作者 tangxuhui
... ... @@ -3,6 +3,7 @@ module gitlab.fjmaimaimai.com/allied-creation/allied-creation-gateway
go 1.16
require (
github.com/GeeTeam/gt3-golang-sdk v0.0.0-20200116043922-446ca8a507d2
github.com/beego/beego/v2 v2.0.1
github.com/dgrijalva/jwt-go v3.2.0+incompatible
github.com/go-pg/pg/v10 v10.10.1
... ...
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/GeeTeam/gt3-golang-sdk v0.0.0-20200116043922-446ca8a507d2 h1:KBk8MKqHvIztjEW4KAKnR9VPT4iTZYz0D4Ju0GFVsV0=
github.com/GeeTeam/gt3-golang-sdk v0.0.0-20200116043922-446ca8a507d2/go.mod h1:vqCh/LExdPmL5SULXE/9DHbuE4t3iLkzRYoNGxEvg/o=
github.com/Knetic/govaluate v3.0.0+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
github.com/Shopify/sarama v1.25.0 h1:ch1ywjRLjfJtU+EaiJ+l0rWffQ6TRpyYmW4DX7Cb2SU=
github.com/Shopify/sarama v1.25.0/go.mod h1:y/CFFTO9eaMTNriwu/Q+W4eioLqiDMGkA1W+gmdfj8w=
... ...
... ... @@ -9,6 +9,7 @@ import (
type AccessTokenCommand struct {
AuthCode string `json:"authCode" valid:"Required"`
SessionMode int `json:"sessionMode"`
LoginPlatform string `json:"-"`
}
func (orgAddCommand *AccessTokenCommand) Valid(validation *validation.Validation) {
... ...
... ... @@ -12,6 +12,7 @@ type LoginCommand struct {
Password string `json:"password"`
Captcha string `json:"captcha"`
SessionMode int `json:"sessionMode"`
DeviceType string `json:"-"`
}
func (orgAddCommand *LoginCommand) Valid(validation *validation.Validation) {
... ...
... ... @@ -9,6 +9,7 @@ import (
type LoginPwdCommand struct {
Username string `json:"username" valid:"Required"`
Password string `json:"password"`
DeviceType string `json:"-"`
// 图形验证码操作成功的识别字段,服务端需使用图形验证插件(geetest)提供的验证模块
// 对相应数据进行验证,用以确定该次请求为用户手动操作的正确行为
CaptchaChallenge string `json:"captchaChallenge"`
... ...
... ... @@ -10,6 +10,7 @@ type LoginSmsCommand struct {
Phone string `json:"phone" valid:"Required"`
Code string `json:"code" valid:"Required"` //登录方式(signInPassword 密码登录、signInCaptcha 验证码登录)
SessionMode int `json:"sessionMode"`
DeviceType string `json:"-"`
}
func (cmd *LoginSmsCommand) Valid(validation *validation.Validation) {
... ...
... ... @@ -3,4 +3,5 @@ package query
type QrcodeLoginStatusQuery struct {
Key string `json:"key"`
SessionMode int `json:"sessionMode"`
DeviceType string `json:"-"`
}
... ...
package query
type CaptchaInitRequest struct {
UserIp string `json:"userIp" valid:"Required"`
}
func (CaptchaInitRequest *CaptchaInitRequest) ValidateCommand() error {
//valid := validation.Validation{}
//b, err := valid.Valid(CaptchaInitRequest)
//if err != nil {
// return err
//}
//if !b {
// for _, validErr := range valid.Errors {
// return fmt.Errorf("%s %s", validErr.Key, validErr.Message)
// }
//}
return nil
}
... ...
