Merge branch 'dev' of http://gitlab.fjmaimaimai.com/allied-creation/allied-creation-gateway into dev

tangxuhui
pkg/port/beego/beego.go
pkg/port/beego/middleware/jwt.go
--- a/pkg/port/beego/beego.go
查看文件 @f6ece6b
+++ b/pkg/port/beego/beego.go
查看文件 @f6ece6b
@@ -32,10 +32,9 @@ func init() {
 		}
 	}
 	filters.SecureKeyMap["token"] = "x-mmm-accesstoken"
-	//TODO:token验证改为 /v1
 	web.InsertFilter("/*", web.BeforeRouter, filters.AllowCors())
-	web.InsertFilterChain("/v1/app1/*", middleware.CheckAccessToken)
 	web.InsertFilter("/*", web.BeforeRouter, filters.CreateRequstLogFilter(log.Logger))
+	web.InsertFilter("/*", web.BeforeExec, middleware.CheckAccessToken2())
 	web.InsertFilter("/*", web.AfterExec, filters.CreateResponseLogFilter(log.Logger), web.WithReturnOnOutput(false))
 	web.InsertFilter("/v1/app11/*", web.BeforeExec, filters.SecureHandler(
 		filters.WithEnableCheckTimestamp(false),
@@ -44,4 +43,5 @@ func init() {
 			log.Logger.Info("签名验证失败:" + string(headerData))
 		}),
 	))
+	//web.InsertFilterChain("/v1/*", middleware.CheckAccessToken)
 }
--- a/pkg/port/beego/middleware/jwt.go
查看文件 @f6ece6b
+++ b/pkg/port/beego/middleware/jwt.go
查看文件 @f6ece6b
@@ -8,6 +8,7 @@ import (
 	"gitlab.fjmaimaimai.com/allied-creation/allied-creation-gateway/pkg/infrastructure/cache"
 	"gitlab.fjmaimaimai.com/allied-creation/allied-creation-gateway/pkg/log"
 	log1 "log"
+	"net/http"
 	"net/url"
 )
@@ -47,6 +48,7 @@ func CheckAccessToken(next web.FilterFunc) web.FilterFunc {
 		}
 		defer func() {
 			if err != nil {
+				ctx.Output.SetStatus(http.StatusOK)
 				ctx.Output.JSON(map[string]interface{}{
 					"msg":  domain.ParseCodeMsg(domain.InvalidAccessToken),
 					"code": domain.InvalidAccessToken,
@@ -90,3 +92,64 @@ func FormCtxLoginToken(ctx *context.Context) (domain.LoginToken, bool) {
 	}
 	return domain.LoginToken{}, false
 }
+
+func CheckAccessToken2() web.FilterFunc {
+	return func(ctx *context.Context) {
+		tokenStr := ctx.Input.Header("x-mmm-accesstoken")
+		filterMap := map[string]string{
+			"/v1/auth/login/pwd":                         "",
+			"/v1/auth/login/sms":                         "",
+			"/v1/auth/login/qrcode":                      "",
+			"/v1/auth/org-switch":                        "",
+			"/v1/user/company-orgs":                      "",
+			"/v1/auth/captcha-init":                      "",
+			"/v1/auth/qrcode-init":                       "",
+			"/v1/auth/sms-code":                          "",
+			"/v1/auth/check-sms-code":                    "",
+			"/v1/auth/company-sign-up":                   "",
+			"/v1/auth/reset-password":                    "",
+			"/v1/auth/refresh-token":                     "",
+			"/v1/app/cooperation-projects/person/search": "",
+		}
+		var err error
+		if filterUrl, err := url.Parse(ctx.Request.RequestURI); err == nil {
+			// 不需要验证的接口
+			if _, ok := filterMap[filterUrl.Path]; ok {
+				return
+			}
+		} else {
+			log.Logger.Error("parse url error:" + err.Error())
+		}
+		defer func() {
+			if err != nil {
+				ctx.Output.SetStatus(http.StatusOK)
+				ctx.Output.JSON(map[string]interface{}{
+					"msg":  domain.ParseCodeMsg(domain.InvalidAccessToken),
+					"code": domain.InvalidAccessToken,
+					"data": struct{}{},
+				}, false, false)
+			}
+		}()
+
+		tk := &domain.LoginToken{}
+		err = tk.ParseToken(tokenStr)
+		if err != nil {
+			log.Logger.Error(err.Error())
+			return
+		}
+		platform := domain.ParsePlatform(ctx.Input.Header("x-mmm-devicetype"))
+		//redis缓存
+		tokenCache := cache.LoginTokenCache{}
+		token, err := tokenCache.GetAccessToken(tk.Account, platform)
+		if err != nil {
+			log.Logger.Error(err.Error())
+			return
+		}
+		if token != tokenStr {
+			log1.Println("token not equal  \n" + tk.Account + "\n" + tokenStr + "\n" + token)
+			err = fmt.Errorf("access token not exists")
+			return
+		}
+		ctx.Input.SetData(CtxKeyLoginToken{}, tk)
+	}
+}