作者 yangfu

增加 权限认证

... ... @@ -43,8 +43,8 @@ h5_host = "http://mmm-web-open-test.fjmaimaimai.com"
#审核中心
suplus_approve_host ="http://suplus-approve-dev.fjmaimaimai.com"
#阿里云 https://media.goexample.live/
cname ="https://media.fjmaimaimai.com/"
#阿里云 https://media.fjmaimaimai.com/
cname ="https://media.goexample.live/"
#企业平台
BUSINESS_ADMIN_SERVICE_HOST ="${BUSINESS_ADMIN_SERVICE_HOST||http://suplus-business-admin-test.fjmaimaimai.com}"
... ...
... ... @@ -202,6 +202,7 @@ func CheckToken(ctx *context.Context) (result bool) {
if strings.HasSuffix(ctx.Request.RequestURI, "loginModule") ||
strings.HasSuffix(ctx.Request.RequestURI, "accessToken") ||
strings.HasSuffix(ctx.Request.RequestURI, "refreshToken") ||
strings.HasSuffix(ctx.Request.RequestURI, "authorize") ||
strings.HasSuffix(ctx.Request.RequestURI, "smsCode") {
return true
}
... ...
... ... @@ -43,6 +43,27 @@ func (this *AuthController) Login() {
msg = protocol.NewReturnResponse(auth.Login(header, request))
}
//Authorize 模块认证 (登录V2版本)
// @router /authorize [post]
func (this *AuthController) Authorize() {
var msg *protocol.ResponseMessage
defer func() {
this.Resp(msg)
}()
var request *protocol.AuthorizeRequest
if err := json.Unmarshal(this.ByteBody, &request); err != nil {
log.Error(err)
msg = protocol.BadRequestParam(1)
return
}
if b, m := this.Valid(request); !b {
msg = m
return
}
header := controllers.GetRequestHeader(this.Ctx)
msg = protocol.NewReturnResponse(auth.Authorize(header, request))
}
//SmsCode
// @router /smsCode [post]
func (this *AuthController) SmsCode() {
... ...
... ... @@ -4,12 +4,12 @@ const (
RegionID = "cn-shanghai"
//公司
AccessKeyID = "LTAI4Fz1LUBW2fXp6QWaJHRS"
AccessKeySecret = "aLZXwK8pgrs10Ws03qcN7NsrSXFVsg"
//AccessKeyID = "LTAI4Fz1LUBW2fXp6QWaJHRS"
//AccessKeySecret = "aLZXwK8pgrs10Ws03qcN7NsrSXFVsg"
//个人
//AccessKeyID = "LTAI4FhiZ3UktC6N1u3H5GFC"
//AccessKeySecret = "UyspWwdni55CYQ02hUCint4qY2jNYO"
AccessKeyID = "LTAI4FhiZ3UktC6N1u3H5GFC"
AccessKeySecret = "UyspWwdni55CYQ02hUCint4qY2jNYO"
)
const (
... ...
... ... @@ -59,6 +59,18 @@ type LoginResponse struct {
AuthCode string `json:"authCode"`
}
/*Authorize 模块认证 (登录V2版本)*/
type AuthorizeRequest struct {
Token string `json:"credentials" valid:"Required;"` //登录凭证
ClientId string `json:"clientId"` //客户端密钥
Uid int64 `json:"cuid" valid:"Required;"` //统一用户中心用户 UID
Cid int64 `json:"cid" valid:"Required;"` //统一用户中心公司 ID
Muid int64 `json:"muid" valid:"Required;"` //企业平台中的用户 UID
}
type AuthorizeResponse struct {
AuthCode string `json:"authCode"`
}
/*统一用户中心登录*/
type UserCenterLoginRequest struct {
Phone string `json:"phone"`
... ...
... ... @@ -65,6 +65,7 @@ type UserStatisticsResponse struct {
type User struct {
UserId int64 `json:"uid"`
MUserId int64 `json:"muid"` //中台用户ID
Name string `json:"uname"`
Phone string `json:"phone"`
Image Picture `json:"image"`
... ...
