| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247 |
- package middleware
- import (
- "eta/eta_mini_ht_api/common/component/cache"
- logger "eta/eta_mini_ht_api/common/component/log"
- "eta/eta_mini_ht_api/common/exception"
- "eta/eta_mini_ht_api/common/utils/jwt"
- "eta/eta_mini_ht_api/common/utils/redis"
- stringUtils "eta/eta_mini_ht_api/common/utils/string"
- "eta/eta_mini_ht_api/controllers"
- "eta/eta_mini_ht_api/service/user"
- "fmt"
- "github.com/beego/beego/v2/server/web"
- "github.com/beego/beego/v2/server/web/context"
- "strings"
- )
- var (
- rdCache *cache.RedisCache
- )
- const (
- ILLEGALUSER = "用户信息异常"
- UNAUTHORIZED = "请重新登录"
- TOKENEXPIRED = "token过期"
- LOGINREQURED = "重新登录"
- FORBIDDEN = "禁止访问"
- NOTFOUND = "未找到"
- authorization = "Authorization"
- baseUrl = "/htapi"
- Bearer = "Bearer"
- )
- func rd() *cache.RedisCache {
- if rdCache == nil {
- rdCache = cache.GetInstance()
- }
- return rdCache
- }
- var detailRoutes = []string{
- "/media/media",
- "/report/report",
- "/media/list",
- "/media/search",
- }
- var publicRoutes = []string{
- "/auth/areaCodes",
- "/auth/wxAppid",
- "/auth/notice",
- "/auth/disclaimer",
- "/auth/refreshToken",
- "/auth/sendCode",
- "/user/bind_gzh",
- "/user/wx/notify",
- "/webhook/*",
- }
- var privateRoutes = []string{
- "/user/profile",
- "/user/followAnalyst",
- "/user/followAnalysts",
- "/user/followingAnalystList",
- "/user/readMessages",
- "/user/readMessage",
- "/user/feedback",
- "/user/checkFollowStatus",
- "/user/followingAnalysts",
- "/user/message",
- "/analyst/analystDetail",
- "/analyst/list",
- "/media/count",
- "/report/count",
- }
- func AuthMiddleware() web.FilterFunc {
- return func(ctx *context.Context) {
- path := ctx.Input.URL()
- logger.Info("请求路径:%v", path)
- if !allowed(path) {
- rep := unAuthorized()
- auth := ctx.Input.Header(authorization)
- if auth == "" {
- logger.Error("token信息不存在")
- _ = ctx.JSONResp(rep)
- return
- }
- parts := strings.Split(auth, " ")
- if len(parts) != 2 || parts[0] != Bearer {
- logger.Error("token参数不符合格式" + auth)
- _ = ctx.JSONResp(rep)
- return
- }
- info, err := jwt.CheckToken(parts[1])
- if err != nil {
- logger.Error("token无效:%v", err)
- _ = ctx.JSONResp(rep)
- return
- }
- //组装用户信息
- var userInfo user.User
- userInfo, err = user.GetUserByOpenId(info.OpenId)
- if err != nil {
- logger.Error("获取用户信息失败:%v", err)
- _ = ctx.JSONResp(illegalUser())
- return
- }
- //校验redis中是否合法
- redisToken := rd().GetString(redis.GenerateTokenKey(info.OpenId))
- if redisToken == "" {
- logger.Error("token无效:token已失效")
- //重置用户状态为登出
- //err = userService.UserLogout(userInfo.Id)
- //if err != nil {
- // logger.Error("重置用户状态失败:%v", err)
- //}
- _ = ctx.JSONResp(tokenExpired())
- return
- }
- if redisToken != parts[1] {
- logger.Error("token无效:用户token已刷新")
- _ = ctx.JSONResp(tokenExpired())
- return
- }
- if needCheckLoginStatus(path) {
- if info.TokenType != jwt.AccessToken || info.Mobile == "-" || info.Mobile == "" {
- logger.Error("token信息异常,当前token类型为:%v", jwt.GuestToken)
- _ = ctx.JSONResp(LoginRequired())
- return
- }
- }
- //详情信息需要登录token才能看到全部
- if loginForDetail(path) {
- if info.TokenType != jwt.AccessToken || info.Mobile == "-" || info.Mobile == "" {
- ctx.Input.SetData("detailType", "logout")
- } else {
- ctx.Input.SetData("detailType", "login")
- }
- }
- //if userInfo.Mobile == "-" && path != baseUrl+"/auth/login" {
- // logger.Error("用户手机号为空:%v", err)
- // _ = ctx.JSONResp(illegalUser())
- // return
- //}
- ctx.Input.SetData("user", userInfo)
- return
- }
- return
- }
- }
- func unAuthorized() controllers.BaseResponse {
- return controllers.BaseResponse{
- Ret: 401,
- Msg: UNAUTHORIZED,
- ErrMsg: exception.GetMsg(exception.Unauthorized),
- }
- }
- func webhookUnauthorized(message string) controllers.BaseResponse {
- return controllers.BaseResponse{
- Ret: 401,
- Msg: message,
- ErrMsg: exception.GetMsg(exception.Unauthorized),
- }
- }
- func tokenExpired() controllers.BaseResponse {
- return controllers.BaseResponse{
- Ret: 401,
- Msg: TOKENEXPIRED,
- ErrMsg: exception.GetMsg(exception.Unauthorized),
- }
- }
- func LoginRequired() controllers.BaseResponse {
- return controllers.BaseResponse{
- Ret: 408,
- Msg: LOGINREQURED,
- ErrMsg: exception.GetMsg(exception.Unauthorized),
- }
- }
- func illegalUser() controllers.BaseResponse {
- return controllers.BaseResponse{
- Ret: 401,
- Msg: ILLEGALUSER,
- ErrMsg: exception.GetMsg(exception.Unauthorized),
- }
- }
- func allowed(path string) bool {
- for _, p := range publicRoutes {
- if stringUtils.IsBlank(p) {
- continue
- }
- src := baseUrl + p
- if strings.HasSuffix(p, "*") {
- target := src[:len(src)-1]
- fmt.Println("target:" + target)
- if strings.HasPrefix(path, target) {
- return true
- }
- } else {
- if src == path {
- return true
- }
- }
- }
- return false
- }
- func loginForDetail(path string) bool {
- for _, p := range detailRoutes {
- if stringUtils.IsBlank(p) {
- continue
- }
- src := baseUrl + p
- if strings.HasSuffix(p, "*") {
- target := src[:len(src)-1]
- if strings.HasPrefix(path, target) {
- return true
- }
- } else {
- if src == path {
- return true
- }
- }
- }
- return false
- }
- func needCheckLoginStatus(path string) bool {
- for _, p := range privateRoutes {
- if stringUtils.IsBlank(p) {
- continue
- }
- src := baseUrl + p
- if strings.HasSuffix(p, "*") {
- target := src[:len(src)-1]
- if strings.HasPrefix(path, target) {
- return true
- }
- } else {
- if src == path {
- return true
- }
- }
- }
- return false
- }
|
