package controllers
import (
"encoding/json"
"eta_gn/eta_api/cache"
"eta_gn/eta_api/models/system"
"eta_gn/eta_api/services"
"eta_gn/eta_api/services/alarm_msg"
"eta_gn/eta_api/services/data"
"fmt"
"net/http"
"net/url"
"strconv"
"strings"
"time"
"github.com/beego/beego/v2/server/web"
"eta_gn/eta_api/models"
"eta_gn/eta_api/utils"
)
type AfterHandle func(bodyByte []byte) error
// AfterHandlerUrlMap 结束后待处理的url
var AfterHandlerUrlMap = map[string][]AfterHandle{
"/adminapi/datamanage/chart_info/save": {data.DeleteChartInfoDataRedis, data.DeleteChartClassifyRedis}, //图表保存接口
"/adminapi/datamanage/multiple_graph/chart/save": {data.DeleteChartInfoDataRedis, data.DeleteChartClassifyRedis}, //批量图表保存接口
//"/adminapi/datamanage/chart_info/detail": data.DeleteChartInfoDataRedis,
"/adminapi/datamanage/chart_info/edit": {data.DeleteChartInfoDataRedis, data.DeleteChartClassifyRedis}, //图表编辑接口
"/adminapi/datamanage/chart_info/refresh": {data.DeleteChartInfoDataRedis}, //图表刷新接口
"/adminapi/datamanage/chart_info/add": {data.DeleteChartClassifyRedis}, //图表添加接口
"/adminapi/datamanage/chart_classify/delete": {data.DeleteChartInfoDataRedis, data.DeleteChartClassifyRedis}, //图表删除、图表分类删除
"/adminapi/datamanage/chart_classify/add": {data.DeleteChartClassifyRedis}, //新增图表分类接口
"/adminapi/datamanage/chart_classify/edit": {data.DeleteChartClassifyRedis}, //编辑图表分类接口
"/adminapi/datamanage/chart_classify/move": {data.DeleteChartClassifyRedis}, //移动图表分类接口
"/adminapi/datamanage/chart_info/move": {data.DeleteChartClassifyRedis}, //移动图表接口
"/adminapi/datamanage/chart_info/copy": {data.DeleteChartClassifyRedis}, //图表另存为接口
}
var AdminOperateRecordMap = map[string]string{
"/adminapi/pptv2/saveLog": "/adminapi/pptv2/saveLog",
"/adminapi/report/saveReportContent": "/adminapi/report/saveReportContent",
"/adminapi/datamanage/chart_info/common/detail/from_unique_code": "/adminapi/datamanage/chart_info/common/detail/from_unique_code",
"/adminapi/english_report/saveReportContent": "/adminapi/english_report/saveReportContent",
"/adminapi/custom/message/listV2": "/adminapi/custom/message/listV2",
"/adminapi/sysuser/check_pwd": "/adminapi/sysuser/check_pwd",
"/adminapi/system/menu/list": "/adminapi/system/menu/list",
}
type BaseAuthController struct {
web.Controller
SysUser *system.Admin
Session *system.SysSession
Lang string `description:"当前语言类型,中文:zh;英文:en;默认:zh"`
}
//func (c *BaseAuthController) Prepare() {
// //fmt.Println("enter prepare")
// method := c.Ctx.Input.Method()
// uri := c.Ctx.Input.URI()
// //fmt.Println("Url:", uri)
// if method != "HEAD" {
// if method == "POST" || method == "GET" {
// // 当前语言
// {
// lang := c.Ctx.Input.Header("Lang")
// if lang == "" {
// lang = utils.ZhLangVersion
// }
// c.Lang = lang
// }
//
// authorization := c.Ctx.Input.Header("authorization")
// if authorization == "" {
// authorization = c.Ctx.Input.Header("Authorization")
// }
// if authorization == "" {
// newAuthorization := c.GetString("authorization")
// if newAuthorization != `` {
// authorization = "authorization=" + newAuthorization
// } else {
// newAuthorization = c.GetString("Authorization")
// authorization = "authorization=" + newAuthorization
// }
// } else {
// if strings.Contains(authorization, ";") {
// authorization = strings.Replace(authorization, ";", "$", 1)
// }
// }
// if authorization == "" {
// strArr := strings.Split(uri, "?")
