package controllers import ( "encoding/json" "eta/eta_mini_crm/models" "eta/eta_mini_crm/utils" "fmt" "net/http" "strconv" "strings" "time" "github.com/beego/beego/v2/client/orm" "github.com/beego/beego/v2/server/web" ) type BaseAuthController struct { web.Controller SysUser *models.SysUser Session *models.SysSession } func (c *BaseAuthController) Prepare() { method := c.Ctx.Input.Method() // uri := c.Ctx.Input.URI() if method != "HEAD" { if method == "POST" || method == "GET" { authorization := c.Ctx.Input.Header("authorization") if authorization == "" { c.JSON(models.BaseResponse{Ret: 408, Msg: "请重新授权!", ErrMsg: "请重新授权:Token is empty or account is empty"}) c.StopRun() return } tokenStr := authorization tokenArr := strings.Split(tokenStr, "=") token := tokenArr[1] session, err := models.GetSysSessionByToken(token) if err != nil { if err == orm.ErrNoRows { c.JSON(models.BaseResponse{Ret: 408, Msg: "信息已变更,请重新登陆!", ErrMsg: "Token 信息已变更:Token: " + token}) c.StopRun() return } c.JSON(models.BaseResponse{Ret: 408, Msg: "网络异常,请稍后重试!", ErrMsg: "获取用户信息异常,Eerr:" + err.Error()}) c.StopRun() return } if session == nil { c.JSON(models.BaseResponse{Ret: 408, Msg: "网络异常,请稍后重试!", ErrMsg: "sesson is empty "}) c.StopRun() return } account := utils.MD5(session.UserName) if !utils.CheckToken(account, token) { c.JSON(models.BaseResponse{Ret: 408, Msg: "鉴权失败,请重新登录!", ErrMsg: "登录失效,请重新登陆!,CheckToken Fail"}) c.StopRun() return } if time.Now().After(session.ExpiredTime) { c.JSON(models.BaseResponse{Ret: 408, Msg: "请重新登录!", ErrMsg: "获取用户信息异常"}) c.StopRun() return } sysUser, err := models.GetSysUserById(session.SysUserId) if err != nil { if err == orm.ErrNoRows { c.JSON(models.BaseResponse{Ret: 408, Msg: "信息已变更,请重新登陆!", ErrMsg: "获取sysUser信息失败: " + strconv.Itoa(session.SysUserId)}) c.StopRun() return } c.JSON(models.BaseResponse{Ret: 408, Msg: "网络异常,请稍后重试!", ErrMsg: "获取sysUser信息异常,Err:" + err.Error()}) c.StopRun() return } if sysUser == nil { c.JSON(models.BaseResponse{Ret: 408, Msg: "网络异常,请稍后重试!", ErrMsg: "sysUser is empty"}) c.StopRun() return } if !sysUser.IsEnabled { c.JSON(models.BaseResponse{Ret: 408, Msg: "账户信息异常!", ErrMsg: "账户被禁用,不允许登陆!"}) c.StopRun() return } loginKey := fmt.Sprint(utils.CACHE_ACCESS_TOKEN_LOGIN, session.SysSessionId) loginInfo, _ := utils.Rc.RedisString(loginKey) if loginInfo == `` { c.JSON(models.BaseResponse{Ret: 408, Msg: "超时未操作,系统自动退出!", ErrMsg: "超时未操作,系统自动退出!"}) c.StopRun() return } if loginInfo != "1" { msg := "在其他网络登录。此客户端已退出登录。" c.JSON(models.BaseResponse{Ret: 408, Msg: msg, ErrMsg: msg}) c.StopRun() return } c.SysUser = sysUser c.Session = session } } } func (c *BaseAuthController) JSON(data interface{}) error { c.Ctx.Output.Header("Content-Type", "application/json; charset=utf-8") desEncrypt := utils.DesBase64Encrypt([]byte(utils.DesKey), utils.DesKeySalt) c.Ctx.Output.Header("Dk", string(desEncrypt)) // des3加解密key // 设置Cookie为HTTPOnly c.Ctx.SetCookie("", "", -1, "/", "", false, true, "") content, err := json.Marshal(data) if err != nil { http.Error(c.Ctx.Output.Context.ResponseWriter, err.Error(), http.StatusInternalServerError) return err } if utils.RunMode != "debug" { content = utils.DesBase64Encrypt(content, utils.DesKey) content = []byte(`"` + string(content) + `"`) } return c.Ctx.Output.Body(content) }