作者 yangfu

注入token

... ... @@ -104,24 +104,33 @@ func FilterComm(ctx *context.Context) {
//统计
MetricCounter(ctx)
if beego.BConfig.RunMode == "dev" && (ctx.Input.Header("x-mmm-uid") != "" || ctx.Input.Header("uid") != "") {
return
}
//if beego.BConfig.RunMode == "dev" && (ctx.Input.Header("x-mmm-uid") != "" || ctx.Input.Header("uid") != "") {
// return
//}
//TODO:注入账号,后期移除掉
if beego.BConfig.RunMode != "prod" {
ctx.Request.Header.Add("x-mmm-uid", fmt.Sprintf("%v", 1))
ctx.Request.Header.Add("x-mmm-cid", fmt.Sprintf("%v", 1))
ctx.Request.Header.Add("x-mmm-id", fmt.Sprintf("%v", 1))
return
}
//1.检查签名
if !CheckSign(ctx) {
return
if beego.BConfig.RunMode != "prod" || ctx.Input.Header("x-mmm-accesstoken") == "" {
ctx.Request.Header.Set("x-mmm-accesstoken", "6839602f1d8211eabd85000c29ad8d6d")
if ctx.Input.Header("x-mmm-accesstoken") == "" {
ctx.Request.Header.Add("x-mmm-accesstoken", "6839602f1d8211eabd85000c29ad8d6d")
}
//return
} else {
//1.检查签名
if !CheckSign(ctx) {
return
}
}
//2.检查token是否有效
if !CheckToken(ctx) {
return
}
//if !CheckSign(ctx) {
// return
//}
////2.检查token是否有效
//if !CheckToken(ctx) {
// return
//}
//3.查重uuid
//if !CheckUuid(ctx) {
// return
... ... @@ -189,9 +198,9 @@ func CheckToken(ctx *context.Context) (result bool) {
} else {
if rsp.UserInfo != nil {
//设置附加数据
ctx.Request.Header.Add("x-mmm-uid", fmt.Sprintf("%v", rsp.UserInfo.UserId))
ctx.Request.Header.Add("x-mmm-cid", fmt.Sprintf("%v", rsp.UserInfo.CurrentCompanyId))
ctx.Request.Header.Add("x-mmm-id", fmt.Sprintf("%v", rsp.UserInfo.CurrentUserCompanyId))
ctx.Request.Header.Set("x-mmm-uid", fmt.Sprintf("%v", rsp.UserInfo.UserId))
ctx.Request.Header.Set("x-mmm-cid", fmt.Sprintf("%v", rsp.UserInfo.CurrentCompanyId))
ctx.Request.Header.Set("x-mmm-id", fmt.Sprintf("%v", rsp.UserInfo.CurrentUserCompanyId))
}
}
return
... ...
... ... @@ -34,7 +34,7 @@ func UpdateTableByMap(tabeleStruct interface{}, changeMap map[string]interface{}
log.Error(err)
return err
}
log.Info(fmt.Sprintf("UpdateTableByMap: table:%s effect records:%d column:%v", GetTableName(tabeleStruct), num, changeColumn))
log.Info(fmt.Sprintf("UpdateTableByMap: table:%s effect records:%d column:%v values:%v", GetTableName(tabeleStruct), num, changeColumn, changeMap))
return nil
}
... ...
... ... @@ -158,11 +158,10 @@ func DeleteCompany(id int64) (err error) {
func GetCompanyByPermission(uid int64) (v []*Company, err error) {
o := orm.NewOrm()
sql := `select * from company where id in(
select company_id from user_company where user_id=? and enable=1
select company_id from user_company where user_id=? and enable=1 order by create_at desc
) and enable=1` //
if _,err = o.Raw(sql, uid).QueryRows(&v); err == nil {
if _, err = o.Raw(sql, uid).QueryRows(&v); err == nil {
return v, nil
}
return nil, err
}
... ...