// for k, v := range strArr {
// fmt.Println(k, v)
// }
// if len(strArr) > 1 {
// authorization := strArr[1]
// authorization = strings.Replace(authorization, "Authorization", "authorization", -1)
// fmt.Println(authorization)
// }
// }
// if authorization == "" {
// c.JSON(models.BaseResponse{Ret: 408, Msg: "请重新授权!", ErrMsg: "请重新授权:Token is empty or account is empty"}, false, false)
// c.StopRun()
// return
// }
// //authorizationArr := strings.Split(authorization, "$")
// //if len(authorizationArr) <= 1 {
// // c.JSON(models.BaseResponse{Ret: 408, Msg: "请重新授权!", ErrMsg: "请重新授权:Token is empty or account is empty"}, false, false)
// // c.StopRun()
// // return
// //}
// tokenStr := authorization
// tokenArr := strings.Split(tokenStr, "=")
// token := tokenArr[1]
//
// //accountStr := authorizationArr[1]
// //accountArr := strings.Split(accountStr, "=")
// //account := accountArr[1]
//
// session, err := system.GetSysSessionByToken(token)
// if err != nil {
// if utils.IsErrNoRow(err) {
// c.JSON(models.BaseResponse{Ret: 408, Msg: "信息已变更,请重新登陆!", ErrMsg: "Token 信息已变更:Token: " + token}, false, false)
// c.StopRun()
// return
// }
// c.JSON(models.BaseResponse{Ret: 408, Msg: "网络异常,请稍后重试!", ErrMsg: "获取用户信息异常,Eerr:" + err.Error()}, false, false)
// c.StopRun()
// return
// }
// if session == nil {
// c.JSON(models.BaseResponse{Ret: 408, Msg: "网络异常,请稍后重试!", ErrMsg: "sesson is empty "}, false, false)
// c.StopRun()
// return
// }
// //校验token是否合法
// // JWT校验Token和Account
// account := utils.MD5(session.UserName)
// if !utils.CheckToken(account, token) {
// c.JSON(models.BaseResponse{Ret: 408, Msg: "鉴权失败,请重新登录!", ErrMsg: "登录失效,请重新登陆!,CheckToken Fail"}, false, false)
// c.StopRun()
// return
// }
// if time.Now().After(session.ExpiredTime) {
// c.JSON(models.BaseResponse{Ret: 408, Msg: "请重新登录!", ErrMsg: "获取用户信息异常,Eerr:" + err.Error()}, false, false)
// c.StopRun()
// return
// }
// admin, err := system.GetSysUserById(session.SysUserId)
// if err != nil {
// if utils.IsErrNoRow(err) {
// c.JSON(models.BaseResponse{Ret: 408, Msg: "信息已变更,请重新登陆!", ErrMsg: "获取admin 信息失败 " + strconv.Itoa(session.SysUserId)}, false, false)
// c.StopRun()
// return
// }
// c.JSON(models.BaseResponse{Ret: 408, Msg: "网络异常,请稍后重试!", ErrMsg: "获取admin信息异常,Eerr:" + err.Error()}, false, false)
// c.StopRun()
// return
// }
// if admin == nil {
// c.JSON(models.BaseResponse{Ret: 408, Msg: "网络异常,请稍后重试!", ErrMsg: "admin is empty "}, false, false)
// c.StopRun()
// return
// }
// //如果不是启用状态
// if admin.Enabled != 1 {
// c.JSON(models.BaseResponse{Ret: 408, Msg: "账户信息异常!", ErrMsg: "账户被禁用,不允许登陆!,CheckToken Fail"}, false, false)
// c.StopRun()
// return
// }
//
// // 如果当前登录态是不可信设备的,那么需要做过期校验
// if session.IsRemember != 1 {
// loginKey := fmt.Sprint(utils.CACHE_ACCESS_TOKEN_LOGIN, session.Id)