package service
import (
"github.com/GeeTeam/gt3-golang-sdk/geetest"
"github.com/google/uuid"
"github.com/linmadan/egglib-go/utils/json"
"gitlab.fjmaimaimai.com/allied-creation/allied-creation-gateway/pkg/application/auth/query"
"gitlab.fjmaimaimai.com/allied-creation/allied-creation-gateway/pkg/application/web/auth/dto"
"time"
... ... @@ -17,17 +19,26 @@ import (
"gitlab.fjmaimaimai.com/allied-creation/allied-creation-gateway/pkg/infrastructure/service_gateway/sms_serve"
)
const (
captchaID = "33a2abf9c5df0d6bc3b89fb39280114b"
privateKey = "13320fd2b10199e9a2440a4fbb4d46f7"
)
// 组织管理
type AuthService struct {
}
//AuthLogin 用户登录
func (srv AuthService) AuthLogin(loginCommand *command.LoginCommand) (interface{}, error) {
func (svr AuthService) AuthLogin(loginCommand *command.LoginCommand) (interface{}, error) {
var (
authCode string
result interface{}
err error
loginPlatform string = domain.LoginPlatformApp
)
if loginCommand.DeviceType == domain.DeviceTypeWeb {
loginPlatform = domain.LoginPlatformWeb
}
creationUserGateway := allied_creation_user.NewHttplibAlliedCreationUser(domain.Operator{})
_, err = creationUserGateway.AuthRefreshIM(allied_creation_user.ReqAuthRefreshIM{
Phone: loginCommand.Phone,
... ... @@ -36,16 +47,20 @@ func (srv AuthService) AuthLogin(loginCommand *command.LoginCommand) (interface{
return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
}
switch loginCommand.GrantType {
case "signInPassword":
authCode, err = srv.SignInPassword(loginCommand.Phone, loginCommand.Password)
case "signInCaptcha":
authCode, err = srv.SignInCaptcha(loginCommand.Phone, loginCommand.Captcha)
case domain.LoginPwd:
authCode, err = svr.SignInPassword(loginCommand.Phone, loginCommand.Password, loginPlatform)
case domain.LoginSmsCode:
authCode, err = svr.SignInCaptcha(loginCommand.Phone, loginCommand.Captcha, loginPlatform)
default:
err = application.ThrowError(application.TRANSACTION_ERROR, "登录方式无法解析")
}
result, err = srv.GetAuthAccessToken(&command.AccessTokenCommand{
if err != nil {
return nil, application.ThrowError(application.BUSINESS_ERROR, err.Error())
}
result, err = svr.GetAuthAccessToken(&command.AccessTokenCommand{
AuthCode: authCode,
SessionMode: loginCommand.SessionMode,
LoginPlatform: loginPlatform,
})
return map[string]interface{}{
"access": result,
... ... @@ -53,7 +68,7 @@ func (srv AuthService) AuthLogin(loginCommand *command.LoginCommand) (interface{
}
//AuthLogin 用户登录
func (srv AuthService) AuthLoginPwd(loginCommand *command.LoginPwdCommand) (interface{}, error) {
func (svr AuthService) AuthLoginPwd(loginCommand *command.LoginPwdCommand) (interface{}, error) {
if err := loginCommand.ValidateCommand(); err != nil {
return nil, application.ThrowError(application.ARG_ERROR, err.Error())
}
... ... @@ -63,11 +78,18 @@ func (srv AuthService) AuthLoginPwd(loginCommand *command.LoginPwdCommand) (inte
Password: loginCommand.Password,
SessionMode: loginCommand.SessionMode,
}
return srv.AuthLogin(login)
if len(loginCommand.CaptchaChallenge) > 0 {
geetest := geetest.NewGeetestLib(captchaID, privateKey, 2*time.Second)
validateResult := geetest.SuccessValidate(loginCommand.CaptchaChallenge, loginCommand.CaptchaValidate, loginCommand.CaptchaSeccode, "", "")
if !validateResult {
log.Logger.Error("validate captcha fail")
}
}
return svr.AuthLogin(login)
}
//AuthLogin 用户登录
func (srv AuthService) AuthLoginSms(loginCommand *command.LoginSmsCommand) (interface{}, error) {
func (svr AuthService) AuthLoginSms(loginCommand *command.LoginSmsCommand) (interface{}, error) {
if err := loginCommand.ValidateCommand(); err != nil {
return nil, application.ThrowError(application.ARG_ERROR, err.Error())
}
... ... @@ -77,11 +99,44 @@ func (srv AuthService) AuthLoginSms(loginCommand *command.LoginSmsCommand) (inte
Captcha: loginCommand.Code,
SessionMode: loginCommand.SessionMode,
}
return srv.AuthLogin(login)
return svr.AuthLogin(login)
}
//AuthLoginQrcode 扫码登录
func (svr AuthService) AuthLoginQrcode(queryParam *query.QrcodeLoginStatusQuery) (interface{}, error) {
qrmsg := domain.QrcodeMessage{}
err := qrmsg.ParseToken(queryParam.Key)
if err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
}
qrCache := cache.LoginQrcodeCache{}
qrmsgCache, err := qrCache.Get(qrmsg.Id)
if err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
}
loginToken := domain.LoginToken{
UserId: qrmsgCache.UserId,
UserBaseId: qrmsgCache.UserBaseId,
Account: qrmsgCache.Account,
Platform: domain.LoginPlatformWeb,
CompanyId: qrmsgCache.CompanyId,
OrgId: qrmsgCache.OrgId,
}
accessToken, err := loginToken.GenerateAccessToken()
if err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