... ... @@ -87,9 +87,19 @@ func GetUserCompanyByUserId(uid int64, companyId int64) (v *UserCompany, err err
return nil, err
}
func GetUserCompanyFirst(uid int64) (v *UserCompany, err error) {
//按user_company.id获取公司信息
func GetUserCompanyBy(id int64, companyId int64) (v *UserCompany, err error) {
o := orm.NewOrm()
sql := "select * from user_company where user_id=? order by create_at desc limit 1" //
sql := "select * from user_company where id=? and company_id=? and enable=1" //
if err = o.Raw(sql, id, companyId).QueryRow(&v); err == nil {
return v, nil
}
return nil, err
}
func GetUserCompanys(uid int64) (v *UserCompany, err error) {
o := orm.NewOrm()
sql := "select * from user_company where user_id=? and enable=1 order by create_at desc limit 1" //
if err = o.Raw(sql, uid).QueryRow(&v); err == nil {
return v, nil
}
... ...
... ... @@ -73,13 +73,13 @@ func DeleteUserDepartment(id int64) (err error) {
return
}
func GetUserDepartments(userId int64, companyId int64, v interface{}) (err error) {
func GetUserDepartments(id int64, companyId int64, v interface{}) (err error) {
o := orm.NewOrm()
sql := `
select a.department_id,b.name,b.parent_id,b.managers,b.relation,a.create_time
from user_department a INNER JOIN department b on a.department_id = b.id
where a.user_id =? and a.company_id =? and enable_status =1 and b.delete_at =0`
if _, err = o.Raw(sql, userId, companyId).QueryRows(v); err == nil {
where a.user_company_id =? and a.company_id =? and enable_status =1 and b.delete_at =0`
if _, err = o.Raw(sql, id, companyId).QueryRows(v); err == nil {
return
}
return
... ...
... ... @@ -73,13 +73,13 @@ func DeleteUserPosition(id int) (err error) {
return
}
func GetUserPositions(userId int64, companyId int64, v interface{}) (err error) {
func GetUserPositions(id int64, companyId int64, v interface{}) (err error) {
o := orm.NewOrm()
sql := `
select a.position_id,b.name,b.relation,a.create_at
from user_position a INNER JOIN position b on a.position_id = b.id
where a.user_id =? and a.company_id =? and a.enable_status =1 and b.enable_status =1`
if _, err = o.Raw(sql, userId, companyId).QueryRows(v); err == nil {
where a.user_company_id =? and a.company_id =? and a.enable_status =1 and b.enable_status =1`
if _, err = o.Raw(sql, id, companyId).QueryRows(v); err == nil {
return
}
return
... ...
... ... @@ -53,60 +53,33 @@ type UserInfoResponse struct {
User User `json:"user"`
}
/*
user object
必须
用户对象信息
备注: 用户对象信息
必须
用户名称
phone string
必须
手机号码
image object
非必须
用户头像
备注: 用户头像
did integer
必须
部门ID
department string
必须
部门名称
position string
必须
职位名称
level integer
必须
职位级别(员工0,老板1)
employeeAttr object
必须
员工属性
备注: 员工属性
imToken string
必须
网易云信IM Token
filterModule
*/
type User struct {
UserId int64 `json:"uid"`
Name string `json:"uname"`
Phone string `json:"phone"`
Image Picture `json:"image"`
Department string `json:"department"`
Position string `json:"position"`
Department Dep `json:"dep"`
Position Job `json:"job"`
ImToken string `json:"imToken"`
//companys
CompanyId int `json:"companyId"`
Company string `json:"company"` //公司名称
CompanyId int `json:"companyId"`
Company Company `json:"company"` //公司名称
Companys []Company `json:"companys"`
}
type Company struct {
Id int64 `json:"id"`
Name string `json:"name"`
}
\ No newline at end of file
Id int64 `json:"id"`
Name string `json:"name"`
}
type Dep struct {
Id int `json:"id"`
Name string `json:"name"`
}
type Job struct {
Id int `json:"id"`
Name string `json:"name"`
Level int `json:"level"`
}
... ...