// loginInfo, _ := utils.Rc.RedisString(loginKey)
// if loginInfo == `` {
// c.JSON(models.BaseResponse{Ret: 408, Msg: "超时未操作,系统自动退出!", ErrMsg: "超时未操作,系统自动退出!"}, false, false)
// c.StopRun()
// return
// }
//
// if loginInfo != "1" {
// lastLoginTime := admin.LastLoginTime
//
// lastLoginTimeObj, err := time.Parse(utils.FormatDateWallWithLoc, lastLoginTime)
// fmt.Println(lastLoginTimeObj, err)
//
// msg := `该账号于` + lastLoginTimeObj.Format(utils.FormatDateTime) + "在其他网络登录。此客户端已退出登录。"
// c.JSON(models.BaseResponse{Ret: 408, Msg: msg, ErrMsg: msg}, false, false)
// c.StopRun()
// return
// }
//
// // 如果是ETA体验版-更新活跃时长/更新登录时长的接口请求, 则不更新Token时长
// if uri != `/adminapi/eta_trial/user/login_duration` && uri != `/adminapi/eta_trial/user/active` {
// utils.Rc.Put(loginKey, "1", utils.LoginCacheTime*time.Minute)
// // 不信任名单也同步更新
// noTrustLoginKey := fmt.Sprint(utils.CACHE_ACCESS_TOKEN_LOGIN_NO_TRUST, admin.AdminId)
// utils.Rc.Put(noTrustLoginKey, session.Id, utils.LoginCacheTime*time.Minute)
// }
// }
//
// admin.RoleTypeCode = GetSysUserRoleTypeCode(admin.RoleTypeCode)
// c.SysUser = admin
// c.Session = session
//
// //接口权限校验
// roleId := admin.RoleId
// list, e := system.GetMenuButtonApisByRoleId(roleId)
// if e != nil {
// c.JSON(models.BaseResponse{Ret: 403, Msg: "获取接口权限出错!", ErrMsg: "获取接口权限出错!"}, false, false)
// c.StopRun()
// return
// }
// var api string
// for _, v := range list {
// if v.Api != "" {
// api += v.Api + "&"
// }
// }
//
// //fmt.Println(api)
// //处理uri请求,去除前缀和参数
// api = strings.TrimRight(api, "&")
// uri = strings.Replace(uri, "/adminapi", "", 1)
// uris := strings.Split(uri, "?")
// uri = uris[0]
// //fmt.Println("uri:", uri)
// apis := strings.Split(api, "&")
// apiMap := make(map[string]bool, 0)
// for _, s := range apis {
// apiMap[s] = true
// }
//
// fmt.Println("uri:", uri)
//
// //fmt.Println(apiMap)
// if !apiMap[uri] {
// c.JSON(models.BaseResponse{Ret: 403, Msg: "无权访问!", ErrMsg: "无权访问!"}, false, false)
// c.StopRun()
// return
// }
// } else {
// c.JSON(models.BaseResponse{Ret: 408, Msg: "请求异常,请联系客服!", ErrMsg: "POST之外的请求,暂不支持"}, false, false)
// c.StopRun()
// return
// }
// }
//}
func (c *BaseAuthController) ServeJSON(encoding ...bool) {
urlPath := c.Ctx.Request.URL.Path
// 方法处理完后,需要后置处理的业务逻辑
if handlerList, ok := AfterHandlerUrlMap[urlPath]; ok {
for _, handler := range handlerList {
handler(c.Ctx.Input.RequestBody)
}
}
var (
hasIndent = false
hasEncoding = false
)
if web.BConfig.RunMode == web.PROD {
hasIndent = false
}
if len(encoding) > 0 && encoding[0] == true {
hasEncoding = true
}
if c.Data["json"] == nil {
//go utils.SendEmail("异常提醒:", "接口:"+"URI:"+c.Ctx.Input.URI()+";无返回值", utils.EmailSendToUsers)
body := "接口:" + "URI:" + c.Ctx.Input.URI() + ";无返回值"
go alarm_msg.SendAlarmMsg(body, 1)
return
}
