jwt.go 4.9 KB

原文件审查历史永久链接

package middleware

import (
	"fmt"
	log1 "log"
	"net/http"
	"net/url"

	"github.com/beego/beego/v2/server/web"
	"github.com/beego/beego/v2/server/web/context"
	"gitlab.fjmaimaimai.com/allied-creation/allied-creation-gateway/pkg/domain"
	"gitlab.fjmaimaimai.com/allied-creation/allied-creation-gateway/pkg/infrastructure/cache"
	"gitlab.fjmaimaimai.com/allied-creation/allied-creation-gateway/pkg/log"
)

type CtxKeyLoginToken struct{}

func JWTAuth(ctx *context.Context) {

}

func CheckAccessToken(next web.FilterFunc) web.FilterFunc {
	return func(ctx *context.Context) {
		tokenStr := ctx.Input.Header("x-mmm-accesstoken")
		filterMap := map[string]string{
			"/v1/auth/login/pwd":                         "",
			"/v1/auth/login/sms":                         "",
			"/v1/auth/login/qrcode":                      "",
			"/v1/auth/org-switch":                        "",
			"/v1/user/company-orgs":                      "",
			"/v1/auth/captcha-init":                      "",
			"/v1/auth/qrcode-init":                       "",
			"/v1/auth/sms-code":                          "",
			"/v1/auth/check-sms-code":                    "",
			"/v1/auth/company-sign-up":                   "",
			"/v1/auth/reset-password":                    "",
			"/v1/auth/refresh-token":                     "",
			"/v1/app/cooperation-projects/person/search": "",
		}
		var err error
		if filterUrl, err := url.Parse(ctx.Request.RequestURI); err == nil {
			// 不需要验证的接口
			if _, ok := filterMap[filterUrl.Path]; ok {
				next(ctx)
				return
			}
		} else {
			log.Logger.Error("parse url error:" + err.Error())
		}
		defer func() {
			if err != nil {
				ctx.Output.SetStatus(http.StatusOK)
				ctx.Output.JSON(map[string]interface{}{
					"msg":  domain.ParseCodeMsg(domain.InvalidAccessToken),
					"code": domain.InvalidAccessToken,
					"data": struct{}{},
				}, false, false)
			}
		}()

		tk := &domain.LoginToken{}
		err = tk.ParseToken(tokenStr)
		if err != nil {
			log.Logger.Error(err.Error())
			return
		}
		platform := domain.ParsePlatform(ctx.Input.Header("x-mmm-devicetype"))
		// redis缓存
		tokenCache := cache.LoginTokenCache{}
		token, err := tokenCache.GetAccessToken(tk.Account, platform)
		if err != nil {
			log.Logger.Error(err.Error())
			return
		}
		if token != tokenStr {
			log1.Println("token not equal  \n" + tk.Account + "\n" + tokenStr + "\n" + token)
			err = fmt.Errorf("access token not exists")
			return
		}
		ctx.Input.SetData(CtxKeyLoginToken{}, tk)
		next(ctx)
	}
}

func NewCtxLoginToken(ctx *context.Context, tk domain.LoginToken) {
	ctx.Input.SetData(CtxKeyLoginToken{}, domain.LoginToken{})
}

func FormCtxLoginToken(ctx *context.Context) (domain.LoginToken, bool) {
	val := ctx.Input.GetData(CtxKeyLoginToken{})
	if v, ok := val.(domain.LoginToken); ok {
		return v, true
	}
	return domain.LoginToken{}, false
}

func CheckAccessToken2() web.FilterFunc {
	return func(ctx *context.Context) {
		tokenStr := ctx.Input.Header("x-mmm-accesstoken")
		filterMap := map[string]string{
			"/v1/auth/login/pwd":                         "",
			"/v1/auth/login/sms":                         "",
			"/v1/auth/login/qrcode":                      "",
			"/v1/auth/org-switch":                        "",
			"/v1/user/company-orgs":                      "",
			"/v1/auth/captcha-init":                      "",
			"/v1/auth/qrcode-init":                       "",
			"/v1/auth/sms-code":                          "",
			"/v1/auth/check-sms-code":                    "",
			"/v1/auth/company-sign-up":                   "",
			"/v1/auth/reset-password":                    "",
			"/v1/auth/refresh-token":                     "",
			"/v1/app/cooperation-projects/person/search": "",
			"/v1/common/dictionary/search":               "",
			"/v1/common/app-sharing":                     "",
			"/v1/user/cooperation-org":                   "",
		}
		var err error
		if filterUrl, err := url.Parse(ctx.Request.RequestURI); err == nil {
			// 不需要验证的接口
			if _, ok := filterMap[filterUrl.Path]; ok {
				return
			}
		} else {
			log.Logger.Error("parse url error:" + err.Error())
		}
		defer func() {
			if err != nil {
				ctx.Output.SetStatus(http.StatusOK)
				ctx.Output.JSON(map[string]interface{}{
					"msg":  domain.ParseCodeMsg(domain.InvalidAccessToken),
					"code": domain.InvalidAccessToken,
					"data": struct{}{},
				}, false, false)
			}
		}()

		tk := &domain.LoginToken{}
		err = tk.ParseToken(tokenStr)
		if err != nil {
			log.Logger.Error(err.Error())
			return
		}
		// platform := domain.ParsePlatform(ctx.Input.Header("x-mmm-devicetype"))
		// //redis缓存
		// tokenCache := cache.LoginTokenCache{}
		// token, err := tokenCache.GetAccessToken(tk.Account, platform)
		// if err != nil {
		// 	log.Logger.Error(err.Error())
		// 	return
		// }
		// if token != tokenStr {
		// 	log1.Println("token not equal  \n" + tk.Account + "\n" + tokenStr + "\n" + token)
		// 	err = fmt.Errorf("access token not exists")
		// 	return
		// }
		ctx.Input.SetData(CtxKeyLoginToken{}, tk)
	}
}