}
_ = accessToken
result, err := svr.getToken(loginToken)
data := map[string]interface{}{
"isLogin": qrmsgCache.IsLogin,
"access": result["token"],
}
return data, nil
}
//SendSmsCaptcha 发送验证码短信
func (srv AuthService) SendSmsCaptcha(smsCodeCommand *command.SendSmsCodeCommand) error {
func (svr AuthService) SendSmsCaptcha(smsCodeCommand *command.SendSmsCodeCommand) error {
smsServeGateway := sms_serve.NewHttplibHttplibSmsServe()
err := smsServeGateway.SendSms(smsCodeCommand.Phone)
if err != nil {
... ... @@ -91,7 +146,7 @@ func (srv AuthService) SendSmsCaptcha(smsCodeCommand *command.SendSmsCodeCommand
}
//SignInPassword 使用账号密码校验
func (srv AuthService) SignInPassword(account string, password string) (string, error) {
func (svr AuthService) SignInPassword(account string, password string, loginPlatform string) (string, error) {
creationUserGateway := allied_creation_user.NewHttplibAlliedCreationUser(domain.Operator{})
_, err := creationUserGateway.AuthCheckPassword(allied_creation_user.ReqAuthCheckPassword{
Password: password,
... ... @@ -103,7 +158,7 @@ func (srv AuthService) SignInPassword(account string, password string) (string,
ltoken := domain.LoginToken{
UserId: 0,
Account: account,
Platform: domain.LoginPlatformApp,
Platform: loginPlatform,
CompanyId: 0,
}
authcode, err := ltoken.GenerateAuthCode()
... ... @@ -117,7 +172,7 @@ func (srv AuthService) SignInPassword(account string, password string) (string,
}
//SignInCaptcha 使用手机验证码登录
func (srv AuthService) SignInCaptcha(phone string, captcha string) (string, error) {
func (svr AuthService) SignInCaptcha(phone string, captcha string, loginPlatform string) (string, error) {
smsServeGateway := sms_serve.NewHttplibHttplibSmsServe()
err := smsServeGateway.CheckSmsCode(phone, captcha)
if err != nil {
... ... @@ -126,7 +181,7 @@ func (srv AuthService) SignInCaptcha(phone string, captcha string) (string, erro
ltoken := domain.LoginToken{
UserId: 0,
Account: phone,
Platform: domain.LoginPlatformApp,
Platform: loginPlatform,
CompanyId: 0,
}
authcode, err := ltoken.GenerateAuthCode()
... ... @@ -137,7 +192,7 @@ func (srv AuthService) SignInCaptcha(phone string, captcha string) (string, erro
}
//GetAuthAccessToken 获取令牌Token
func (srv AuthService) GetAuthAccessToken(accessTokenCommand *command.AccessTokenCommand) (interface{}, error) {
func (svr AuthService) GetAuthAccessToken(accessTokenCommand *command.AccessTokenCommand) (interface{}, error) {
if err := accessTokenCommand.ValidateCommand(); err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
}
... ... @@ -146,138 +201,12 @@ func (srv AuthService) GetAuthAccessToken(accessTokenCommand *command.AccessToke
if err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
}
phone := ltoken.Account
creationUserGateway := allied_creation_user.NewHttplibAlliedCreationUser(domain.Operator{})
userSeachResult, err := creationUserGateway.UserSearch(allied_creation_user.ReqUserSearch{
CompanyId: ltoken.CompanyId,
Phone: phone,
})
if err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
}
if len(userSeachResult.Users) == 0 {
return nil, application.ThrowError(application.TRANSACTION_ERROR, "获取用户信息失败")
}
transactionContext, err := factory.CreateTransactionContext(nil)
if err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
}
if err := transactionContext.StartTransaction(); err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
}
defer func() {
transactionContext.RollbackTransaction()
}()
var loginAccessRepository domain.LoginAccessRepository
if loginAccessRepository, err = factory.CreateLoginAccessRepository(map[string]interface{}{
"transactionContext": transactionContext,
}); err != nil {
return nil, application.ThrowError(application.INTERNAL_SERVER_ERROR, err.Error())
}
_, lAccess, err := loginAccessRepository.Find(map[string]interface{}{
"account": phone,
"platform": domain.LoginPlatformApp,
})
if err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
}
var currentAccess *domain.LoginAccess
if len(lAccess) > 0 {
currentAccess = lAccess[0]
currentAccess.UpdatedTime = time.Now()
} else {
currentAccess = &domain.LoginAccess{
UserBaseId: int64(userSeachResult.Users[0].UserBaseId),
UserId: int64(userSeachResult.Users[0].UserId),
Account: userSeachResult.Users[0].UserInfo.Phone,
Platform: domain.LoginPlatformApp,
OrganizationId: int64(userSeachResult.Users[0].Org.OrgId),
AccessToken: "",
RefreshToken: "",
AccessExpired: 0,
RefreshExpired: 0,
CreatedTime: time.Now(),
UpdatedTime: time.Now(),
}
if userSeachResult.Users[0].Company != nil {
currentAccess.CompanyId = int64(userSeachResult.Users[0].Company.CompanyId)
