后的图片请求地址前缀*/
 		"MaxMultipartMemory"  : 3, /*上传的图片最大允许的大小，单位MB*/
 		"Port"                : 8023,                 /*go监听的端口*/
-		"CronEnabled"         : false, /*是否允许计划任务*/
+		"StatsEnabled"        : false, /*是否开启数据统计功能, 开启的话要安装mongodb*/
 		"TokenSecret"         : "Jxa26iOirBiYX8iLCJuYm5iy", /*TokenSecret，请修改*/
 		"TokenMaxAge"         : 86400, /*token多久过期，单位秒*/
 		"PassSalt"            : "xrjoN1qR",           /*用户密码加盐，请修改*/

controller/book/book.go

@@ -420,8 +420,28 @@ func Chapters(c *gin.Context) {
 		SendErrJSON("错误的图书id", c)
 		return
 	}
+
+	var book model.Book
+	if err := model.DB.Where("status != ?", model.BookVerifyFail).First(&book, id).Error; err != nil {
+		SendErrJSON("错误的图书id", c)
+		return
+	}
+
+	if book.ReadLimits == model.BookReadLimitsPrivate {
+		userInter, _ := c.Get("user")
+		if userInter == nil {
+			SendErrJSON("没有权限", c)
+			return
+		}
+		user := userInter.(model.User)
+		if user.ID != book.UserID {
+			SendErrJSON("没有权限.", c)
+			return
+		}
+	}
+
 	var chapters []model.BookChapter
-	if err := model.DB.Model(&model.BookChapter{}).Where("book_id = ?", id).Order("created_at desc").Find(&chapters).Error; err != nil {
+	if err := model.DB.Model(&model.BookChapter{}).Where("book_id = ?", id).Select("id, name").Order("created_at desc").Find(&chapters).Error; err != nil {
 		fmt.Println(err)
 		SendErrJSON("error", c)
 		return

controller/common/upload.go

@@ -33,6 +33,10 @@ func Upload(c *gin.Context) (map[string]interface{}, error) {
 	}
 	var mimeType = mime.TypeByExtension(ext)
 
+	fmt.Printf("filename %s, index %d, ext %s, mimeType %s\n", filename, index, ext, mimeType)
+	if mimeType == "" && ext == ".jpeg" {
+		mimeType = "image/jpeg"
+	}
 	if mimeType == "" {
 		return nil, errors.New("无效的图片类型")
 	}

main.go

@@ -16,6 +16,7 @@ import (
 func main() {
 	fmt.Println("gin.Version: ", gin.Version)
 	if config.ServerConfig.Env != model.DevelopmentMode {
+		gin.SetMode(gin.ReleaseMode)
 		// Disable Console Color, you don't need console color when writing the logs to file.
 		gin.DisableConsoleColor()
 		// Logging to a file.

router/route.go

@@ -134,7 +134,8 @@ func Route(router *gin.Engine) {
 		api.GET("/books/user/public/:userID", book.UserPublicBooks)
 		api.GET("/books/info/:id", middleware.SetContextUser,
 			book.Info)
-		api.GET("/books/chapters/:bookID", book.Chapters)
+		api.GET("/books/chapters/:bookID", middleware.SetContextUser,
+			book.Chapters)
 		api.GET("/books/chapter/:chapterID", middleware.SetContextUser,
 			book.Chapter)
 		api.POST("/books", middleware.SigninRequired,