... ... @@ -12,10 +12,13 @@ import (
"sync"
)
func GetUserBaseInfoAggregation(uid int64, companyId int64) (v *protocol.UserBaseInfoAggregation, err error) {
//id :user_company.id
func GetUserBaseInfoAggregation(id int64, companyId int64) (v *protocol.UserBaseInfoAggregation, err error) {
v = &protocol.UserBaseInfoAggregation{}
var wg sync.WaitGroup
if v.UserCompany, err = models.GetUserCompanyByUserId(uid, companyId); err != nil {
var (
wg sync.WaitGroup
)
if v.UserCompany, err = models.GetUserCompanyBy(id, companyId); err != nil {
log.Error(err)
return
}
... ... @@ -34,7 +37,7 @@ func GetUserBaseInfoAggregation(uid int64, companyId int64) (v *protocol.UserBas
go func() {
defer wg.Done()
if err = models.GetUserDepartments(uid, companyId, &v.Department); err != nil {
if err = models.GetUserDepartments(id, companyId, &v.Department); err != nil {
log.Error(err)
return
}
... ... @@ -42,7 +45,7 @@ func GetUserBaseInfoAggregation(uid int64, companyId int64) (v *protocol.UserBas
go func() {
defer wg.Done()
if err = models.GetUserPositions(uid, companyId, &v.Position); err != nil {
if err = models.GetUserPositions(id, companyId, &v.Position); err != nil {
log.Error(err)
return
}
... ...
... ... @@ -164,6 +164,7 @@ func Templates(header *protocol.RequestHeader, request *protocol.TemplatesReques
return
}
if len(templates) == 0 {
log.Error(fmt.Sprintf("公司:%v chance_type_id:%v 无模板", header.CompanyId, request.ChanceTypeId))
return
}
for i := range templates {
... ... @@ -172,6 +173,7 @@ func Templates(header *protocol.RequestHeader, request *protocol.TemplatesReques
//
//查询表单
if forms, err = models.GetAuditForms(header.CompanyId, item.Id); err != nil {
log.Error(err)
continue
}
template := &protocol.Template{
... ...
... ... @@ -26,7 +26,7 @@ func Departments(header *protocol.RequestHeader, request *protocol.DepartmentsRe
}
rsp.Departments = tmpDepartment.Departments
case protocol.DepartmentUser:
if err = repository.UserDepartment.GetUserDepartment(header.Uid, header.CompanyId, &rsp.Departments); err != nil {
if err = models.GetUserDepartments(header.UserId, header.CompanyId, &rsp.Departments); err != nil {
log.Error(err)
return
}
... ...
... ... @@ -198,13 +198,12 @@ func UserCompanys(header *protocol.RequestHeader, request *protocol.UserCompanys
}
//切换公司
func SwitchCompany(header *protocol.RequestHeader, request *protocol.SwitchCompanyRequest) (rsp *protocol.SwitchCompanyResponse, err error) {
func SwitchCompany(header *protocol.RequestHeader, request *protocol.SwitchCompanyRequest) (rsp *protocol.UserInfoResponse, err error) {
var (
company *models.UserCompany
auth *models.UserAuth
userCompany *models.UserCompany
auth *models.UserAuth
)
rsp = &protocol.SwitchCompanyResponse{}
if company, err = repository.UserCompany.GetUserCompanyByUserId(header.Uid, int64(request.CompanyId)); err != nil {
if userCompany, err = repository.UserCompany.GetUserCompanyByUserId(header.Uid, int64(request.CompanyId)); err != nil {
log.Error(err)
err = protocol.NewErrWithMessage(4201) //找不到这家公司
return
... ... @@ -215,9 +214,16 @@ func SwitchCompany(header *protocol.RequestHeader, request *protocol.SwitchCompa
}
if auth.CurrentCompanyId == request.CompanyId {
log.Error(fmt.Sprintf("uid:%v 当前公司已经是:%v", header.Uid, request.CompanyId))