}
}
//判定当前凭证的companyId,OrganizationId 是否在用户列表中
var currentOrgIsOK bool
loopUser1:
for _, v := range userSeachResult.Users {
if v.Company.CompanyId == int(currentAccess.CompanyId) {
for _, vv := range v.UserOrg {
if vv.OrgID == int(currentAccess.OrganizationId) {
currentOrgIsOK = true
currentAccess.UserId = int64(v.UserId)
currentAccess.UserBaseId = int64(v.UserBaseId)
break loopUser1
}
}
}
}
//记录上一次的登录公司组织信息不可用 ,重置登录记录
//使用找到的第一个可用的公司组织
if !currentOrgIsOK {
loopUser2:
for _, v := range userSeachResult.Users {
currentAccess.CompanyId = int64(v.Company.CompanyId)
for _, vv := range v.UserOrg {
currentAccess.UserId = int64(v.UserId)
currentAccess.UserBaseId = int64(v.UserBaseId)
currentAccess.OrganizationId = int64(vv.OrgID)
currentOrgIsOK = true
break loopUser2
}
}
}
loginToken := domain.LoginToken{
UserId: currentAccess.UserId,
Account: currentAccess.Account,
UserBaseId: currentAccess.UserBaseId,
CompanyId: currentAccess.CompanyId,
OrgId: currentAccess.OrganizationId,
Platform: currentAccess.Platform,
}
accessTokenStr, err := loginToken.GenerateAccessToken()
if err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
}
currentAccess.AccessToken = accessTokenStr
currentAccess.AccessExpired = loginToken.ExpiresAt
refreshTokenStr, err := loginToken.GenerateRefreshToken()
if err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
}
currentAccess.RefreshToken = refreshTokenStr
currentAccess.AccessExpired = loginToken.ExpiresAt
//先存数据库
_, err = loginAccessRepository.Save(currentAccess)
if err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
}
if err := transactionContext.CommitTransaction(); err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
}
//后处理redis缓存
tokenCache := cache.LoginTokenCache{}
tokenCache.RemoveAccessToken(currentAccess.Account, domain.LoginPlatformApp)
tokenCache.RemoveRefreshToken(currentAccess.Account, domain.LoginPlatformApp)
tokenCache.SaveAccessToken(currentAccess)
tokenCache.SaveRefreshToken(currentAccess)
nowTime := time.Now().Unix()
return map[string]interface{}{
"refreshToken": accessTokenStr,
"accessToken": refreshTokenStr,
"expiresIn": currentAccess.AccessExpired - nowTime,
}, nil
ltoken.Platform = accessTokenCommand.LoginPlatform
result, err := svr.getToken(*ltoken)
return result["token"], err
}
func (srv AuthService) RefreshAuthAccessToken(refreshTokenCommand *command.RefreshTokenCommand) (interface{}, error) {
func (svr AuthService) RefreshAuthAccessToken(refreshTokenCommand *command.RefreshTokenCommand) (interface{}, error) {
if err := refreshTokenCommand.ValidateCommand(); err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
}
... ... @@ -286,113 +215,15 @@ func (srv AuthService) RefreshAuthAccessToken(refreshTokenCommand *command.Refre
if err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, "refreshToken 不可用,"+err.Error())
}
token, err := srv.getToken(domain.Operator{}, ltoken)
// phone := ltoken.Account
// creationUserGateway := allied_creation_user.NewHttplibAlliedCreationUser(domain.Operator{})
// userSearchResult, err := creationUserGateway.UserSearch(allied_creation_user.ReqUserSearch{
// Phone: phone,
// })
// if err != nil {
// return nil, application.ThrowError(application.TRANSACTION_ERROR, "用户信息获取失败,"+err.Error())
// }
// //判定当前凭证的companyId,OrganizationId 是否在用户列表中
// var currentOrgIsOK bool
//loopUser1:
// for _, v := range userSearchResult.Users {
// if v.Company.CompanyId == int(ltoken.CompanyId) {
// for _, vv := range v.UserOrg {
// if vv.OrgID == int(ltoken.OrgId) {
// currentOrgIsOK = true
// break loopUser1
// }
// }
// }
// }
// if !currentOrgIsOK {
// return nil, application.ThrowError(application.TRANSACTION_ERROR, "登录的公司组织不可用")
// }
//
// transactionContext, err := factory.CreateTransactionContext(nil)
// if err != nil {
// return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
// }
// if err := transactionContext.StartTransaction(); err != nil {
// return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
// }
// defer func() {
// transactionContext.RollbackTransaction()
// }()
// var loginAccessRepository domain.LoginAccessRepository
// if loginAccessRepository, err = factory.CreateLoginAccessRepository(map[string]interface{}{
// "transactionContext": transactionContext,
// }); err != nil {
// return nil, application.ThrowError(application.INTERNAL_SERVER_ERROR, err.Error())
// }
// _, lAccess, err := loginAccessRepository.Find(map[string]interface{}{
// "account": phone,
// "platform": domain.LoginPlatformApp,
// })
// if err != nil {
// return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
// }