baseRes := c.Data["json"].(*models.BaseResponse)
if baseRes != nil && baseRes.Ret != 408 {
body, _ := json.Marshal(baseRes)
var requestBody string
method := c.Ctx.Input.Method()
if method == "GET" {
requestBody = c.Ctx.Request.RequestURI
} else {
//requestBody, _ = url.QueryUnescape(string(c.Ctx.Input.RequestBody))
requestBody = string(c.Ctx.Input.RequestBody)
}
if baseRes.Ret != 200 && baseRes.IsSendEmail {
//go utils.SendEmail(utils.APPNAME+"【"+utils.RunMode+"】"+"失败提醒", "URI:"+c.Ctx.Input.URI()+"
"+"Params"+requestBody+"
"+"ErrMsg:"+baseRes.ErrMsg+";
Msg:"+baseRes.Msg+";
Body:"+string(body)+"
"+c.SysUser.RealName, utils.EmailSendToUsers)
body := "URI:" + c.Ctx.Input.URI() + "
" + "Params" + requestBody + "
" + "ErrMsg:" + baseRes.ErrMsg + ";
Msg:" + baseRes.Msg + ";
Body:" + string(body) + "
" + c.SysUser.RealName
go alarm_msg.SendAlarmMsg(body, 1)
}
if baseRes.IsAddLog && c.SysUser != nil {
go cache.RecordNewLogs(c.SysUser.AdminId, requestBody, string(body), c.SysUser.RealName, c.Ctx.Input.IP(), c.Ctx.Input.URI())
}
}
if utils.ViperConfig != nil {
if c.Lang == utils.EnLangVersion {
msg := c.Data["json"].(*models.BaseResponse).Msg
if utils.ViperConfig.InConfig(msg) {
c.Data["json"].(*models.BaseResponse).Msg = utils.ViperConfig.GetString(msg)
}
}
}
//新增uuid记录
{
if _, ok := AdminOperateRecordMap[urlPath]; !ok && !strings.Contains(urlPath, "cygx") {
var adminId int
var realName, params, ip, uriStr string
ip = c.Ctx.Input.IP()
if c.SysUser != nil {
adminId = c.SysUser.AdminId
realName = c.SysUser.RealName
}
uuid := c.Ctx.Input.Header("Uuid")
userAgent := c.Ctx.Input.Header("User-Agent")
uri := c.Ctx.Input.URI()
uriStr, _ = url.PathUnescape(uri)
if uriStr != "" {
uri = uriStr
}
if c.Ctx.Input.Method() == "GET" {
paramsJson, _ := json.Marshal(c.Ctx.Input.Params())
params = string(paramsJson)
} else {
params = string(c.Ctx.Input.RequestBody)
}
header := c.Ctx.Request.Header
headerJson, _ := json.Marshal(header)
headerStr := string(headerJson)
go cache.AdminOperateRecord(adminId, realName, uuid, uri, params, ip, userAgent, headerStr)
}
}
c.JSON(c.Data["json"], hasIndent, hasEncoding)
}
func (c *BaseAuthController) JSON(data interface{}, hasIndent bool, coding bool) error {
c.Ctx.Output.Header("Content-Type", "application/json; charset=utf-8")
desEncrypt := utils.DesBase64Encrypt([]byte(utils.DesKey), utils.DesKeySalt)
c.Ctx.Output.Header("Dk", string(desEncrypt)) // des3加解密key
// 设置Cookie为HTTPOnly
c.Ctx.SetCookie("", "", -1, "/", "", false, true, "")
//fmt.Println(c.Ctx.ResponseWriter.Header().Get("Set-Cookie"))
var content []byte
var err error
if hasIndent {
content, err = json.MarshalIndent(data, "", " ")
} else {
content, err = json.Marshal(data)
}
if err != nil {
http.Error(c.Ctx.Output.Context.ResponseWriter, err.Error(), http.StatusInternalServerError)
return err
