From ced640ffa141ce65f5c48a4a9750535bdd7138d3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E6=A2=81=E6=98=BE=E4=BC=98?= <237809796@qq.com>
Date: Thu, 20 Jul 2023 22:49:07 +0800
Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=EF=BC=9A=E5=AE=8C=E5=96=84?=
 =?UTF-8?q?=E5=8F=91=E9=80=81=E9=A2=91=E9=81=93=E6=B6=88=E6=81=AF=E6=8B=A6?=
 =?UTF-8?q?=E6=88=AA?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/zsub/msg-accept.go | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/internal/zsub/msg-accept.go b/internal/zsub/msg-accept.go
index e4e637f..d813d59 100644
--- a/internal/zsub/msg-accept.go
+++ b/internal/zsub/msg-accept.go
@@ -75,6 +75,18 @@ func handleMessage(v Message) {
 	}
 
 	cmd := rcmd[0]
+
+	// auth check
+	switch cmd {
+	case "publish", "broadcast", "delay", "rpc":
+		if !AuthManager.AuthCheck(c.user, rcmd[1], "w") {
+			c.send("-Error: Insufficient permissions to send " + cmd + " [" + rcmd[1] + "] message.")
+			return
+		}
+	case "subscribe": // 在订阅逻辑处检查
+	default: // 其他指令将放行,包括：unsubscribe、lock、unlock、timer
+	}
+
 	switch cmd {
 	case "auth":
 		userid, err := AuthManager.GetUserIdByToken(rcmd[1])
@@ -132,12 +144,6 @@ func handleMessage(v Message) {
 			/*if len(topicChan) < cap(topicChan) {
 				topicChan <- rcmd
 			}*/
-
-			// auth check
-			if !AuthManager.AuthCheck(c.user, rcmd[1], "w") {
-				c.send("-Error: Insufficient permissions to send topic [" + rcmd[1] + "] message.")
-				return
-			}
 			Hub.Publish(rcmd[1], rcmd[2])
 		}
 		return
@@ -161,7 +167,7 @@ func handleMessage(v Message) {
 			for _, topic := range rcmd[1:] {
 				// auth check
 				if !AuthManager.AuthCheck(c.user, rcmd[1], "r") {
-					c.send("-Error: Insufficient permissions to accept topic [" + topic + "] message.")
+					c.send("-Error: Insufficient permissions to " + cmd + " [" + rcmd[1] + "] message.")
 					continue
 				}
 				c.subscribe(topic)