// var currentAccess *domain.LoginAccess
// if len(lAccess) > 0 {
// currentAccess = lAccess[0]
// currentAccess.UpdatedTime = time.Now()
// } else {
// currentAccess = &domain.LoginAccess{
// UserBaseId: ltoken.UserBaseId,
// UserId: ltoken.UserId,
// Account: ltoken.Account,
// Platform: domain.LoginPlatformApp,
// CompanyId: ltoken.CompanyId,
// OrganizationId: ltoken.OrgId,
// AccessToken: "",
// RefreshToken: "",
// AccessExpired: 0,
// RefreshExpired: 0,
// CreatedTime: time.Now(),
// UpdatedTime: time.Now(),
// }
// }
// accessTokenStr, err := ltoken.GenerateAccessToken()
// if err != nil {
// return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
// }
// currentAccess.AccessToken = accessTokenStr
// currentAccess.AccessExpired = ltoken.ExpiresAt
// refreshTokenStr, err := ltoken.GenerateRefreshToken()
// if err != nil {
// return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
// }
// currentAccess.RefreshToken = refreshTokenStr
// currentAccess.RefreshExpired = ltoken.ExpiresAt
// //先存数据库
// _, err = loginAccessRepository.Save(currentAccess)
// if err != nil {
// return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
// }
// if err := transactionContext.CommitTransaction(); err != nil {
// return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
// }
// //后处理redis缓存
// tokenCache := cache.LoginTokenCache{}
// tokenCache.RemoveAccessToken(currentAccess.Account, domain.LoginPlatformApp)
// tokenCache.RemoveRefreshToken(currentAccess.Account, domain.LoginPlatformApp)
// tokenCache.SaveAccessToken(currentAccess)
// tokenCache.SaveRefreshToken(currentAccess)
// nowTime := time.Now().Unix()
// return map[string]interface{}{
// "refreshToken": accessTokenStr,
// "accessToken": refreshTokenStr,
// "expiresIn": currentAccess.AccessExpired - nowTime,
// }, nil
return token["token"], err
token, err := svr.getToken(ltoken)
return map[string]interface{}{
"access": token["token"],
}, err
}
//GetUserMenus 获取用户信息
func (srv AuthService) GetUserInfo(userInfoCommand *command.UserInfoCommand) (interface{}, error) {
user, err := srv.getUserInfo(userInfoCommand.Operator)
func (svr AuthService) GetUserInfo(userInfoCommand *command.UserInfoCommand) (interface{}, error) {
user, err := svr.getUserInfo(userInfoCommand.Operator)
if err != nil {
return nil, application.ThrowError(application.BUSINESS_ERROR, err.Error())
}
... ... @@ -402,7 +233,7 @@ func (srv AuthService) GetUserInfo(userInfoCommand *command.UserInfoCommand) (in
}
//GetUserMenus 获取用户菜单
func (srv AuthService) GetUserMenus(userMenusCommand *command.UserMenusCommand) (interface{}, error) {
func (svr AuthService) GetUserMenus(userMenusCommand *command.UserMenusCommand) (interface{}, error) {
creationUserGateway := allied_creation_user.NewHttplibAlliedCreationUser(
userMenusCommand.Operator)
resultMenu, err := creationUserGateway.UserAccessMenus(allied_creation_user.ReqUserAccessMenus{
... ... @@ -417,7 +248,7 @@ func (srv AuthService) GetUserMenus(userMenusCommand *command.UserMenusCommand)
}
//GetUserMenus 获取用户组织
func (srv AuthService) GetUserOrg(userOrgCommand *command.UserOrgCommand) (interface{}, error) {
func (svr AuthService) GetUserOrg(userOrgCommand *command.UserOrgCommand) (interface{}, error) {
creationUserGateway := allied_creation_user.NewHttplibAlliedCreationUser(userOrgCommand.Operator)
result, err := creationUserGateway.UserSearch(allied_creation_user.ReqUserSearch{
Offset: 0,
... ... @@ -446,7 +277,7 @@ func (srv AuthService) GetUserOrg(userOrgCommand *command.UserOrgCommand) (inter
}
//OrgSwitch 组织切换
func (srv AuthService) OrgSwitch(switchOrgCommand *command.SwitchOrgCommand) (interface{}, error) {
func (svr AuthService) OrgSwitch(switchOrgCommand *command.SwitchOrgCommand) (interface{}, error) {
if err := switchOrgCommand.ValidateCommand(); err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
}
... ... @@ -456,7 +287,7 @@ func (srv AuthService) OrgSwitch(switchOrgCommand *command.SwitchOrgCommand) (in
return nil, application.ThrowError(application.TRANSACTION_ERROR, "accessToken 不可用,"+err.Error())
}
ltoken.OrgId = switchOrgCommand.OrgId
token, err := srv.getToken(domain.Operator{}, ltoken)
token, err := svr.getToken(ltoken)
if err != nil {
return nil, application.ThrowError(application.BUSINESS_ERROR, err.Error())
}
... ... @@ -466,7 +297,7 @@ func (srv AuthService) OrgSwitch(switchOrgCommand *command.SwitchOrgCommand) (in
return nil, application.ThrowError(application.TRANSACTION_ERROR, "用户不存在")
}
}
user, err := srv.getUserInfo(domain.Operator{UserId: userId})
user, err := svr.getUserInfo(domain.Operator{UserId: userId})
if err != nil {
