package services import ( "eta/eta_api/models" "eta/eta_api/models/system" "eta/eta_api/utils" "eta/eta_api/utils/ws" "fmt" "github.com/beego/beego/v2/server/web" "github.com/beego/beego/v2/server/web/context" "net/http" "strings" "time" ) var () func WsAuthenticate() web.FilterFunc { return func(ctx *context.Context) { method := ctx.Input.Method() uri := ctx.Input.URI() if method == "GET" { authorization := ctx.Input.Header("authorization") if authorization == "" { authorization = ctx.Input.Header("Authorization") } if strings.Contains(authorization, ";") { authorization = strings.Replace(authorization, ";", "$", 1) } if authorization == "" { strArr := strings.Split(uri, "?") for k, v := range strArr { fmt.Println(k, v) } if len(strArr) > 1 { authorization = strArr[1] authorization = strings.Replace(authorization, "Authorization", "authorization", -1) } } if authorization == "" { utils.FileLog.Error("authorization为空,未授权") ctx.ResponseWriter.WriteHeader(http.StatusUnauthorized) return } tokenStr := authorization tokenArr := strings.Split(tokenStr, "=") token := tokenArr[1] session, err := system.GetSysSessionByToken(token) if err != nil { if utils.IsErrNoRow(err) { utils.FileLog.Error("authorization已过期") ctx.ResponseWriter.WriteHeader(http.StatusUnauthorized) return } utils.FileLog.Error("authorization查询用户信息失败") ctx.ResponseWriter.WriteHeader(http.StatusBadRequest) return } if session == nil { utils.FileLog.Error("会话不存在") ctx.ResponseWriter.WriteHeader(http.StatusBadRequest) return } //校验token是否合法 // JWT校验Token和Account account := utils.MD5(session.UserName) if !utils.CheckToken(account, token) { utils.FileLog.Error("authorization校验不合法") ctx.ResponseWriter.WriteHeader(http.StatusUnauthorized) return } if time.Now().After(session.ExpiredTime) { utils.FileLog.Error("authorization过期法") ctx.ResponseWriter.WriteHeader(http.StatusUnauthorized) return } admin, err := system.GetSysUserById(session.SysUserId) if err != nil { if utils.IsErrNoRow(err) { utils.FileLog.Error("权限不够") ctx.ResponseWriter.WriteHeader(http.StatusForbidden) return } utils.FileLog.Error("获取用户信息失败") ctx.ResponseWriter.WriteHeader(http.StatusBadRequest) return } if admin == nil { utils.FileLog.Error("权限不够") ctx.ResponseWriter.WriteHeader(http.StatusForbidden) return } //如果不是启用状态 if admin.Enabled != 1 { utils.FileLog.Error("用户被禁用") ctx.ResponseWriter.WriteHeader(http.StatusForbidden) return } //接口权限校验 roleId := admin.RoleId list, e := system.GetMenuButtonApisByRoleId(roleId) if e != nil { utils.FileLog.Error("接口权限查询出错", e) ctx.ResponseWriter.WriteHeader(http.StatusForbidden) return } var api string for _, v := range list { if v.Api != "" { api += v.Api + "&" } } api += "&" + models.BusinessConfMap["PublicApi"] //处理uri请求,去除前缀和参数 api = strings.TrimRight(api, "&") uri = strings.Replace(uri, "/adminapi", "", 1) uris := strings.Split(uri, "?") uri = uris[0] //fmt.Println("uri:", uri) apis := strings.Split(api, "&") apiMap := make(map[string]bool, 0) for _, s := range apis { apiMap[s] = true } if !apiMap[uri] { utils.FileLog.Error("用户无权访问") ctx.ResponseWriter.WriteHeader(http.StatusForbidden) return } ctx.Input.SetData("admin", admin) } else { utils.FileLog.Error("请求方法类型错误") ctx.ResponseWriter.WriteHeader(http.StatusBadRequest) return } } } func StartSessionManager() { ws.GetInstance().Start() }