... ... @@ -49,6 +49,14 @@ func init() {
beego.GlobalControllerRouter["opp/controllers/v1:AuthController"] = append(beego.GlobalControllerRouter["opp/controllers/v1:AuthController"],
beego.ControllerComments{
Method: "Authorize",
Router: `/authorize`,
AllowHTTPMethods: []string{"post"},
MethodParams: param.Make(),
Params: nil})
beego.GlobalControllerRouter["opp/controllers/v1:AuthController"] = append(beego.GlobalControllerRouter["opp/controllers/v1:AuthController"],
beego.ControllerComments{
Method: "Login",
Router: `/loginModule`,
AllowHTTPMethods: []string{"post"},
... ...
... ... @@ -161,6 +161,35 @@ func CheckUserModuleAuth(uid int64) (auth bool) {
return response.UserAuth
}
func GetUserModuleAuth(uid int64) (message *protocol.Message, auth bool) {
var req = NewRequest(fmt.Sprintf("%v%v", beego.AppConfig.String("BUSINESS_ADMIN_SERVICE_HOST"), MethodUserAuth), http.MethodPost)
message = &protocol.Message{}
auth = false
var request = struct {
UserId string `json:"userId"`
PlatformId string `json:"platformId"`
}{UserId: fmt.Sprintf("%v", uid), PlatformId: "3"} //平台id:1素+;2问题;3机会;18价值
var response = struct {
UserAuth bool `json:"userAuth"`
}{}
if data, err := req.ActionDefault(request, &message); err != nil {
log.Error(err)
return
} else {
log.Debug(req.Url, uid, string(data))
}
if message.Errno != 0 {
log.Debug("CheckUserModuleAuth :", message.Errno, message.Errmsg)
return
}
if err := json.Unmarshal(message.Data, &response); err != nil {
log.Error(err, message, string(message.Data))
return
}
auth = response.UserAuth
return
}
type Request struct {
HttpReq *httplib.BeegoHTTPRequest
Url string
... ...
... ... @@ -281,6 +281,177 @@ Success:
return
}
//模块认证 (登录V2版本)
func Authorize(header *protocol.RequestHeader, request *protocol.AuthorizeRequest) (rsp *protocol.AuthorizeResponse, err error) {
var ()
rsp = &protocol.AuthorizeResponse{}
var (
user *models.User
userAuth *models.UserAuth
id = request.Uid
getUserRequest *protocol.UCenterServerLoginRequest = &protocol.UCenterServerLoginRequest{
Uid: id,
Token: request.Token,
Type: 2,
CompanyId: request.Cid, //当前登录的公司编号
}
getUserResponse *protocol.UCenterGetUserResponse
message *protocol.Message
//currentCompany *models.Company
//companys []*models.Company
userCompany *models.UserCompany
company *models.Company
)
//判断用户是否添加
user, err = models.GetUserByUcenterId(id)
if err != nil {
log.Error(err)
err = protocol.NewErrWithMessage(2002, err) //账号不存在
return
}
//判断用户所属公司是否有权限
//if companys, err = models.GetCompanyByPermission(user.Id); err != nil {
// log.Error(err)
// err = protocol.NewErrWithMessage(2002, err) //账号不存在
// return
//}
//if len(companys) == 0 {
// err = protocol.NewErrWithMessage(2002, err) //账号不存在
// return
//}
//权限验证 判断用户公司是否存在
if userCompany, err = models.GetUserCompanyById(request.Muid); err != nil {
log.Error(err, request.Muid)
err = protocol.NewErrWithMessage(2002, err) //TODO:用户不存在
return
}
if userCompany.Enable != 1 {
err = protocol.NewErrWithMessage(2002, err) //TODO:用户无权限
log.Error(err)
return
}
if company, err = models.GetCompanyById(request.Cid); err != nil || company.Enable != 1 {
log.Error(err, request.Cid)
err = protocol.NewErrWithMessage(2002, err) //TODO:公司模块不存在
return
}
if company.Enable != 1 {
err = protocol.NewErrWithMessage(2002, err) //TODO:公司模块被禁用
log.Error(err)
return
}
if !utils.ValidVersion(header.Version, protocol.RequireVersion) {
log.Warn(fmt.Sprintf("版本不足 当前手机版本:%v 需要版本大于:%v", header.Version, protocol.RequireVersion))