return nil, application.ThrowError(application.BUSINESS_ERROR, err.Error())
}
... ... @@ -487,7 +318,7 @@ func (srv AuthService) OrgSwitch(switchOrgCommand *command.SwitchOrgCommand) (in
}
// CompanySignUp 企业注册
func (srv AuthService) CompanySignUp(companySignUpCommand *command.CompanySignUpCommand) (interface{}, error) {
func (svr AuthService) CompanySignUp(companySignUpCommand *command.CompanySignUpCommand) (interface{}, error) {
//TODO:验证码验证测试去掉,后期恢复回来
//smsServeGateway := sms_serve.NewHttplibHttplibSmsServe()
//err := smsServeGateway.CheckSmsCode(companySignUpCommand.Phone, companySignUpCommand.SmsCode)
... ... @@ -510,7 +341,7 @@ func (srv AuthService) CompanySignUp(companySignUpCommand *command.CompanySignUp
}
// ResetPassword 重置密码(找回密码)
func (srv AuthService) ResetPassword(resetPasswordCommand *command.ResetPasswordCommand) (interface{}, error) {
func (svr AuthService) ResetPassword(resetPasswordCommand *command.ResetPasswordCommand) (interface{}, error) {
if err := resetPasswordCommand.ValidateCommand(); err != nil {
return nil, application.ThrowError(application.ARG_ERROR, err.Error())
}
... ... @@ -533,7 +364,7 @@ func (srv AuthService) ResetPassword(resetPasswordCommand *command.ResetPassword
return result, err
}
func (srv AuthService) getUserInfo(operator domain.Operator) (interface{}, error) {
func (svr AuthService) getUserInfo(operator domain.Operator) (interface{}, error) {
creationUserGateway := allied_creation_user.NewHttplibAlliedCreationUser(
operator)
resultUser, err := creationUserGateway.UserGet(allied_creation_user.ReqGetUser{
... ... @@ -563,33 +394,46 @@ func (srv AuthService) getUserInfo(operator domain.Operator) (interface{}, error
return user, nil
}
func (srv AuthService) getToken(operator domain.Operator, ltoken domain.LoginToken) (map[string]interface{}, error) {
func (svr AuthService) getToken(ltoken domain.LoginToken) (map[string]interface{}, error) {
creationUserGateway := allied_creation_user.NewHttplibAlliedCreationUser(domain.Operator{})
userSearchResult, err := creationUserGateway.UserSearch(allied_creation_user.ReqUserSearch{
Phone: ltoken.Account,
})
if err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, "用户信息获取失败,"+err.Error())
return nil, application.ThrowError(application.BUSINESS_ERROR, "用户信息获取失败,"+err.Error())
}
//判定当前凭证的companyId,OrganizationId 是否在用户列表中
// 1 . 判定当前凭证的companyId,OrganizationId 是否在用户列表中
var currentOrgIsOK bool
var currentUserId int64
var currentUser allied_creation_user.UserDetail
loopUser1:
for _, v := range userSearchResult.Users {
//if v.Company.CompanyId == int(ltoken.CompanyId) {
for _, vv := range v.UserOrg {
if vv.OrgID == int(ltoken.OrgId) {
currentOrgIsOK = true
currentUserId = int64(v.UserId)
currentUser = v
break loopUser1
}
}
//}
}
if !currentOrgIsOK {
loopUser2:
for _, v := range userSearchResult.Users {
for _, vv := range v.UserOrg {
ltoken.OrgId = int64(vv.OrgID)
currentOrgIsOK = true
currentUser = v
break loopUser2
}
}
}
if !currentOrgIsOK {
return nil, application.ThrowError(application.TRANSACTION_ERROR, "登录的公司组织不可用")
}
ltoken.UserId = int64(currentUser.UserId)
ltoken.UserBaseId = int64(currentUser.UserBaseId)
ltoken.CompanyId = int64(currentUser.Company.CompanyId)
// 2. 更新currentAccess信息
transactionContext, err := factory.CreateTransactionContext(nil)
if err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
... ... @@ -604,35 +448,27 @@ loopUser1:
if loginAccessRepository, err = factory.CreateLoginAccessRepository(map[string]interface{}{
"transactionContext": transactionContext,
}); err != nil {
return nil, application.ThrowError(application.INTERNAL_SERVER_ERROR, err.Error())
return nil, application.ThrowError(application.BUSINESS_ERROR, err.Error())
}
_, lAccess, err := loginAccessRepository.Find(map[string]interface{}{
"account": ltoken.Account,
"platform": domain.LoginPlatformApp,
"platform": ltoken.Platform,
})
if err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
}
var currentAccess *domain.LoginAccess
var currentAccess = &domain.LoginAccess{CreatedTime: time.Now()}
if len(lAccess) > 0 {
currentAccess = lAccess[0]
currentAccess.UpdatedTime = time.Now()
} else {
currentAccess = &domain.LoginAccess{
UserBaseId: ltoken.UserBaseId,
UserId: ltoken.UserId,
Account: ltoken.Account,
Platform: domain.LoginPlatformApp,
CompanyId: ltoken.CompanyId,
OrganizationId: ltoken.OrgId,
AccessToken: "",
RefreshToken: "",
AccessExpired: 0,
RefreshExpired: 0,
CreatedTime: time.Now(),
UpdatedTime: time.Now(),
}
}
currentAccess.UserId = int64(ltoken.UserId)
currentAccess.UserBaseId = int64(ltoken.UserBaseId)
currentAccess.Account = ltoken.Account
