package controllers
import (
"encoding/json"
"eta/eta_mini_crm/models"
"eta/eta_mini_crm/utils"
"fmt"
"net/http"
"strconv"
"strings"
"time"
"github.com/beego/beego/v2/client/orm"
"github.com/beego/beego/v2/server/web"
)
type BaseAuthController struct {
web.Controller
SysUser *models.SysUser
Session *models.SysSession
}
func (c *BaseAuthController) Prepare() {
method := c.Ctx.Input.Method()
uri := c.Ctx.Input.URI()
if method != "HEAD" {
if method == "POST" || method == "GET" {
authorization := c.Ctx.Input.Header("authorization")
if authorization == "" {
c.JSON(models.BaseResponse{Ret: 408, Msg: "请重新授权!", ErrMsg: "请重新授权:Token is empty or account is empty"}, false, false)
c.StopRun()
return
}
tokenStr := authorization
tokenArr := strings.Split(tokenStr, "=")
token := tokenArr[1]
session, err := models.GetSysSessionByToken(token)
if err != nil {
if err == orm.ErrNoRows {
c.JSON(models.BaseResponse{Ret: 408, Msg: "信息已变更,请重新登陆!", ErrMsg: "Token 信息已变更:Token: " + token}, false, false)
c.StopRun()
return
}
c.JSON(models.BaseResponse{Ret: 408, Msg: "网络异常,请稍后重试!", ErrMsg: "获取用户信息异常,Eerr:" + err.Error()}, false, false)
c.StopRun()
return
}
if session == nil {
c.JSON(models.BaseResponse{Ret: 408, Msg: "网络异常,请稍后重试!", ErrMsg: "sesson is empty "}, false, false)
c.StopRun()
return
}
account := utils.MD5(session.UserName)
if !utils.CheckToken(account, token) {
c.JSON(models.BaseResponse{Ret: 408, Msg: "鉴权失败,请重新登录!", ErrMsg: "登录失效,请重新登陆!,CheckToken Fail"}, false, false)
c.StopRun()
return
}
if time.Now().After(session.ExpiredTime) {
c.JSON(models.BaseResponse{Ret: 408, Msg: "请重新登录!", ErrMsg: "获取用户信息异常"}, false, false)
c.StopRun()
return
}
sysUser, err := models.GetSysUserById(session.SysUserId)
if err != nil {
if err == orm.ErrNoRows {
c.JSON(models.BaseResponse{Ret: 408, Msg: "信息已变更,请重新登陆!", ErrMsg: "获取sysUser信息失败: " + strconv.Itoa(session.SysUserId)}, false, false)
c.StopRun()
return
}
c.JSON(models.BaseResponse{Ret: 408, Msg: "网络异常,请稍后重试!", ErrMsg: "获取sysUser信息异常,Err:" + err.Error()}, false, false)
c.StopRun()
return
}
if sysUser == nil {
c.JSON(models.BaseResponse{Ret: 408, Msg: "网络异常,请稍后重试!", ErrMsg: "sysUser is empty"}, false, false)
c.StopRun()
return
}
if !sysUser.IsEnabled {
c.JSON(models.BaseResponse{Ret: 408, Msg: "账户信息异常!", ErrMsg: "账户被禁用,不允许登陆!"}, false, false)
c.StopRun()
return
}
loginKey := fmt.Sprint(utils.CACHE_ACCESS_TOKEN_LOGIN, session.SysSessionId)
loginInfo, _ := utils.Rc.RedisString(loginKey)
if loginInfo == `` {
c.JSON(models.BaseResponse{Ret: 408, Msg: "超时未操作,系统自动退出!", ErrMsg: "超时未操作,系统自动退出!"}, false, false)
c.StopRun()
return
}
if loginInfo != "1" {
msg := "在其他网络登录。此客户端已退出登录。"
c.JSON(models.BaseResponse{Ret: 408, Msg: msg, ErrMsg: msg}, false, false)
c.StopRun()
return
}
c.SysUser = sysUser
c.Session = session
//接口权限校验
roleId := sysUser.SysRoleId
list, e := models.GetMenuButtonsByRoleId(roleId)
if e != nil {
c.JSON(models.BaseResponse{Ret: 403, Msg: "获取接口权限出错!", ErrMsg: "获取接口权限出错!"}, false, false)
c.StopRun()
return
}
var api string
for _, v := range list {
api += v.Api + "&"
}
api = strings.TrimRight(api, "&")
uri = strings.Replace(uri, "/adminapi", "", 1)
uris := strings.Split(uri, "?")