}
ip := c.Ctx.Input.IP()
requestBody, err := url.QueryUnescape(string(c.Ctx.Input.RequestBody))
if err != nil {
requestBody = string(c.Ctx.Input.RequestBody)
}
if requestBody == "" {
requestBody = c.Ctx.Input.URI()
}
c.logUri(content, requestBody, ip)
// 如果不是debug分支的话,那么需要加密返回
if utils.RunMode != "debug" {
content = utils.DesBase64Encrypt(content, utils.DesKey)
// get请求时,不加双引号就获取不到数据,不知道什么原因,所以还是在前后加上双引号吧
content = []byte(`"` + string(content) + `"`)
}
if coding {
content = []byte(utils.StringsToJSON(string(content)))
}
return c.Ctx.Output.Body(content)
}
func GetSysUserRoleTypeCode(roleTypeCode string) string {
if roleTypeCode == utils.ROLE_TYPE_CODE_FICC_SELLER ||
roleTypeCode == utils.ROLE_TYPE_CODE_FICC_DEPARTMENT {
return utils.ROLE_TYPE_CODE_FICC_SELLER
}
if roleTypeCode == utils.ROLE_TYPE_CODE_RAI_SELLER ||
roleTypeCode == utils.ROLE_TYPE_CODE_RAI_DEPARTMENT {
return utils.ROLE_TYPE_CODE_RAI_SELLER
}
if roleTypeCode == utils.ROLE_TYPE_CODE_RAI_GROUP {
return utils.ROLE_TYPE_CODE_RAI_GROUP
}
if roleTypeCode == utils.ROLE_TYPE_CODE_ADMIN {
return utils.ROLE_TYPE_CODE_ADMIN
}
if roleTypeCode == utils.ROLE_TYPE_CODE_FICC_ADMIN {
return utils.ROLE_TYPE_CODE_FICC_ADMIN
}
if roleTypeCode == utils.ROLE_TYPE_CODE_FICC_TEAM {
return utils.ROLE_TYPE_CODE_FICC_TEAM
}
if roleTypeCode == utils.ROLE_TYPE_CODE_FICC_GROUP {
return utils.ROLE_TYPE_CODE_FICC_GROUP
}
if roleTypeCode == utils.ROLE_TYPE_CODE_RAI_ADMIN {
return utils.ROLE_TYPE_CODE_RAI_ADMIN
}
if roleTypeCode == utils.ROLE_TYPE_CODE_RESEARCHR {
return utils.ROLE_TYPE_CODE_FICC_RESEARCHR
}
if roleTypeCode == utils.ROLE_TYPE_CODE_FICC_RESEARCHR {
return utils.ROLE_TYPE_CODE_FICC_RESEARCHR
}
if roleTypeCode == utils.ROLE_TYPE_CODE_RAI_RESEARCHR {
return utils.ROLE_TYPE_CODE_RAI_RESEARCHR
}
//合规
if roleTypeCode == utils.ROLE_TYPE_CODE_COMPLIANCE {
return utils.ROLE_TYPE_CODE_COMPLIANCE
}
//财务
if roleTypeCode == utils.ROLE_TYPE_CODE_FINANCE {
return utils.ROLE_TYPE_CODE_FINANCE
}
return ""
}
func (c *BaseAuthController) logUri(respContent []byte, requestBody, ip string) {
authorization := ""
method := c.Ctx.Input.Method()
uri := c.Ctx.Input.URI()
//fmt.Println("Url:", uri)
if method != "HEAD" {
if method == "POST" || method == "GET" {
authorization = c.Ctx.Input.Header("authorization")
if authorization == "" {
authorization = c.Ctx.Input.Header("Authorization")
}
if authorization == "" {
newAuthorization := c.GetString("authorization")
if newAuthorization != `` {
authorization = "authorization=" + newAuthorization
} else {
newAuthorization = c.GetString("Authorization")
authorization = "authorization=" + newAuthorization
}
} else {
if strings.Contains(authorization, ";") {
authorization = strings.Replace(authorization, ";", "$", 1)
}
}
if authorization == "" {
strArr := strings.Split(uri, "?")