currentAccess.Platform = ltoken.Platform
currentAccess.CompanyId = int64(ltoken.CompanyId)
currentAccess.OrganizationId = ltoken.OrgId
currentAccess.UpdatedTime = time.Now()
accessTokenStr, err := ltoken.GenerateAccessToken()
if err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
... ... @@ -641,22 +477,24 @@ loopUser1:
currentAccess.AccessExpired = ltoken.ExpiresAt
refreshTokenStr, err := ltoken.GenerateRefreshToken()
if err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
return nil, application.ThrowError(application.BUSINESS_ERROR, err.Error())
}
currentAccess.RefreshToken = refreshTokenStr
currentAccess.RefreshExpired = ltoken.ExpiresAt
//先存数据库
//存数据库
_, err = loginAccessRepository.Save(currentAccess)
if err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
}
if err := transactionContext.CommitTransaction(); err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
return nil, application.ThrowError(application.BUSINESS_ERROR, err.Error())
}
//后处理redis缓存
//redis缓存
tokenCache := cache.LoginTokenCache{}
tokenCache.RemoveAccessToken(currentAccess.Account, domain.LoginPlatformApp)
tokenCache.RemoveRefreshToken(currentAccess.Account, domain.LoginPlatformApp)
tokenCache.RemoveAccessToken(currentAccess.Account, ltoken.Platform)
tokenCache.RemoveRefreshToken(currentAccess.Account, ltoken.Platform)
tokenCache.SaveAccessToken(currentAccess)
tokenCache.SaveRefreshToken(currentAccess)
nowTime := time.Now().Unix()
... ... @@ -667,12 +505,12 @@ loopUser1:
}
return map[string]interface{}{
"token": token,
"userId": currentUserId,
"userId": currentUser.UserId,
}, nil
}
//GetCompanyOrgsByUser 获取登录用户的公司组织列表
func (srv AuthService) GetCompanyOrgsByUser(queryParam *query.GetCompanyOrgsByUserQuery) (interface{}, error) {
func (svr AuthService) GetCompanyOrgsByUser(queryParam *query.GetCompanyOrgsByUserQuery) (interface{}, error) {
creationUserGateway := allied_creation_user.NewHttplibAlliedCreationUser(queryParam.Operator)
result, err := creationUserGateway.UserSearch(allied_creation_user.ReqUserSearch{
... ... @@ -708,7 +546,7 @@ func (srv AuthService) GetCompanyOrgsByUser(queryParam *query.GetCompanyOrgsByUs
}
//GetQrcode 获取扫码登录需要的二维码
func (srv AuthService) GetQrcode() (interface{}, error) {
func (svr AuthService) GetQrcode() (interface{}, error) {
qrmsg := domain.QrcodeMessage{}
_, err := qrmsg.GenerateImageBase64() //imgBase64
if err != nil {
... ... @@ -726,41 +564,8 @@ func (srv AuthService) GetQrcode() (interface{}, error) {
return data, nil
}
//QrcodeLoginStatus 询问扫码登录状态
func (srv AuthService) QrcodeLoginStatus(queryParam *query.QrcodeLoginStatusQuery) (interface{}, error) {
qrmsg := domain.QrcodeMessage{}
err := qrmsg.ParseToken(queryParam.Key)
if err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
}
qrCache := cache.LoginQrcodeCache{}
qrmsgCache, err := qrCache.Get(qrmsg.Id)
if err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
}
loginToken := domain.LoginToken{
UserId: qrmsgCache.UserId,
UserBaseId: qrmsgCache.UserBaseId,
Account: qrmsgCache.Account,
Platform: domain.LoginPlatformWeb,
CompanyId: qrmsgCache.CompanyId,
OrgId: qrmsgCache.OrgId,
}
accessToken, err := loginToken.GenerateAccessToken()
if err != nil {
return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
}
_ = accessToken
//TODO 填充token数据
data := map[string]interface{}{
"isLogin": qrmsgCache.IsLogin,
"access": "",
}
return data, nil
}
//CheckSmsCode 验证手机短信验证码
func (srv AuthService) CheckSmsCode(smsCodeCommand *command.CheckSmsCodeCommand) (interface{}, error) {
func (svr AuthService) CheckSmsCode(smsCodeCommand *command.CheckSmsCodeCommand) (interface{}, error) {
smsServeGateway := sms_serve.NewHttplibHttplibSmsServe()
err := smsServeGateway.CheckSmsCode(smsCodeCommand.Phone, smsCodeCommand.SmsCode)
if err != nil {
... ... @@ -780,3 +585,25 @@ func (srv AuthService) CheckSmsCode(smsCodeCommand *command.CheckSmsCodeCommand)
"smsCodeIdentity": uid.String(),
}, nil
}
func (svr *AuthService) CaptchaInit(request *query.CaptchaInitRequest) (interface{}, error) {
var rsp map[string]interface{}
var err error
newGeetest := geetest.NewGeetestLib(captchaID, privateKey, 2*time.Second)
status, responseBt := newGeetest.PreProcess("", request.UserIp)
var geetestRsp geetest.FailbackRegisterRespnse
json.Unmarshal(responseBt, &geetestRsp)
rspData := map[string]interface{}{
"success": geetestRsp.Success,
"gt": geetestRsp.GT,
"challenge": geetestRsp.Challenge,
"newCaptcha": geetestRsp.NewCaptcha,
}
if status == 0 {
return nil, application.ThrowError(application.BUSINESS_ERROR, "获取图形验证码失败,请重试")
}
rsp = rspData
return rsp, err
}
... ...
