middle.go
3.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package middleware
import (
"fmt"
"oppmg/common/log"
"oppmg/protocol"
serveauth "oppmg/services/auth"
"oppmg/storage/redisdata"
"strings"
"github.com/astaxie/beego"
"github.com/astaxie/beego/plugins/cors"
"github.com/astaxie/beego/context"
)
//LogRequestData Before Router
var LogRequestData = func(ctx *context.Context) {
log.Info("====>Recv Request:%s", ctx.Input.URI())
hmap := map[string]string{
protocol.HeaderAccessToken: ctx.Input.Header(protocol.HeaderAccessToken),
//protocol.HeaderRefreshToken: ctx.Input.Header(protocol.HeaderRefreshToken),
}
if ctx.Input.RequestBody != nil {
if len(ctx.Input.RequestBody) > 1000 {
log.Info("====>Recv data from client:\nHeadData: %v \nBodyData: %s", hmap, string(ctx.Input.RequestBody[0:1000]))
} else {
log.Info("====>Recv data from client:\nHeadData: %v \nBodyData: %s", hmap, string(ctx.Input.RequestBody))
}
} else {
log.Info("====>Recv data from client:\nHeadData: %v ", hmap)
}
}
//AuthToken Before Router
var AuthToken = func(ctx *context.Context) {
ctx.Output.Header("Access-Control-Allow-Origin", "*")
log.Debug("执行中间件AuthToken")
var (
storetoken redisdata.RedisLoginToken
msg *protocol.ResponseMessage
err error
mtoken *serveauth.MyToken
)
accesstoken := ctx.Input.Header(protocol.HeaderAccessToken)
//解出需要的jwt串 例:头【Authorization】:Bearer 123token456
s := strings.Split(accesstoken, "\u0020")
if len(s) > 0 {
accesstoken = s[len(s)-1]
}
fmt.Println("===>", accesstoken)
if accesstoken == "123456" && beego.BConfig.RunMode != "prod" {
return
}
mtoken, err = serveauth.ValidJWTToken(accesstoken)
if err == nil {
storetoken, err = redisdata.GetLoginToken(mtoken.UID, mtoken.CompanyID)
if err != nil {
log.Error("redisdata.GetLoginToken err:%s", err)
msg = protocol.NewMessage("10024")
ctx.Output.JSON(msg, false, false)
return
}
if beego.BConfig.RunMode == "prod" {
//校验是否是单客户端操作
if storetoken.AccessToken != accesstoken {
msg = protocol.NewMessage("10025")
ctx.Output.JSON(msg, false, false)
return
}
}
redisdata.RefreshLoginTokenExpires(mtoken.UID, mtoken.CompanyID)
ctx.Input.SetData(protocol.HeaderCompanyid, mtoken.CompanyID)
ctx.Input.SetData(protocol.HeaderUserid, mtoken.UID)
ctx.Input.SetData(protocol.HeaderUCompanyid, mtoken.UserCompanyId)
log.Info("c=%d,u=%d,cu=%d", mtoken.CompanyID, mtoken.UID, mtoken.UserCompanyId)
return
}
if ok := serveauth.IsJwtErrorExpired(err); ok {
msg := protocol.NewMessage("10024")
ctx.Output.JSON(msg, false, false)
return
}
log.Error("token 校验失败:%s", err)
msg = protocol.NewMessage("10024")
ctx.Output.JSON(msg, false, false)
return
}
//AllowOption 允许跨域请求
var AllowOption = func(ctx *context.Context) {
if ctx.Request.Method != "OPTIONS" {
return
}
f := cors.Allow(&cors.Options{
AllowMethods: []string{"POST", "GET", "OPTIONS", "PUT", "DELETE"}, //允许的请求类型
AllowHeaders: []string{"Origin", "Accept", "Content-Type", "Authorization",
"x-mmm-cid", "x-mmm-uid", "x-mmm-accesstoken", "x-mmm-refreshtoken", "x-requested-with"}, //允许的头部信息
ExposeHeaders: []string{"Content-Length"}, //允许暴露的头信息
AllowCredentials: true, //不允许共享AuthTuffic证书
AllowAllOrigins: true, //允许的请求来源
})
f(ctx)
ctx.Output.SetStatus(204)
ctx.Output.Body(nil)
return
}
var LogRouter = func(ctx *context.Context) {
// RouterPattern
p := ctx.Input.GetData("RouterPattern")
fmt.Println("====>r:", p)
return
}
//CheckOperation 检查操作权限,beforeController
var CheckOperation = func(ctx *context.Context) {
}