mmm-go / opp · 提交

转到一个项目

作者 yangfu
提交 a0c6257c1460c5d7b3ae164e1a20afe2f219f53b 1 个父辈 0be507b6

增加 权限认证

内嵌 并排对比
正在显示 10 个修改的文件 包含 253 行增加9 行删除
@@ -43,8 +43,8 @@ h5_host = "http://mmm-web-open-test.fjmaimaimai.com" @@ -43,8 +43,8 @@ h5_host = "http://mmm-web-open-test.fjmaimaimai.com"
43 #审核中心 43 #审核中心
44 suplus_approve_host ="http://suplus-approve-dev.fjmaimaimai.com" 44 suplus_approve_host ="http://suplus-approve-dev.fjmaimaimai.com"
45 45
46 -#阿里云 https://media.goexample.live/  
47 -cname ="https://media.fjmaimaimai.com/" 46 +#阿里云 https://media.fjmaimaimai.com/
  47 +cname ="https://media.goexample.live/"
48 48
49 #企业平台 49 #企业平台
50 BUSINESS_ADMIN_SERVICE_HOST ="${BUSINESS_ADMIN_SERVICE_HOST||http://suplus-business-admin-test.fjmaimaimai.com}" 50 BUSINESS_ADMIN_SERVICE_HOST ="${BUSINESS_ADMIN_SERVICE_HOST||http://suplus-business-admin-test.fjmaimaimai.com}"
@@ -202,6 +202,7 @@ func CheckToken(ctx *context.Context) (result bool) { @@ -202,6 +202,7 @@ func CheckToken(ctx *context.Context) (result bool) {
202 if strings.HasSuffix(ctx.Request.RequestURI, "loginModule") || 202 if strings.HasSuffix(ctx.Request.RequestURI, "loginModule") ||
203 strings.HasSuffix(ctx.Request.RequestURI, "accessToken") || 203 strings.HasSuffix(ctx.Request.RequestURI, "accessToken") ||
204 strings.HasSuffix(ctx.Request.RequestURI, "refreshToken") || 204 strings.HasSuffix(ctx.Request.RequestURI, "refreshToken") ||
  205 + strings.HasSuffix(ctx.Request.RequestURI, "authorize") ||
205 strings.HasSuffix(ctx.Request.RequestURI, "smsCode") { 206 strings.HasSuffix(ctx.Request.RequestURI, "smsCode") {
206 return true 207 return true
207 } 208 }
@@ -43,6 +43,27 @@ func (this *AuthController) Login() { @@ -43,6 +43,27 @@ func (this *AuthController) Login() {
43 msg = protocol.NewReturnResponse(auth.Login(header, request)) 43 msg = protocol.NewReturnResponse(auth.Login(header, request))
44 } 44 }
45 45
  46 +//Authorize 模块认证 (登录V2版本)
  47 +// @router /authorize [post]
  48 +func (this *AuthController) Authorize() {
  49 + var msg *protocol.ResponseMessage
  50 + defer func() {
  51 + this.Resp(msg)
  52 + }()
  53 + var request *protocol.AuthorizeRequest
  54 + if err := json.Unmarshal(this.ByteBody, &request); err != nil {
  55 + log.Error(err)
  56 + msg = protocol.BadRequestParam(1)
  57 + return
  58 + }
  59 + if b, m := this.Valid(request); !b {
  60 + msg = m
  61 + return
  62 + }
  63 + header := controllers.GetRequestHeader(this.Ctx)
  64 + msg = protocol.NewReturnResponse(auth.Authorize(header, request))
  65 +}
  66 +
46 //SmsCode 67 //SmsCode
47 // @router /smsCode [post] 68 // @router /smsCode [post]
48 func (this *AuthController) SmsCode() { 69 func (this *AuthController) SmsCode() {
@@ -4,12 +4,12 @@ const ( @@ -4,12 +4,12 @@ const (
4 RegionID = "cn-shanghai" 4 RegionID = "cn-shanghai"
5 5
6 //公司 6 //公司
7 - AccessKeyID = "LTAI4Fz1LUBW2fXp6QWaJHRS"  
8 - AccessKeySecret = "aLZXwK8pgrs10Ws03qcN7NsrSXFVsg" 7 + //AccessKeyID = "LTAI4Fz1LUBW2fXp6QWaJHRS"
  8 + //AccessKeySecret = "aLZXwK8pgrs10Ws03qcN7NsrSXFVsg"
9 9
10 //个人 10 //个人
11 - //AccessKeyID = "LTAI4FhiZ3UktC6N1u3H5GFC"  
12 - //AccessKeySecret = "UyspWwdni55CYQ02hUCint4qY2jNYO" 11 + AccessKeyID = "LTAI4FhiZ3UktC6N1u3H5GFC"
  12 + AccessKeySecret = "UyspWwdni55CYQ02hUCint4qY2jNYO"
13 ) 13 )
14 14
15 const ( 15 const (
@@ -59,6 +59,18 @@ type LoginResponse struct { @@ -59,6 +59,18 @@ type LoginResponse struct {
59 AuthCode string `json:"authCode"` 59 AuthCode string `json:"authCode"`
60 } 60 }
61 61
  62 +/*Authorize 模块认证 (登录V2版本)*/