for k, v := range strArr {
fmt.Println(k, v)
}
if len(strArr) > 1 {
authorization = strArr[1]
authorization = strings.Replace(authorization, "Authorization", "authorization", -1)
fmt.Println(authorization)
}
}
}
}
utils.ApiLog.Info("uri:%s, authorization:%s, requestBody:%s, responseBody:%s, ip:%s", c.Ctx.Input.URI(), authorization, requestBody, respContent, ip)
return
}
func (c *BaseAuthController) Prepare() {
//fmt.Println("enter prepare")
method := c.Ctx.Input.Method()
if method == `HEAD` {
c.JSON(models.BaseResponse{Ret: 408, Msg: "请求异常,请联系客服!", ErrMsg: "POST之外的请求,暂不支持"}, false, false)
c.StopRun()
return
}
if method != "POST" && method != "GET" {
c.JSON(models.BaseResponse{Ret: 408, Msg: "请求异常,请联系客服!", ErrMsg: "POST之外的请求,暂不支持"}, false, false)
c.StopRun()
return
}
uri := c.Ctx.Input.URI()
//fmt.Println("Url:", uri)
// 当前语言
{
lang := c.Ctx.Input.Header("Lang")
if lang == "" {
lang = utils.ZhLangVersion
}
c.Lang = lang
}
isOk, session, resp := checkToken(c)
if !isOk {
_ = c.JSON(resp, false, false)
c.StopRun()
return
}
if session == nil {
c.JSON(models.BaseResponse{Ret: 408, Msg: "网络异常,请稍后重试!", ErrMsg: "sesson is empty "}, false, false)
c.StopRun()
return
}
//校验token是否合法
// JWT校验Token和Account
admin, err := system.GetSysUserById(session.SysUserId)
if err != nil {
if utils.IsErrNoRow(err) {
c.JSON(models.BaseResponse{Ret: 408, Msg: "信息已变更,请重新登陆!", ErrMsg: "获取admin 信息失败 " + strconv.Itoa(session.SysUserId)}, false, false)
c.StopRun()
return
}
c.JSON(models.BaseResponse{Ret: 408, Msg: "网络异常,请稍后重试!", ErrMsg: "获取admin信息异常,Eerr:" + err.Error()}, false, false)
c.StopRun()
return
}
if admin == nil {
c.JSON(models.BaseResponse{Ret: 408, Msg: "网络异常,请稍后重试!", ErrMsg: "admin is empty "}, false, false)
c.StopRun()
return
}
//如果不是启用状态
if admin.Enabled != 1 {
c.JSON(models.BaseResponse{Ret: 408, Msg: "账户信息异常!", ErrMsg: "账户被禁用,不允许登陆!,CheckToken Fail"}, false, false)
c.StopRun()
return
}
//// 如果当前登录态是不可信设备的,那么需要做过期校验
//if session.IsRemember != 1 {
// loginKey := fmt.Sprint(utils.CACHE_ACCESS_TOKEN_LOGIN, session.Id)
// loginInfo, _ := utils.Rc.RedisString(loginKey)
// if loginInfo == `` {
// c.JSON(models.BaseResponse{Ret: 408, Msg: "超时未操作,系统自动退出!", ErrMsg: "超时未操作,系统自动退出!"}, false, false)
// c.StopRun()
// return
// }
//
// //if loginInfo != "1" {
// // lastLoginTime := admin.LastLoginTime
// //
// // lastLoginTimeObj, err := time.Parse(utils.FormatDateWallWithLoc, lastLoginTime)
// // fmt.Println(lastLoginTimeObj, err)
// //
// // msg := `该账号于` + lastLoginTimeObj.Format(utils.FormatDateTime) + "在其他网络登录。此客户端已退出登录。"
// // c.JSON(models.BaseResponse{Ret: 408, Msg: msg, ErrMsg: msg}, false, false)
// // c.StopRun()
// // return
// //}
//
// // 如果是ETA体验版-更新活跃时长/更新登录时长的接口请求, 则不更新Token时长
// if uri != `/adminapi/eta_trial/user/login_duration` && uri != `/adminapi/eta_trial/user/active` {
// utils.Rc.Put(loginKey, "1", utils.LoginCacheTime*time.Minute)
// // 不信任名单也同步更新
// noTrustLoginKey := fmt.Sprint(utils.CACHE_ACCESS_TOKEN_LOGIN_NO_TRUST, admin.AdminId)
