eta_api/services/ws_service.go

package services

import (
	"eta/eta_api/models"
	"eta/eta_api/models/system"
	"eta/eta_api/utils"
	"eta/eta_api/utils/ws"
	"fmt"
	"github.com/beego/beego/v2/server/web"
	"github.com/beego/beego/v2/server/web/context"
	"net/http"
	"strings"
	"time"
)

var ()

func WsAuthenticate() web.FilterFunc {
	return func(ctx *context.Context) {
		method := ctx.Input.Method()
		uri := ctx.Input.URI()
		if method == "POST" || method == "GET" {
			authorization := ctx.Input.Header("authorization")
			if authorization == "" {
				authorization = ctx.Input.Header("Authorization")
			}
			if strings.Contains(authorization, ";") {
				authorization = strings.Replace(authorization, ";", "$", 1)
			}
			if authorization == "" {
				strArr := strings.Split(uri, "?")
				for k, v := range strArr {
					fmt.Println(k, v)
				}
				if len(strArr) > 1 {
					authorization = strArr[1]
					authorization = strings.Replace(authorization, "Authorization", "authorization", -1)
				}
			}
			if authorization == "" {
				utils.FileLog.Error("authorization为空,未授权")
				ctx.ResponseWriter.WriteHeader(http.StatusUnauthorized)
				return
			}
			tokenStr := authorization
			tokenArr := strings.Split(tokenStr, "=")
			token := tokenArr[1]

			session, err := system.GetSysSessionByToken(token)
			if err != nil {
				if utils.IsErrNoRow(err) {
					utils.FileLog.Error("authorization已过期")
					ctx.ResponseWriter.WriteHeader(http.StatusUnauthorized)
					return
				}
				utils.FileLog.Error("authorization查询用户信息失败")
				ctx.ResponseWriter.WriteHeader(http.StatusBadRequest)
				return
			}
			if session == nil {
				utils.FileLog.Error("会话不存在")
				ctx.ResponseWriter.WriteHeader(http.StatusBadRequest)
				return
			}
			//校验token是否合法
			// JWT校验Token和Account
			account := utils.MD5(session.UserName)
			if !utils.CheckToken(account, token) {
				utils.FileLog.Error("authorization校验不合法")
				ctx.ResponseWriter.WriteHeader(http.StatusUnauthorized)
				return
			}
			if time.Now().After(session.ExpiredTime) {
				utils.FileLog.Error("authorization过期法")
				ctx.ResponseWriter.WriteHeader(http.StatusUnauthorized)
				return
			}
			admin, err := system.GetSysUserById(session.SysUserId)
			if err != nil {
				if utils.IsErrNoRow(err) {
					utils.FileLog.Error("权限不够")
					ctx.ResponseWriter.WriteHeader(http.StatusForbidden)
					return
				}
				utils.FileLog.Error("获取用户信息失败")
				ctx.ResponseWriter.WriteHeader(http.StatusBadRequest)
				return
			}
			if admin == nil {
				utils.FileLog.Error("权限不够")
				ctx.ResponseWriter.WriteHeader(http.StatusForbidden)
				return
			}
			//如果不是启用状态
			if admin.Enabled != 1 {
				utils.FileLog.Error("用户被禁用")
				ctx.ResponseWriter.WriteHeader(http.StatusForbidden)
				return
			}

			//接口权限校验
			roleId := admin.RoleId
			list, e := system.GetMenuButtonApisByRoleId(roleId)
			if e != nil {
				utils.FileLog.Error("接口权限查询出错", e)
				ctx.ResponseWriter.WriteHeader(http.StatusForbidden)
				return
			}
			var api string
			for _, v := range list {
				if v.Api != "" {
					api += v.Api + "&"
				}
			}
			api += "&" + models.BusinessConfMap["PublicApi"]
			//处理uri请求，去除前缀和参数
			api = strings.TrimRight(api, "&")
			uri = strings.Replace(uri, "/adminapi", "", 1)
			uris := strings.Split(uri, "?")
			uri = uris[0]
			//fmt.Println("uri:", uri)
			apis := strings.Split(api, "&")
			apiMap := make(map[string]bool, 0)
			for _, s := range apis {
				apiMap[s] = true
			}
			if !apiMap[uri] {
				utils.FileLog.Error("用户无权访问")
				ctx.ResponseWriter.WriteHeader(http.StatusForbidden)
				return
			}
			ctx.Input.SetData("admin", admin)
		} else {
			utils.FileLog.Error("请求方法类型错误")
			ctx.ResponseWriter.WriteHeader(http.StatusBadRequest)
			return
		}
	}
}

func StartSessionManager() {
	ws.GetInstance().Start()
}