eta_mini
/
eta_mini_crm


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122
							package controllers

import (
	"encoding/json"
	"eta/eta_mini_crm/models"
	"eta/eta_mini_crm/utils"
	"fmt"
	"net/http"
	"strconv"
	"strings"
	"time"

	"github.com/beego/beego/v2/client/orm"
	"github.com/beego/beego/v2/server/web"
)

type BaseAuthController struct {
	web.Controller
	SysUser *models.SysUser
	Session *models.SysSession
}

func (c *BaseAuthController) Prepare() {
	method := c.Ctx.Input.Method()
	// uri := c.Ctx.Input.URI()
	if method != "HEAD" {
		if method == "POST" || method == "GET" {
			authorization := c.Ctx.Input.Header("authorization")
			if authorization == "" {
				c.JSON(models.BaseResponse{Ret: 408, Msg: "请重新授权！", ErrMsg: "请重新授权:Token is empty or account is empty"})
				c.StopRun()
				return
			}
			tokenStr := authorization
			tokenArr := strings.Split(tokenStr, "=")
			token := tokenArr[1]

			session, err := models.GetSysSessionByToken(token)
			if err != nil {
				if err == orm.ErrNoRows {
					c.JSON(models.BaseResponse{Ret: 408, Msg: "信息已变更,请重新登陆！", ErrMsg: "Token 信息已变更:Token: " + token})
					c.StopRun()
					return
				}
				c.JSON(models.BaseResponse{Ret: 408, Msg: "网络异常，请稍后重试!", ErrMsg: "获取用户信息异常，Eerr:" + err.Error()})
				c.StopRun()
				return
			}
			if session == nil {
				c.JSON(models.BaseResponse{Ret: 408, Msg: "网络异常，请稍后重试!", ErrMsg: "sesson is empty "})
				c.StopRun()
				return
			}
			account := utils.MD5(session.UserName)
			if !utils.CheckToken(account, token) {
				c.JSON(models.BaseResponse{Ret: 408, Msg: "鉴权失败，请重新登录！", ErrMsg: "登录失效，请重新登陆!,CheckToken Fail"})
				c.StopRun()
				return
			}
			if time.Now().After(session.ExpiredTime) {
				c.JSON(models.BaseResponse{Ret: 408, Msg: "请重新登录!", ErrMsg: "获取用户信息异常"})
				c.StopRun()
				return
			}
			sysUser, err := models.GetSysUserById(session.SysUserId)
			if err != nil {
				if err == orm.ErrNoRows {
					c.JSON(models.BaseResponse{Ret: 408, Msg: "信息已变更,请重新登陆！", ErrMsg: "获取sysUser信息失败: " + strconv.Itoa(session.SysUserId)})
					c.StopRun()
					return
				}
				c.JSON(models.BaseResponse{Ret: 408, Msg: "网络异常，请稍后重试!", ErrMsg: "获取sysUser信息异常，Err:" + err.Error()})
				c.StopRun()
				return
			}
			if sysUser == nil {
				c.JSON(models.BaseResponse{Ret: 408, Msg: "网络异常，请稍后重试!", ErrMsg: "sysUser is empty"})
				c.StopRun()
				return
			}
			if !sysUser.IsEnabled {
				c.JSON(models.BaseResponse{Ret: 408, Msg: "账户信息异常！", ErrMsg: "账户被禁用，不允许登陆!"})
				c.StopRun()
				return
			}
			loginKey := fmt.Sprint(utils.CACHE_ACCESS_TOKEN_LOGIN, session.SysSessionId)
			loginInfo, _ := utils.Rc.RedisString(loginKey)
			if loginInfo == `` {
				c.JSON(models.BaseResponse{Ret: 408, Msg: "超时未操作，系统自动退出！", ErrMsg: "超时未操作，系统自动退出！"})
				c.StopRun()
				return
			}
			if loginInfo != "1" {
				msg := "在其他网络登录。此客户端已退出登录。"
				c.JSON(models.BaseResponse{Ret: 408, Msg: msg, ErrMsg: msg})
				c.StopRun()
				return
			}
			c.SysUser = sysUser
			c.Session = session
		}
	}
}

func (c *BaseAuthController) JSON(data interface{}) error {
	c.Ctx.Output.Header("Content-Type", "application/json; charset=utf-8")
	desEncrypt := utils.DesBase64Encrypt([]byte(utils.DesKey), utils.DesKeySalt)
	c.Ctx.Output.Header("Dk", string(desEncrypt)) // des3加解密key
	// 设置Cookie为HTTPOnly
	c.Ctx.SetCookie("", "", -1, "/", "", false, true, "")

	content, err := json.Marshal(data)
	if err != nil {
		http.Error(c.Ctx.Output.Context.ResponseWriter, err.Error(), http.StatusInternalServerError)
		return err
	}
	if utils.RunMode != "debug" {
		content = utils.DesBase64Encrypt(content, utils.DesKey)
		content = []byte(`"` + string(content) + `"`)
	}
	return c.Ctx.Output.Body(content)
}