allied-creation / allied-creation-gateway · 提交

转到一个项目

作者 yangfu
提交 96c842c7171b0348fa4064a47a74a322b93ab526 1 个父辈 06d22e20

权限验证

内嵌 并排对比
正在显示 2 个修改的文件 包含 65 行增加2 行删除
... ... @@ -32,10 +32,9 @@ func init() {
}
}
filters.SecureKeyMap["token"] = "x-mmm-accesstoken"
//TODO:token验证改为 /v1
web.InsertFilter("/*", web.BeforeRouter, filters.AllowCors())
web.InsertFilterChain("/v1/app1/*", middleware.CheckAccessToken)
web.InsertFilter("/*", web.BeforeRouter, filters.CreateRequstLogFilter(log.Logger))
web.InsertFilter("/*", web.BeforeExec, middleware.CheckAccessToken2())
web.InsertFilter("/*", web.AfterExec, filters.CreateResponseLogFilter(log.Logger), web.WithReturnOnOutput(false))
web.InsertFilter("/v1/app11/*", web.BeforeExec, filters.SecureHandler(
filters.WithEnableCheckTimestamp(false),
... ... @@ -44,4 +43,5 @@ func init() {
log.Logger.Info("签名验证失败:" + string(headerData))
}),
))
//web.InsertFilterChain("/v1/*", middleware.CheckAccessToken)
}
... ...
... ... @@ -8,6 +8,7 @@ import (
"gitlab.fjmaimaimai.com/allied-creation/allied-creation-gateway/pkg/infrastructure/cache"
"gitlab.fjmaimaimai.com/allied-creation/allied-creation-gateway/pkg/log"
log1 "log"
"net/http"
"net/url"
)
... ... @@ -47,6 +48,7 @@ func CheckAccessToken(next web.FilterFunc) web.FilterFunc {
}
defer func() {
if err != nil {
ctx.Output.SetStatus(http.StatusOK)
ctx.Output.JSON(map[string]interface{}{
"msg": domain.ParseCodeMsg(domain.InvalidAccessToken),
"code": domain.InvalidAccessToken,
... ... @@ -90,3 +92,64 @@ func FormCtxLoginToken(ctx *context.Context) (domain.LoginToken, bool) {
}
return domain.LoginToken{}, false
}
func CheckAccessToken2() web.FilterFunc {
return func(ctx *context.Context) {
tokenStr := ctx.Input.Header("x-mmm-accesstoken")
filterMap := map[string]string{
"/v1/auth/login/pwd": "",
"/v1/auth/login/sms": "",
"/v1/auth/login/qrcode": "",
"/v1/auth/org-switch": "",
"/v1/user/company-orgs": "",
"/v1/auth/captcha-init": "",
"/v1/auth/qrcode-init": "",
"/v1/auth/sms-code": "",
"/v1/auth/check-sms-code": "",
"/v1/auth/company-sign-up": "",
"/v1/auth/reset-password": "",
"/v1/auth/refresh-token": "",
"/v1/app/cooperation-projects/person/search": "",
}
var err error
if filterUrl, err := url.Parse(ctx.Request.RequestURI); err == nil {
// 不需要验证的接口
if _, ok := filterMap[filterUrl.Path]; ok {
return
}
} else {
log.Logger.Error("parse url error:" + err.Error())
}
defer func() {
if err != nil {
ctx.Output.SetStatus(http.StatusOK)
ctx.Output.JSON(map[string]interface{}{
"msg": domain.ParseCodeMsg(domain.InvalidAccessToken),
"code": domain.InvalidAccessToken,
"data": struct{}{},
}, false, false)
}
}()
tk := &domain.LoginToken{}
err = tk.ParseToken(tokenStr)
if err != nil {
log.Logger.Error(err.Error())
return
}
platform := domain.ParsePlatform(ctx.Input.Header("x-mmm-devicetype"))
//redis缓存
tokenCache := cache.LoginTokenCache{}
token, err := tokenCache.GetAccessToken(tk.Account, platform)
if err != nil {
log.Logger.Error(err.Error())
return
}
if token != tokenStr {
log1.Println("token not equal \n" + tk.Account + "\n" + tokenStr + "\n" + token)
err = fmt.Errorf("access token not exists")
return
}
ctx.Input.SetData(CtxKeyLoginToken{}, tk)
}
}
... ...