// utils.Rc.Put(noTrustLoginKey, session.Id, utils.LoginCacheTime*time.Minute)
// }
//}
admin.RoleTypeCode = GetSysUserRoleTypeCode(admin.RoleTypeCode)
c.SysUser = admin
c.Session = session
//接口权限校验
roleId := admin.RoleId
list, e := system.GetMenuButtonApisByRoleId(roleId)
if e != nil {
c.JSON(models.BaseResponse{Ret: 403, Msg: "获取接口权限出错!", ErrMsg: "获取接口权限出错!"}, false, false)
c.StopRun()
return
}
var api string
for _, v := range list {
if v.Api != "" {
api += v.Api + "&"
}
}
if publicApi, ok := models.BusinessConfMap["PublicApi"]; ok {
api += "&" + publicApi
}
//fmt.Println(api)
//处理uri请求,去除前缀和参数
api = strings.TrimRight(api, "&")
uri = strings.Replace(uri, "/adminapi", "", 1)
uris := strings.Split(uri, "?")
uri = uris[0]
//fmt.Println("uri:", uri)
apis := strings.Split(api, "&")
apiMap := make(map[string]bool, 0)
for _, s := range apis {
apiMap[s] = true
}
//fmt.Println("uri:", uri)
//fmt.Println(apiMap)
if !apiMap[uri] {
c.JSON(models.BaseResponse{Ret: 403, Msg: "无权访问!", ErrMsg: "无权访问!"}, false, false)
c.StopRun()
return
}
}
// checkToken
// @Description: 校验token
// @author: Roc
// @datetime 2024-10-30 11:29:37
// @param c *BaseAuthController
// @return isOk bool
// @return session system.SysSession
// @return resp models.BaseResponse
func checkToken(c *BaseAuthController) (isOk bool, session *system.SysSession, resp models.BaseResponse) {
// 是否校验成功
isOk = true
uri := c.Ctx.Input.URI()
var token string
// 单点登录逻辑
aiUser := c.Ctx.GetCookie("ai_user")
if aiUser == `` {
aiUser = c.Ctx.GetCookie("ai_token")
}
//fmt.Println("ai_user:", aiUser)
// 如果cookie里面没有这个,那么就过期重新登录
if aiUser == `` {
resp = models.BaseResponse{Ret: 408, Msg: "请重新授权!", ErrMsg: "ai_user or ai_token empty"}
isOk = false
return
}
// cookie过期逻辑
{
aiUserExpireStr := c.Ctx.GetCookie("expire")
if aiUserExpireStr == `` {
resp = models.BaseResponse{Ret: 408, Msg: "请重新授权!", ErrMsg: "expire empty"}
isOk = false
return
}
aiUserExpire, err := strconv.Atoi(aiUserExpireStr)
if err != nil {
resp = models.BaseResponse{Ret: 408, Msg: "请重新授权!", ErrMsg: "expire 异常"}
isOk = false
return
}
// 将毫秒时间戳转换为秒和纳秒
seconds := int64(aiUserExpire) / 1000
nanoseconds := (int64(aiUserExpire) % 1000) * 1e6
aiUserExpireTime := time.Unix(seconds, nanoseconds)
if aiUserExpireTime.Before(time.Now()) {
resp = models.BaseResponse{Ret: 408, Msg: "请重新授权!", ErrMsg: "cookie已过期"}
isOk = false
return
}
}
// 获取eta的token
authorization := c.Ctx.Input.Header("authorization")
if authorization == "" {
authorization = c.Ctx.Input.Header("Authorization")
}
if authorization == "" {
newAuthorization := c.GetString("authorization")
if newAuthorization != `` {
authorization = "authorization=" + newAuthorization
} else {
newAuthorization = c.GetString("Authorization")
authorization = "authorization=" + newAuthorization
}
} else {
if strings.Contains(authorization, ";") {
authorization = strings.Replace(authorization, ";", "$", 1)
}
}
if authorization == "" {
strArr := strings.Split(uri, "?")
