作者 tangxvhui

Merge branch 'dev-tangxvhui' into test

  1 +package command
  2 +
  3 +type AccessTokenCommand struct {
  4 + AuthCode string `json:"authCode" valid:"Required"`
  5 +}
  1 +package command
  2 +
  3 +type RefreshTokenCommand struct {
  4 + RefreshToken string `json:"refreshToken" valid:"Required"`
  5 + Uid int64 `json:"-"`
  6 + LoginType string `json:"-"`
  7 +}
@@ -229,3 +229,119 @@ func (service *AuthService) MeInfo(param *command.GetMeInfo) (map[string]interfa @@ -229,3 +229,119 @@ func (service *AuthService) MeInfo(param *command.GetMeInfo) (map[string]interfa
229 "user": info, 229 "user": info,
230 }, nil 230 }, nil
231 } 231 }
  232 +
  233 +// Authorize 移动端授权登录
  234 +func (srv *AuthService) Authorize(param *command.MobileLoginCommand) (map[string]interface{}, error) {
  235 + transactionContext, err := factory.CreateTransactionContext(nil)
  236 + if err != nil {
  237 + return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
  238 + }
  239 + if errStart := transactionContext.StartTransaction(); errStart != nil {
  240 + return nil, application.ThrowError(application.TRANSACTION_ERROR, errStart.Error())
  241 + }
  242 + defer func() {
  243 + _ = transactionContext.RollbackTransaction()
  244 + }()
  245 + // 统一用户中心登录
  246 + authCodeReply, err := factory.UCenterApi().AppAuthCode(param.Credentials, param.Cuid, param.Cid)
  247 + if err != nil || !authCodeReply.IsOk() {
  248 + return nil, application.ThrowError(application.INTERNAL_SERVER_ERROR, "统一用户中心认证失败")
  249 + }
  250 + // 用户权限校验
  251 + // 登录平台ID, 29-员工绩效
  252 + userAuthReply, err := factory.BusinessAdminApi().GetUserAuth(int64(param.Muid), constant.PLATFORM_FONT_ID)
  253 + if err != nil {
  254 + return nil, application.ThrowError(application.INTERNAL_SERVER_ERROR, "用户鉴权失败")
  255 + }
  256 + if !userAuthReply.IsOk() {
  257 + return nil, application.ThrowError(application.INTERNAL_SERVER_ERROR, userAuthReply.Message())
  258 + }
  259 + //获取公司数据
  260 + companyRepository := factory.CreateCompanyRepository(map[string]interface{}{
  261 + "transactionContext": transactionContext,
  262 + })
  263 + company, err := companyRepository.FindOne(map[string]interface{}{
  264 + "id": param.Cid,
  265 + })
  266 + if err != nil {
  267 + return nil, application.ThrowError(application.INTERNAL_SERVER_ERROR, "获取公司数据失败")
  268 + }
  269 + userRepository := factory.CreateUserRepository(map[string]interface{}{
  270 + "transactionContext": transactionContext,
  271 + })
  272 + user, err := userRepository.FindOne(map[string]interface{}{
  273 + "id": param.Muid,
  274 + "companyId": company.Id,
  275 + })
  276 + if err != nil {
  277 + return nil, application.ThrowError(application.INTERNAL_SERVER_ERROR, "获取用户数据失败")
  278 + }
  279 + if user.Status != domain.UserStatusEnable {
  280 + return nil, application.ThrowError(application.INTERNAL_SERVER_ERROR, "用户被禁用")
  281 + }
  282 + if err := transactionContext.CommitTransaction(); err != nil {
  283 + return nil, application.ThrowError(application.TRANSACTION_ERROR, err.Error())
  284 + }
  285 + userAuth := &domain.UserAuth{
  286 + UserId: user.Id,
  287 + CompanyId: user.CompanyId,
  288 + CompanyName: company.Name,
  289 + Phone: user.Account,
  290 + PlatformId: constant.PLATFORM_FONT_ID,
  291 + Name: user.Name,
  292 + AdminType: user.AdminType,
  293 + }
  294 + accessToken, err := userAuth.CreateAccessToken()
  295 + if err != nil {
  296 + return nil, application.ThrowError(application.INTERNAL_SERVER_ERROR, err.Error())
  297 + }
  298 + respData := map[string]interface{}{
  299 + "authCode": accessToken,
  300 + }
  301 + return respData, nil
  302 +}
  303 +
  304 +func (srv *AuthService) AccessToken(param *command.AccessTokenCommand) (map[string]interface{}, error) {
  305 + userAuth := domain.UserAuth{}
  306 + _, err := userAuth.ParseAccessToken(param.AuthCode)
  307 + if err != nil {
  308 + return nil, application.ThrowError(application.INTERNAL_SERVER_ERROR, "authcode 失效")
  309 + }
  310 +
  311 + accessToken, err := userAuth.CreateAccessToken()
  312 + if err != nil {
  313 + return nil, application.ThrowError(application.INTERNAL_SERVER_ERROR, "生成 accessToken 失败")
  314 + }
  315 + refreshToken, err := userAuth.CreateRefreshToken()
  316 + if err != nil {
  317 + return nil, application.ThrowError(application.INTERNAL_SERVER_ERROR, "生成 refreshToken 解析失败")
  318 + }
  319 + respData := map[string]interface{}{
  320 + "refreshToken": refreshToken,
  321 + "accessToken": accessToken,
  322 + "expiresIn": domain.JWTExpiresSecond,
