作者 yangfu

权限验证

@@ -32,10 +32,9 @@ func init() { @@ -32,10 +32,9 @@ func init() {
32 } 32 }
33 } 33 }
34 filters.SecureKeyMap["token"] = "x-mmm-accesstoken" 34 filters.SecureKeyMap["token"] = "x-mmm-accesstoken"
35 - //TODO:token验证改为 /v1  
36 web.InsertFilter("/*", web.BeforeRouter, filters.AllowCors()) 35 web.InsertFilter("/*", web.BeforeRouter, filters.AllowCors())
37 - web.InsertFilterChain("/v1/app1/*", middleware.CheckAccessToken)  
38 web.InsertFilter("/*", web.BeforeRouter, filters.CreateRequstLogFilter(log.Logger)) 36 web.InsertFilter("/*", web.BeforeRouter, filters.CreateRequstLogFilter(log.Logger))
  37 + web.InsertFilter("/*", web.BeforeExec, middleware.CheckAccessToken2())
39 web.InsertFilter("/*", web.AfterExec, filters.CreateResponseLogFilter(log.Logger), web.WithReturnOnOutput(false)) 38 web.InsertFilter("/*", web.AfterExec, filters.CreateResponseLogFilter(log.Logger), web.WithReturnOnOutput(false))
40 web.InsertFilter("/v1/app11/*", web.BeforeExec, filters.SecureHandler( 39 web.InsertFilter("/v1/app11/*", web.BeforeExec, filters.SecureHandler(
41 filters.WithEnableCheckTimestamp(false), 40 filters.WithEnableCheckTimestamp(false),
@@ -44,4 +43,5 @@ func init() { @@ -44,4 +43,5 @@ func init() {
44 log.Logger.Info("签名验证失败:" + string(headerData)) 43 log.Logger.Info("签名验证失败:" + string(headerData))
45 }), 44 }),
46 )) 45 ))
  46 + //web.InsertFilterChain("/v1/*", middleware.CheckAccessToken)
47 } 47 }
@@ -8,6 +8,7 @@ import ( @@ -8,6 +8,7 @@ import (
8 "gitlab.fjmaimaimai.com/allied-creation/allied-creation-gateway/pkg/infrastructure/cache" 8 "gitlab.fjmaimaimai.com/allied-creation/allied-creation-gateway/pkg/infrastructure/cache"
9 "gitlab.fjmaimaimai.com/allied-creation/allied-creation-gateway/pkg/log" 9 "gitlab.fjmaimaimai.com/allied-creation/allied-creation-gateway/pkg/log"
10 log1 "log" 10 log1 "log"
  11 + "net/http"
11 "net/url" 12 "net/url"
12 ) 13 )
13 14
@@ -47,6 +48,7 @@ func CheckAccessToken(next web.FilterFunc) web.FilterFunc { @@ -47,6 +48,7 @@ func CheckAccessToken(next web.FilterFunc) web.FilterFunc {
47 } 48 }
48 defer func() { 49 defer func() {
49 if err != nil { 50 if err != nil {
  51 + ctx.Output.SetStatus(http.StatusOK)
50 ctx.Output.JSON(map[string]interface{}{ 52 ctx.Output.JSON(map[string]interface{}{
51 "msg": domain.ParseCodeMsg(domain.InvalidAccessToken), 53 "msg": domain.ParseCodeMsg(domain.InvalidAccessToken),
52 "code": domain.InvalidAccessToken, 54 "code": domain.InvalidAccessToken,
@@ -90,3 +92,64 @@ func FormCtxLoginToken(ctx *context.Context) (domain.LoginToken, bool) { @@ -90,3 +92,64 @@ func FormCtxLoginToken(ctx *context.Context) (domain.LoginToken, bool) {
90 } 92 }
91 return domain.LoginToken{}, false 93 return domain.LoginToken{}, false
92 } 94 }
  95 +
  96 +func CheckAccessToken2() web.FilterFunc {
  97 + return func(ctx *context.Context) {
  98 + tokenStr := ctx.Input.Header("x-mmm-accesstoken")
  99 + filterMap := map[string]string{
  100 + "/v1/auth/login/pwd": "",
  101 + "/v1/auth/login/sms": "",
  102 + "/v1/auth/login/qrcode": "",
  103 + "/v1/auth/org-switch": "",
  104 + "/v1/user/company-orgs": "",
  105 + "/v1/auth/captcha-init": "",
  106 + "/v1/auth/qrcode-init": "",
  107 + "/v1/auth/sms-code": "",
  108 + "/v1/auth/check-sms-code": "",
  109 + "/v1/auth/company-sign-up": "",
  110 + "/v1/auth/reset-password": "",
  111 + "/v1/auth/refresh-token": "",
  112 + "/v1/app/cooperation-projects/person/search": "",
  113 + }
  114 + var err error
  115 + if filterUrl, err := url.Parse(ctx.Request.RequestURI); err == nil {
  116 + // 不需要验证的接口
  117 + if _, ok := filterMap[filterUrl.Path]; ok {
  118 + return
  119 + }
  120 + } else {
  121 + log.Logger.Error("parse url error:" + err.Error())
  122 + }
  123 + defer func() {
  124 + if err != nil {
  125 + ctx.Output.SetStatus(http.StatusOK)
  126 + ctx.Output.JSON(map[string]interface{}{
  127 + "msg": domain.ParseCodeMsg(domain.InvalidAccessToken),
  128 + "code": domain.InvalidAccessToken,
  129 + "data": struct{}{},
  130 + }, false, false)
  131 + }
  132 + }()
  133 +
  134 + tk := &domain.LoginToken{}
  135 + err = tk.ParseToken(tokenStr)
  136 + if err != nil {
  137 + log.Logger.Error(err.Error())
  138 + return
  139 + }
  140 + platform := domain.ParsePlatform(ctx.Input.Header("x-mmm-devicetype"))
  141 + //redis缓存
  142 + tokenCache := cache.LoginTokenCache{}
  143 + token, err := tokenCache.GetAccessToken(tk.Account, platform)
  144 + if err != nil {
  145 + log.Logger.Error(err.Error())
  146 + return
  147 + }
  148 + if token != tokenStr {
  149 + log1.Println("token not equal \n" + tk.Account + "\n" + tokenStr + "\n" + token)
  150 + err = fmt.Errorf("access token not exists")
  151 + return
  152 + }
  153 + ctx.Input.SetData(CtxKeyLoginToken{}, tk)
  154 + }
  155 +}