err = protocol.NewCustomMessage(2002, "版本不足,请升级app") //账号不存在
return
}
//验证 当前登录的公司是否有模块权限
if err = CheckBusinessAuth(header, request.Muid); err != nil {
log.Error(request.Muid, err)
return
}
//获取最后一次公司编号给统一用户中心
//if u, e := models.GetUserAuthByUserId(user.Id, protocol.DeviceType); e == nil && user.UserCenterId == id {
// if currentCompany, e = models.GetCompanyById(u.CurrentCompanyId); e == nil {
// getUserRequest.CompanyId = currentCompany.UserCenterId
// }
//}
//从用户中心获取用户信息
if _, err = agg.RequestUserCenter(protocol.MethodServerLogin, http.MethodPost, getUserRequest, &message); err != nil {
log.Error(err)
return
}
log.Debug(fmt.Sprintf("ucenter_id:%v user_id:%v getuser response:", request.Uid, request.Muid), message.Errno, message.Errmsg)
if message.Errno == 0 && message.Errmsg == "ok" {
if err = message.Unmarshal(&getUserResponse); err != nil {
log.Error(err)
return
}
}
switch message.Errno {
case -1:
err = protocol.NewErrWithMessage(2002, err) //账号不存在
return
case 0:
goto Success
case 2002:
err = protocol.NewErrWithMessage(2002, err) //账号不存在
return
case 10001:
err = protocol.NewErrWithMessage(2002, err) //账号不存在
return
case 10003:
err = protocol.NewErrWithMessage(4140, err) //账号不存在
return
default:
log.Error(fmt.Sprintf("error_no:%v msg:%v", message.Errno, message.Errmsg))
err = protocol.NewErrWithMessage(4140, err)
return
}
Success:
{
userAuth, err = models.GetUserAuthByUserId(user.Id, 1)
if err != nil {
if err == orm.ErrNoRows {
err = nil
userAuth = &models.UserAuth{
UserId: user.Id,
DeviceType: 1, //int8(header.DeviceType),
CurrentCompanyId: request.Muid,
CurrentUserCompanyId: request.Cid,
}
models.AddUserAuth(userAuth)
} else {
log.Error(err)
return
}
}
userAuth.AuthCode = uid.NewV1().StringNoDash()
userAuth.CurrentCompanyId = request.Cid
userAuth.CurrentUserCompanyId = request.Muid
/*更新用户信息*/
user.CsAccount = getUserResponse.CustomerAccount
user.ImToken = getUserResponse.ImToken
user.Icon = getUserResponse.Avatar
user.NickName = getUserResponse.NickName
user.Accid = getUserResponse.Accid
user.UserCenterId = getUserResponse.Id
if err = models.UpdateUsersById(user); err != nil {
log.Error(err)
return
}
userAuth.AuthCodeExp = time.Now().Add(time.Second * protocol.TokenExpire)
if err = models.UpdateUserAuthById(userAuth); err != nil {
return
}
rsp = &protocol.AuthorizeResponse{AuthCode: userAuth.AuthCode}
}
err = protocol.NewSuccessWithMessage("登录成功")
return
}
//检查企业平台权限
func CheckBusinessAuth(header *protocol.RequestHeader, muid int64) (err error) {
var (
hasAuth bool
authMessage *protocol.Message
)
if authMessage, hasAuth = agg.GetUserModuleAuth(muid); !hasAuth {
err = protocol.NewCustomMessage(2002, authMessage.Errmsg) //账号不存在
return
}
if authMessage.Errno != 0 {
err = protocol.NewCustomMessage(authMessage.Errno, authMessage.Errmsg) //账号不存在
return
}
return
}
//统一用户中心登录
func UCenterLogin(header *protocol.RequestHeader, request *protocol.UCenterLoginRequest) (rsp *protocol.UCenterLoginResponse, err error) {
var (
... ...
... ... @@ -357,9 +357,10 @@ func UserInfo(header *protocol.RequestHeader, request *protocol.UserInfoRequest)
}
rsp = &protocol.UserInfoResponse{
User: protocol.User{
UserId: header.UserId,
Name: userBaseAgg.User.NickName,
Phone: userBaseAgg.User.Phone,
UserId: header.UserId,
MUserId: header.UserId,
Name: userBaseAgg.User.NickName,
Phone: userBaseAgg.User.Phone,
Image: protocol.Picture{
Path: userBaseAgg.User.Icon,
H: 0,
... ...