  323 + }
  324 + return respData, nil
  325 +}
  326 +
  327 +func (srv *AuthService) RefreshToken(param *command.RefreshTokenCommand) (map[string]interface{}, error) {
  328 + userAuth := domain.UserAuth{}
  329 + _, err := userAuth.ParseAccessToken(param.RefreshToken)
  330 + if err != nil {
  331 + return nil, application.ThrowError(application.INTERNAL_SERVER_ERROR, "refresh_token 失效")
  332 + }
  333 + accessToken, err := userAuth.CreateAccessToken()
  334 + if err != nil {
  335 + return nil, application.ThrowError(application.INTERNAL_SERVER_ERROR, "生成 accessToken 失败")
  336 + }
  337 + refreshToken, err := userAuth.CreateRefreshToken()
  338 + if err != nil {
  339 + return nil, application.ThrowError(application.INTERNAL_SERVER_ERROR, "生成 refreshToken 解析失败")
  340 + }
  341 + respData := map[string]interface{}{
  342 + "refreshToken": refreshToken,
  343 + "accessToken": accessToken,
  344 + "expiresIn": domain.JWTExpiresSecond,
  345 + }
  346 + return respData, nil
  347 +}
@@ -55,3 +55,13 @@ func (userAuth *UserAuth) ParseAccessToken(token string) (*UserAuth, error) { @@ -55,3 +55,13 @@ func (userAuth *UserAuth) ParseAccessToken(token string) (*UserAuth, error) {
55 } 55 }
56 return user, errors.New("解析token失败") 56 return user, errors.New("解析token失败")
57 } 57 }
  58 +
  59 +func (userAuth *UserAuth) CreateRefreshToken() (string, error) {
  60 + expiresAt := time.Now().Add(time.Duration(JWTExpiresSecond*2) * time.Second).Unix()
  61 + userAuth.StandardClaims = jwt.StandardClaims{
  62 + ExpiresAt: expiresAt,
  63 + Issuer: issuer,
  64 + }
  65 + token := jwt.NewWithClaims(jwt.SigningMethodHS256, userAuth)
  66 + return token.SignedString([]byte(secretKey))
  67 +}
@@ -40,3 +40,30 @@ func (controller *AuthController) MobileLogin() { @@ -40,3 +40,30 @@ func (controller *AuthController) MobileLogin() {
40 resp, err := authService.MobileLogin(loginCommand) 40 resp, err := authService.MobileLogin(loginCommand)
41 controller.Response(resp, err) 41 controller.Response(resp, err)
42 } 42 }
  43 +
  44 +// Login 手机端登录 获取authCode
  45 +func (controller *AuthController) Authorize() {
  46 + authService := &service.AuthService{}
  47 + loginCommand := &command.MobileLoginCommand{}
  48 + _ = controller.Unmarshal(loginCommand)
  49 + resp, err := authService.Authorize(loginCommand)
  50 + controller.Response(resp, err)
  51 +}
  52 +
  53 +// Login 获取token
  54 +func (controller *AuthController) AccessToken() {
  55 + authService := &service.AuthService{}
  56 + loginCommand := &command.AccessTokenCommand{}
  57 + _ = controller.Unmarshal(loginCommand)
  58 + resp, err := authService.AccessToken(loginCommand)
  59 + controller.Response(resp, err)
  60 +}
  61 +
  62 +// Login 手机端 获取刷新token
  63 +func (controller *AuthController) RefreshToken() {
  64 + authService := &service.AuthService{}
  65 + loginCommand := &command.RefreshTokenCommand{}
  66 + _ = controller.Unmarshal(loginCommand)
  67 + resp, err := authService.RefreshToken(loginCommand)
  68 + controller.Response(resp, err)
  69 +}
@@ -10,12 +10,18 @@ func init() { @@ -10,12 +10,18 @@ func init() {
10 web.Router("/login", &controllers.AuthController{}, "Post:Login") 10 web.Router("/login", &controllers.AuthController{}, "Post:Login")
11 //手机模块登录-旧 11 //手机模块登录-旧
12 web.Router("/login/mobile", &controllers.AuthController{}, "Post:MobileLogin") 12 web.Router("/login/mobile", &controllers.AuthController{}, "Post:MobileLogin")
13 - ////手机模块登录-新  
14 - web.Router("/v1/auth/authorize", &controllers.AuthController{}, "Post:MobileLogin")  
15 - // 13 +
16 web.InsertFilter("/auth/admin/*", web.BeforeExec, middlewares.CheckAdminToken()) 14 web.InsertFilter("/auth/admin/*", web.BeforeExec, middlewares.CheckAdminToken())
17 web.Router("/auth/admin/user", &controllers.AuthController{}, "Get:User") 15 web.Router("/auth/admin/user", &controllers.AuthController{}, "Get:User")
18 16
19 web.InsertFilter("/auth/font/*", web.BeforeExec, middlewares.CheckFontToken()) 17 web.InsertFilter("/auth/font/*", web.BeforeExec, middlewares.CheckFontToken())
20 web.Router("/auth/font/user", &controllers.AuthController{}, "Get:User") 18 web.Router("/auth/font/user", &controllers.AuthController{}, "Get:User")
  19 +
  20 + {
  21 + //手机模块登录-新
  22 + web.CtrlPost("/v1/auth/authorize", (*controllers.AuthController).Authorize)
  23 + web.CtrlPost("/v1/auth/accessToken", (*controllers.AuthController).AccessToken)
  24 + web.CtrlPost("/v1/auth/refreshToken", (*controllers.AuthController).RefreshToken)
  25 + }
  26 +
21 } 27 }