uri = uris[0]
//fmt.Println("uri:", uri)
apis := strings.Split(api, "&")
apiMap := make(map[string]bool, 0)
for _, s := range apis {
apiMap[s] = true
}
if !apiMap[uri] || utils.NoAuthApiMap[uri] {
c.JSON(models.BaseResponse{Ret: 403, Msg: "无权访问!", ErrMsg: "无权访问!"}, false, false)
c.StopRun()
return
}
}
}
}
func (c *BaseAuthController) ServeJSON(encoding ...bool) {
var (
hasIndent = false
hasEncoding = false
)
if web.BConfig.RunMode == web.PROD {
hasIndent = false
}
if len(encoding) > 0 && encoding[0] == true {
hasEncoding = true
}
if c.Data["json"] == nil {
//go utils.SendEmail("异常提醒:", "接口:"+"URI:"+c.Ctx.Input.URI()+";无返回值", utils.EmailSendToUsers)
body := "接口:" + "URI:" + c.Ctx.Input.URI() + ";无返回值"
fmt.Println(body)
// go alarm_msg.SendAlarmMsg(body, 1)
return
}
baseRes := c.Data["json"].(*models.BaseResponse)
if baseRes != nil && baseRes.Ret != 408 {
body, _ := json.Marshal(baseRes)
var requestBody string
method := c.Ctx.Input.Method()
if method == "GET" {
requestBody = c.Ctx.Request.RequestURI
} else {
//requestBody, _ = url.QueryUnescape(string(c.Ctx.Input.RequestBody))
requestBody = string(c.Ctx.Input.RequestBody)
}
if baseRes.Ret != 200 && baseRes.IsSendEmail {
//go utils.SendEmail(utils.APPNAME+"【"+utils.RunMode+"】"+"失败提醒", "URI:"+c.Ctx.Input.URI()+"
"+"Params"+requestBody+"
"+"ErrMsg:"+baseRes.ErrMsg+";
Msg:"+baseRes.Msg+";
Body:"+string(body)+"
"+c.SysUser.RealName, utils.EmailSendToUsers)
body := "URI:" + c.Ctx.Input.URI() + "
" + "Params" + requestBody + "
" + "ErrMsg:" + baseRes.ErrMsg + ";
Msg:" + baseRes.Msg + ";
Body:" + string(body) + "
" + c.SysUser.SysRealName
// go alarm_msg.SendAlarmMsg(body, 1)
fmt.Println(body)
}
if baseRes.IsAddLog && c.SysUser != nil {
// go cache.RecordNewLogs(c.SysUser.AdminId, requestBody, string(body), c.SysUser.RealName, c.Ctx.Input.IP(), c.Ctx.Input.URI())
return
}
}
c.JSON(c.Data["json"], hasIndent, hasEncoding)
}
func (c *BaseAuthController) JSON(data interface{}, hasIndent bool, coding bool) error {
c.Ctx.Output.Header("Content-Type", "application/json; charset=utf-8")
desEncrypt := utils.DesBase64Encrypt([]byte(utils.DesKey), utils.DesKeySalt)
c.Ctx.Output.Header("Dk", string(desEncrypt)) // des3加解密key
// 设置Cookie为HTTPOnly
c.Ctx.SetCookie("", "", -1, "/", "", false, true, "")
var content []byte
var err error
if hasIndent {
content, err = json.MarshalIndent(data, "", " ")
} else {
content, err = json.Marshal(data)
}
if err != nil {
http.Error(c.Ctx.Output.Context.ResponseWriter, err.Error(), http.StatusInternalServerError)
return err
}
if utils.RunMode != "debug" {
content = utils.DesBase64Encrypt(content, utils.DesKey)
content = []byte(`"` + string(content) + `"`)
}
if coding {
content = []byte(utils.StringsToJSON(string(content)))
}
return c.Ctx.Output.Body(content)
}