return
//return
} else {
if err = utils.UpdateTableByMap(&models.UserAuth{Id: auth.Id}, map[string]interface{}{"CurrentCompanyId": userCompany.CompanyId, "CurrentUserCompanyId": userCompany.Id}); err != nil {
log.Error(err)
return
}
header.CompanyId = userCompany.CompanyId
header.UserId = userCompany.Id
}
if err = utils.UpdateTableByMap(&models.UserAuth{Id: auth.Id}, map[string]interface{}{"CurrentCompanyId": company.CompanyId, "CurrentCompanyUserId": company.Id}); err != nil {
if rsp, err = UserInfo(header, &protocol.UserInfoRequest{}); err != nil {
log.Error(err)
return
}
... ... @@ -229,51 +235,70 @@ func UserInfo(header *protocol.RequestHeader, request *protocol.UserInfoRequest)
var (
companyId = header.CompanyId
userCompany *models.UserCompany
baseInfo *protocol.BaseUserInfo
userAuth *models.UserAuth
user *models.User
userBaseAgg *protocol.UserBaseInfoAggregation
companys []*models.Company
)
if userCompany, err = models.GetUserCompanys(header.Uid); err != nil {
log.Error(err)
return
}
if companyId == 0 {
if userCompany, err = models.GetUserCompanyFirst(header.Uid); err != nil {
log.Error(err)
return
}
if userAuth, err = models.GetUserAuthByUserId(header.Uid, 1); err != nil {
if userAuth, err = models.GetUserAuthByUserId(header.Uid, protocol.DeviceType); err != nil {
log.Error(err)
return
}
if err = utils.UpdateTableByMap(&models.UserAuth{Id: userAuth.Id}, map[string]interface{}{"CurrentCompanyId": userCompany.CompanyId, "CurrentUserCompanyId": userCompany.Id}); err != nil {
if err = utils.UpdateTableByMap(&models.UserAuth{Id: userAuth.Id}, map[string]interface{}{
"CurrentCompanyId": userCompany.CompanyId, "CurrentUserCompanyId": userCompany.Id}); err != nil {
log.Error(err)
return
}
companyId = int64(userCompany.CompanyId)
header.UserId = userCompany.Id
}
if user, err = models.GetUsersById(header.Uid); err != nil {
if companys, err = models.GetCompanyByPermission(header.Uid); err != nil {
log.Error(err)
return
}
if baseInfo, err = agg.GetUserBaseInfo(header.UserId, companyId); err != nil {
log.Error(err)
if userBaseAgg, err = agg.GetUserBaseInfoAggregation(header.UserId, companyId); err != nil {
return
}
rsp = &protocol.UserInfoResponse{
User: protocol.User{
UserId: baseInfo.UserId,
Name: baseInfo.NickName,
Phone: user.Phone,
UserId: header.UserId,
Name: userBaseAgg.User.NickName,
Phone: userBaseAgg.User.Phone,
Image: protocol.Picture{
Path: user.Icon,
Path: userBaseAgg.User.Icon,
//TODO:图片裁剪
H: 0,
W: 0,
},
Department: baseInfo.Department,
Position: baseInfo.Position,
ImToken: user.ImToken,
CompanyId: int(companyId),
Company: baseInfo.CompanyName,
ImToken: userBaseAgg.User.ImToken,
CompanyId: int(companyId),
Company: protocol.Company{
Id: userBaseAgg.Company.Id,
Name: userBaseAgg.Company.Name,
},
},
}
for i := range companys {
rsp.User.Companys = append(rsp.User.Companys, protocol.Company{
Id: companys[i].Id,
Name: companys[i].Name,
})
}
if topDep := agg.GetTopDepartment(userBaseAgg.Department); topDep.DepartmentId != 0 {
rsp.User.Department = protocol.Dep{
Id: topDep.DepartmentId,
Name: topDep.Name,
}
}
if topPos := agg.GetTopPosition(userBaseAgg.Position); topPos.PositionId != 0 {
rsp.User.Position = protocol.Job{
Id: topPos.PositionId,
Name: topPos.Name,
}
}
return
}
... ...