Merge branch 'dev' of http://gitlab.fjmaimaimai.com/allied-creation/allied-creation-gateway into dev

tangxuhui
pkg/port/beego/beego.go
pkg/port/beego/middleware/jwt.go
--- a/pkg/port/beego/beego.go
查看文件 @f6ece6b
+++ b/pkg/port/beego/beego.go
查看文件 @f6ece6b
@@ -32,10 +32,9 @@ func init() {
 		}
 	}
 	filters.SecureKeyMap["token"] = "x-mmm-accesstoken"
- 	//TODO:token验证改为 /v1
 	web.InsertFilter("/*", web.BeforeRouter, filters.AllowCors())
- 	web.InsertFilterChain("/v1/app1/*", middleware.CheckAccessToken)
 	web.InsertFilter("/*", web.BeforeRouter, filters.CreateRequstLogFilter(log.Logger))
+ 	web.InsertFilter("/*", web.BeforeExec, middleware.CheckAccessToken2())
 	web.InsertFilter("/*", web.AfterExec, filters.CreateResponseLogFilter(log.Logger), web.WithReturnOnOutput(false))
 	web.InsertFilter("/v1/app11/*", web.BeforeExec, filters.SecureHandler(
 		filters.WithEnableCheckTimestamp(false),
@@ -44,4 +43,5 @@ func init() {
 			log.Logger.Info("签名验证失败:" + string(headerData))
 		}),
 	))
+ 	//web.InsertFilterChain("/v1/*", middleware.CheckAccessToken)
 }
--- a/pkg/port/beego/middleware/jwt.go
查看文件 @f6ece6b
+++ b/pkg/port/beego/middleware/jwt.go
查看文件 @f6ece6b
@@ -8,6 +8,7 @@ import (
 	"gitlab.fjmaimaimai.com/allied-creation/allied-creation-gateway/pkg/infrastructure/cache"
 	"gitlab.fjmaimaimai.com/allied-creation/allied-creation-gateway/pkg/log"
 	log1 "log"
+ 	"net/http"
 	"net/url"
 )
 
@@ -47,6 +48,7 @@ func CheckAccessToken(next web.FilterFunc) web.FilterFunc {
 		}
 		defer func() {
 			if err != nil {
+ 				ctx.Output.SetStatus(http.StatusOK)
 				ctx.Output.JSON(map[string]interface{}{
 					"msg":  domain.ParseCodeMsg(domain.InvalidAccessToken),
 					"code": domain.InvalidAccessToken,
@@ -90,3 +92,64 @@ func FormCtxLoginToken(ctx *context.Context) (domain.LoginToken, bool) {
 	}
 	return domain.LoginToken{}, false
 }
+ 
+ func CheckAccessToken2() web.FilterFunc {
+ 	return func(ctx *context.Context) {
+ 		tokenStr := ctx.Input.Header("x-mmm-accesstoken")
+ 		filterMap := map[string]string{
+ 			"/v1/auth/login/pwd":                         "",
+ 			"/v1/auth/login/sms":                         "",
+ 			"/v1/auth/login/qrcode":                      "",
+ 			"/v1/auth/org-switch":                        "",
+ 			"/v1/user/company-orgs":                      "",
+ 			"/v1/auth/captcha-init":                      "",
+ 			"/v1/auth/qrcode-init":                       "",
+ 			"/v1/auth/sms-code":                          "",
+ 			"/v1/auth/check-sms-code":                    "",
+ 			"/v1/auth/company-sign-up":                   "",
+ 			"/v1/auth/reset-password":                    "",
+ 			"/v1/auth/refresh-token":                     "",
+ 			"/v1/app/cooperation-projects/person/search": "",
+ 		}
+ 		var err error
+ 		if filterUrl, err := url.Parse(ctx.Request.RequestURI); err == nil {
+ 			// 不需要验证的接口
+ 			if _, ok := filterMap[filterUrl.Path]; ok {
+ 				return
+ 			}
+ 		} else {
+ 			log.Logger.Error("parse url error:" + err.Error())
+ 		}
+ 		defer func() {
+ 			if err != nil {
+ 				ctx.Output.SetStatus(http.StatusOK)
+ 				ctx.Output.JSON(map[string]interface{}{
+ 					"msg":  domain.ParseCodeMsg(domain.InvalidAccessToken),
+ 					"code": domain.InvalidAccessToken,
+ 					"data": struct{}{},
+ 				}, false, false)
+ 			}
+ 		}()
+ 
+ 		tk := &domain.LoginToken{}
+ 		err = tk.ParseToken(tokenStr)
+ 		if err != nil {
+ 			log.Logger.Error(err.Error())
+ 			return
+ 		}
+ 		platform := domain.ParsePlatform(ctx.Input.Header("x-mmm-devicetype"))
+ 		//redis缓存
+ 		tokenCache := cache.LoginTokenCache{}
+ 		token, err := tokenCache.GetAccessToken(tk.Account, platform)
+ 		if err != nil {
+ 			log.Logger.Error(err.Error())
+ 			return
+ 		}
+ 		if token != tokenStr {
+ 			log1.Println("token not equal  \n" + tk.Account + "\n" + tokenStr + "\n" + token)
+ 			err = fmt.Errorf("access token not exists")
+ 			return
+ 		}
+ 		ctx.Input.SetData(CtxKeyLoginToken{}, tk)
+ 	}
+ }