  63 +type AuthorizeRequest struct {
  64 + Token string `json:"credentials" valid:"Required;"` //登录凭证
  65 + ClientId string `json:"clientId"` //客户端密钥
  66 + Uid int64 `json:"cuid" valid:"Required;"` //统一用户中心用户 UID
  67 + Cid int64 `json:"cid" valid:"Required;"` //统一用户中心公司 ID
  68 + Muid int64 `json:"muid" valid:"Required;"` //企业平台中的用户 UID
  69 +}
  70 +type AuthorizeResponse struct {
  71 + AuthCode string `json:"authCode"`
  72 +}
  73 +
62 /*统一用户中心登录*/ 74 /*统一用户中心登录*/
63 type UserCenterLoginRequest struct { 75 type UserCenterLoginRequest struct {
64 Phone string `json:"phone"` 76 Phone string `json:"phone"`
@@ -65,6 +65,7 @@ type UserStatisticsResponse struct { @@ -65,6 +65,7 @@ type UserStatisticsResponse struct {
65 65
66 type User struct { 66 type User struct {
67 UserId int64 `json:"uid"` 67 UserId int64 `json:"uid"`
  68 + MUserId int64 `json:"muid"` //中台用户ID
68 Name string `json:"uname"` 69 Name string `json:"uname"`
69 Phone string `json:"phone"` 70 Phone string `json:"phone"`
70 Image Picture `json:"image"` 71 Image Picture `json:"image"`
@@ -49,6 +49,14 @@ func init() { @@ -49,6 +49,14 @@ func init() {
49 49
50 beego.GlobalControllerRouter["opp/controllers/v1:AuthController"] = append(beego.GlobalControllerRouter["opp/controllers/v1:AuthController"], 50 beego.GlobalControllerRouter["opp/controllers/v1:AuthController"] = append(beego.GlobalControllerRouter["opp/controllers/v1:AuthController"],
51 beego.ControllerComments{ 51 beego.ControllerComments{
  52 + Method: "Authorize",
  53 + Router: `/authorize`,
  54 + AllowHTTPMethods: []string{"post"},
  55 + MethodParams: param.Make(),
  56 + Params: nil})
  57 +
  58 + beego.GlobalControllerRouter["opp/controllers/v1:AuthController"] = append(beego.GlobalControllerRouter["opp/controllers/v1:AuthController"],
  59 + beego.ControllerComments{
52 Method: "Login", 60 Method: "Login",
53 Router: `/loginModule`, 61 Router: `/loginModule`,
54 AllowHTTPMethods: []string{"post"}, 62 AllowHTTPMethods: []string{"post"},
@@ -161,6 +161,35 @@ func CheckUserModuleAuth(uid int64) (auth bool) { @@ -161,6 +161,35 @@ func CheckUserModuleAuth(uid int64) (auth bool) {
161 return response.UserAuth 161 return response.UserAuth
162 } 162 }
163 163
  164 +func GetUserModuleAuth(uid int64) (message *protocol.Message, auth bool) {
  165 + var req = NewRequest(fmt.Sprintf("%v%v", beego.AppConfig.String("BUSINESS_ADMIN_SERVICE_HOST"), MethodUserAuth), http.MethodPost)
  166 + message = &protocol.Message{}
  167 + auth = false
  168 + var request = struct {
  169 + UserId string `json:"userId"`
  170 + PlatformId string `json:"platformId"`
  171 + }{UserId: fmt.Sprintf("%v", uid), PlatformId: "3"} //平台id:1素+;2问题;3机会;18价值
  172 + var response = struct {
  173 + UserAuth bool `json:"userAuth"`
  174 + }{}
  175 + if data, err := req.ActionDefault(request, &message); err != nil {
  176 + log.Error(err)
  177 + return
  178 + } else {
  179 + log.Debug(req.Url, uid, string(data))
  180 + }
  181 + if message.Errno != 0 {
  182 + log.Debug("CheckUserModuleAuth :", message.Errno, message.Errmsg)
  183 + return
  184 + }
  185 + if err := json.Unmarshal(message.Data, &response); err != nil {
  186 + log.Error(err, message, string(message.Data))
  187 + return
  188 + }
  189 + auth = response.UserAuth
  190 + return
  191 +}
  192 +
164 type Request struct { 193 type Request struct {
165 HttpReq *httplib.BeegoHTTPRequest 194 HttpReq *httplib.BeegoHTTPRequest
166 Url string 195 Url string
@@ -281,6 +281,177 @@ Success: @@ -281,6 +281,177 @@ Success:
281 return 281 return
282 } 282 }
283 283
  284 +//模块认证 (登录V2版本)
  285 +func Authorize(header *protocol.RequestHeader, request *protocol.AuthorizeRequest) (rsp *protocol.AuthorizeResponse, err error) {
  286 + var ()
  287 + rsp = &protocol.AuthorizeResponse{}
  288 + var (
  289 + user *models.User
  290 + userAuth *models.UserAuth
  291 + id = request.Uid
  292 + getUserRequest *protocol.UCenterServerLoginRequest = &protocol.UCenterServerLoginRequest{
  293 + Uid: id,
  294 + Token: request.Token,
  295 + Type: 2,
  296 + CompanyId: request.Cid, //当前登录的公司编号
  297 + }
  298 + getUserResponse *protocol.UCenterGetUserResponse
  299 + message *protocol.Message
  300 + //currentCompany *models.Company
  301 + //companys []*models.Company
  302 + userCompany *models.UserCompany
  303 + company *models.Company
  304 + )
  305 + //判断用户是否添加
  306 + user, err = models.GetUserByUcenterId(id)
  307 + if err != nil {
  308 + log.Error(err)
  309 + err = protocol.NewErrWithMessage(2002, err) //账号不存在
  310 + return
  311 + }
  312 + //判断用户所属公司是否有权限
  313 + //if companys, err = models.GetCompanyByPermission(user.Id); err != nil {
  314 + // log.Error(err)
  315 + // err = protocol.NewErrWithMessage(2002, err) //账号不存在
  316 + // return
  317 + //}
  318 + //if len(companys) == 0 {
  319 + // err = protocol.NewErrWithMessage(2002, err) //账号不存在
  320 + // return
  321 + //}
  322 +
  323 + //权限验证 判断用户公司是否存在
  324 + if userCompany, err = models.GetUserCompanyById(request.Muid); err != nil {
  325 + log.Error(err, request.Muid)
  326 + err = protocol.NewErrWithMessage(2002, err) //TODO:用户不存在
  327 + return
  328 + }
  329 + if userCompany.Enable != 1 {
  330 + err = protocol.NewErrWithMessage(2002, err) //TODO:用户无权限
  331 + log.Error(err)
  332 + return
  333 + }
  334 + if company, err = models.GetCompanyById(request.Cid); err != nil || company.Enable != 1 {
  335 + log.Error(err, request.Cid)
  336 + err = protocol.NewErrWithMessage(2002, err) //TODO:公司模块不存在
  337 + return
  338 + }
  339 + if company.Enable != 1 {
  340 + err = protocol.NewErrWithMessage(2002, err) //TODO:公司模块被禁用
  341 + log.Error(err)
  342 + return
  343 + }
  344 +
  345 + if !utils.ValidVersion(header.Version, protocol.RequireVersion) {
  346 + log.Warn(fmt.Sprintf("版本不足 当前手机版本:%v 需要版本大于:%v", header.Version, protocol.RequireVersion))
  347 + err = protocol.NewCustomMessage(2002, "版本不足,请升级app") //账号不存在
  348 + return
  349 + }
  350 + //验证 当前登录的公司是否有模块权限
  351 + if err = CheckBusinessAuth(header, request.Muid); err != nil {
  352 + log.Error(request.Muid, err)
  353 + return
  354 + }
  355 + //获取最后一次公司编号给统一用户中心
  356 + //if u, e := models.GetUserAuthByUserId(user.Id, protocol.DeviceType); e == nil && user.UserCenterId == id {
  357 + // if currentCompany, e = models.GetCompanyById(u.CurrentCompanyId); e == nil {
  358 + // getUserRequest.CompanyId = currentCompany.UserCenterId
  359 + // }
  360 + //}
  361 +
  362 + //从用户中心获取用户信息
  363 + if _, err = agg.RequestUserCenter(protocol.MethodServerLogin, http.MethodPost, getUserRequest, &message); err != nil {
  364 + log.Error(err)
  365 + return
  366 + }
  367 + log.Debug(fmt.Sprintf("ucenter_id:%v user_id:%v getuser response:", request.Uid, request.Muid), message.Errno, message.Errmsg)
  368 + if message.Errno == 0 && message.Errmsg == "ok" {
  369 + if err = message.Unmarshal(&getUserResponse); err != nil {
  370 + log.Error(err)
  371 + return
  372 + }
  373 + }
  374 + switch message.Errno {
  375 + case -1:
  376 + err = protocol.NewErrWithMessage(2002, err) //账号不存在