//for k, v := range strArr {
// fmt.Println(k, v)
//}
if len(strArr) > 1 {
authorization = strArr[1]
authorization = strings.Replace(authorization, "Authorization", "authorization", -1)
//fmt.Println(authorization)
}
}
if authorization != "" {
tokenStr := authorization
tokenArr := strings.Split(tokenStr, "=")
token = tokenArr[1]
}
//fmt.Println("token:", token)
// Token空了, 以Cookie为准重新登录
if token == `` {
newLogin, e := services.UserLoginChange(aiUser)
if e != nil {
resp = models.BaseResponse{Ret: 408, Msg: "重登录失败,请稍后重试!", ErrMsg: fmt.Sprint(e)}
} else {
resp = models.BaseResponse{Ret: models.BaseRespReLoginErr, Msg: "用户切换,请刷新页面", ErrMsg: "user exchanged", Data: newLogin}
}
isOk = false
return
}
// todo 将aiUser与session进行关联
// token不为空, 那么去校验一下token是否过期, 以及和cookieVal是否匹配
// 找不到session, 也直接切CookieValue中的用户登录
session, err := system.GetSysSessionByToken(token)
if err != nil {
newLogin, e := services.UserLoginChange(aiUser)
if e != nil {
resp = models.BaseResponse{Ret: 408, Msg: "重登录失败,请稍后重试!", ErrMsg: fmt.Sprint(e)}
} else {
resp = models.BaseResponse{Ret: models.BaseRespReLoginErr, Msg: "用户切换,请刷新页面", ErrMsg: "user exchanged", Data: newLogin}
}
isOk = false
return
}
// CookieVal不匹配、token验证失败、session以及redis中的token过期,那么以cookieVal的用户去登录并返回4014
account := utils.MD5(session.UserName)
//if session.UserName != aiUser || !utils.CheckToken(account, token) || time.Now().After(session.ExpiredTime){
if session.UserName != aiUser || !utils.CheckToken(account, token) {
newLogin, e := services.UserLoginChange(aiUser)
if e != nil {
resp = models.BaseResponse{Ret: 408, Msg: "重登录失败,请稍后重试!", ErrMsg: fmt.Sprint(e)}
} else {
resp = models.BaseResponse{Ret: models.BaseRespReLoginErr, Msg: "用户切换,请刷新页面", ErrMsg: "user exchanged", Data: newLogin}
}
isOk = false
return
}
//account := utils.MD5(session.UserName)
//if !utils.CheckToken(account, token) {
// resp = models.BaseResponse{Ret: 408, Msg: "鉴权失败,请重新登录!", ErrMsg: "登录失效,请重新登陆!,CheckToken Fail"}
// isOk = false
// return
//}
//if time.Now().After(session.ExpiredTime) {
// resp = models.BaseResponse{Ret: 408, Msg: "请重新登录!", ErrMsg: "获取用户信息异常,Err:" + err.Error()}
// isOk = false
// return
//}
// 正常逻辑
if token == "" {
resp = models.BaseResponse{Ret: 408, Msg: "请重新授权!", ErrMsg: "请重新授权:Token is empty or account is empty"}
isOk = false
return
}
return
}