... ... @@ -8,6 +8,17 @@ const (
LoginPlatformWeb string = "web"
)
const (
LoginPwd = "signInPassword"
LoginSmsCode = "signInCaptcha"
)
const (
DeviceTypeIos = "1"
DeviceTypeAndroid = "2"
DeviceTypeWeb = "4"
)
// 登录凭证存储
type LoginAccess struct {
LoginAccessId int64 `json:"loginAccessId"`
... ...
... ... @@ -25,6 +25,10 @@ type LoginToken struct {
CompanyId int64 `json:"companyId"`
// 组织id
OrgId int64 `json:"orgId"`
// 用户关联的组织列表
Orgs []int64 `json:"orgs"`
// 会话模式 1: 短时效模式 2: 长时效模式(默认)
SessionMode int `json:"sessionMode"`
}
func (t *LoginToken) GenerateAccessToken() (string, error) {
... ... @@ -41,10 +45,14 @@ func (t *LoginToken) GenerateAccessToken() (string, error) {
func (t *LoginToken) GenerateRefreshToken() (string, error) {
nowTime := time.Now().Unix()
expire := refreshTokenExpiresAt
if t.SessionMode == 1 {
expire = accessTokenExpiresAt
}
t.StandardClaims = jwt.StandardClaims{
NotBefore: nowTime,
IssuedAt: nowTime,
ExpiresAt: nowTime + accessTokenExpiresAt,
ExpiresAt: nowTime + expire,
Issuer: "allied_creation_gateway",
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, *t)
... ...
... ... @@ -44,3 +44,7 @@ func InitRedist() *redis.Client {
}
return clientRedis
}
func GetRedis() *redis.Client {
return clientRedis
}
... ...
... ... @@ -168,7 +168,7 @@ func (controller *AuthController) QrcodeLoginStatus() {
authService := service.AuthService{}
cmd := &query.QrcodeLoginStatusQuery{}
Must(controller.Unmarshal(cmd))
data, err := authService.QrcodeLoginStatus(cmd)
data, err := authService.AuthLoginQrcode(cmd)
controller.Response(data, err)
}
... ... @@ -179,3 +179,12 @@ func (controller *AuthController) CheckSmsCode() {
data, err := authService.CheckSmsCode(cmd)
controller.Response(data, err)
}
func (controller *AuthController) CaptchaInit() {
authService := service.AuthService{}
cmd := &query.CaptchaInitRequest{}
Must(controller.Unmarshal(cmd))
cmd.UserIp = controller.Ctx.Request.RemoteAddr
data, err := authService.CaptchaInit(cmd)
controller.Response(data, err)
}
... ...
... ... @@ -10,6 +10,7 @@ func init() {
web.Router("/v1/auth/login/pwd", &controllers.AuthController{}, "Post:LoginPwd")
web.Router("/v1/auth/login/sms", &controllers.AuthController{}, "Post:LoginSms")
web.Router("/v1/auth/login/qrcode", &controllers.AuthController{}, "Post:QrcodeLoginStatus")
web.Router("/v1/auth/captcha-init", &controllers.AuthController{}, "Post:CaptchaInit")
web.Router("/v1/auth/qrcode-init", &controllers.AuthController{}, "Post:GetQrcode")
web.Router("/v1/auth/sms-code", &controllers.AuthController{}, "Post:SendSmsCode")
web.Router("/v1/auth/check-sms-code", &controllers.AuthController{}, "Post:CheckSmsCode")
... ...