  377 + return
  378 + case 0:
  379 + goto Success
  380 + case 2002:
  381 + err = protocol.NewErrWithMessage(2002, err) //账号不存在
  382 + return
  383 + case 10001:
  384 + err = protocol.NewErrWithMessage(2002, err) //账号不存在
  385 + return
  386 + case 10003:
  387 + err = protocol.NewErrWithMessage(4140, err) //账号不存在
  388 + return
  389 + default:
  390 + log.Error(fmt.Sprintf("error_no:%v msg:%v", message.Errno, message.Errmsg))
  391 + err = protocol.NewErrWithMessage(4140, err)
  392 + return
  393 + }
  394 +
  395 +Success:
  396 + {
  397 + userAuth, err = models.GetUserAuthByUserId(user.Id, 1)
  398 + if err != nil {
  399 + if err == orm.ErrNoRows {
  400 + err = nil
  401 + userAuth = &models.UserAuth{
  402 + UserId: user.Id,
  403 + DeviceType: 1, //int8(header.DeviceType),
  404 + CurrentCompanyId: request.Muid,
  405 + CurrentUserCompanyId: request.Cid,
  406 + }
  407 + models.AddUserAuth(userAuth)
  408 + } else {
  409 + log.Error(err)
  410 + return
  411 + }
  412 + }
  413 + userAuth.AuthCode = uid.NewV1().StringNoDash()
  414 + userAuth.CurrentCompanyId = request.Cid
  415 + userAuth.CurrentUserCompanyId = request.Muid
  416 +
  417 + /*更新用户信息*/
  418 + user.CsAccount = getUserResponse.CustomerAccount
  419 + user.ImToken = getUserResponse.ImToken
  420 + user.Icon = getUserResponse.Avatar
  421 + user.NickName = getUserResponse.NickName
  422 + user.Accid = getUserResponse.Accid
  423 + user.UserCenterId = getUserResponse.Id
  424 + if err = models.UpdateUsersById(user); err != nil {
  425 + log.Error(err)
  426 + return
  427 + }
  428 + userAuth.AuthCodeExp = time.Now().Add(time.Second * protocol.TokenExpire)
  429 + if err = models.UpdateUserAuthById(userAuth); err != nil {
  430 + return
  431 + }
  432 + rsp = &protocol.AuthorizeResponse{AuthCode: userAuth.AuthCode}
  433 + }
  434 + err = protocol.NewSuccessWithMessage("登录成功")
  435 + return
  436 +}
  437 +
  438 +//检查企业平台权限
  439 +func CheckBusinessAuth(header *protocol.RequestHeader, muid int64) (err error) {
  440 + var (
  441 + hasAuth bool
  442 + authMessage *protocol.Message
  443 + )
  444 + if authMessage, hasAuth = agg.GetUserModuleAuth(muid); !hasAuth {
  445 + err = protocol.NewCustomMessage(2002, authMessage.Errmsg) //账号不存在
  446 + return
  447 + }
  448 + if authMessage.Errno != 0 {
  449 + err = protocol.NewCustomMessage(authMessage.Errno, authMessage.Errmsg) //账号不存在
  450 + return
  451 + }
  452 + return
  453 +}
  454 +
284 //统一用户中心登录 455 //统一用户中心登录
285 func UCenterLogin(header *protocol.RequestHeader, request *protocol.UCenterLoginRequest) (rsp *protocol.UCenterLoginResponse, err error) { 456 func UCenterLogin(header *protocol.RequestHeader, request *protocol.UCenterLoginRequest) (rsp *protocol.UCenterLoginResponse, err error) {
286 var ( 457 var (
@@ -357,9 +357,10 @@ func UserInfo(header *protocol.RequestHeader, request *protocol.UserInfoRequest) @@ -357,9 +357,10 @@ func UserInfo(header *protocol.RequestHeader, request *protocol.UserInfoRequest)
357 } 357 }
358 rsp = &protocol.UserInfoResponse{ 358 rsp = &protocol.UserInfoResponse{
359 User: protocol.User{ 359 User: protocol.User{
360 - UserId: header.UserId,  
361 - Name: userBaseAgg.User.NickName,  
362 - Phone: userBaseAgg.User.Phone, 360 + UserId: header.UserId,
  361 + MUserId: header.UserId,
  362 + Name: userBaseAgg.User.NickName,
  363 + Phone: userBaseAgg.User.Phone,
363 Image: protocol.Picture{ 364 Image: protocol.Picture{
364 Path: userBaseAgg.User.Icon, 365 Path: userBaseAgg.User.Icon,
365 H: 0, 366 H: 0,