作者 tangxuhui

校验token时,增加对手机账号的检查

@@ -136,7 +136,7 @@ func ChangeLoginToken(userid, companyid int64) (protocol.LoginAuthToken, error) @@ -136,7 +136,7 @@ func ChangeLoginToken(userid, companyid int64) (protocol.LoginAuthToken, error)
136 log.Debug("无效公司") 136 log.Debug("无效公司")
137 return logintoken, protocol.NewErrWithMessage("10207") 137 return logintoken, protocol.NewErrWithMessage("10207")
138 } 138 }
139 - logintoken, err = GenerateAuthToken(userid, companydata.Id, usercompany.Id) 139 + logintoken, err = GenerateAuthToken(userid, companydata.Id, usercompany.Id, usercompany.Phone)
140 if err != nil { 140 if err != nil {
141 log.Error("GenerateAuthToken err:%s", err) 141 log.Error("GenerateAuthToken err:%s", err)
142 return logintoken, protocol.NewErrWithMessage("1") 142 return logintoken, protocol.NewErrWithMessage("1")
@@ -486,7 +486,7 @@ func LoginAuthBySmsCode(uclientReturn *ucenter.ResponseLoginSms) ( @@ -486,7 +486,7 @@ func LoginAuthBySmsCode(uclientReturn *ucenter.ResponseLoginSms) (
486 return logintoken, protocol.NewErrWithMessage("1") 486 return logintoken, protocol.NewErrWithMessage("1")
487 } 487 }
488 usercompanyid = ucompany.Id 488 usercompanyid = ucompany.Id
489 - logintoken, _ = GenerateAuthToken(userdata.Id, companyid, usercompanyid) 489 + logintoken, _ = GenerateAuthToken(userdata.Id, companyid, usercompanyid, userdata.Phone)
490 //更新用户数据 490 //更新用户数据
491 userdata.Accid = uclientReturn.Data.CsAccountID 491 userdata.Accid = uclientReturn.Data.CsAccountID
492 userdata.Icon = uclientReturn.Data.Image.Path 492 userdata.Icon = uclientReturn.Data.Image.Path
@@ -639,7 +639,7 @@ func LoginAuthBySecretKey(secretKey string) (protocol.LoginAuthToken, error) { @@ -639,7 +639,7 @@ func LoginAuthBySecretKey(secretKey string) (protocol.LoginAuthToken, error) {
639 log.Error("获取user_company失败;%s", err) 639 log.Error("获取user_company失败;%s", err)
640 return logintoken, protocol.NewErrWithMessage("10202") 640 return logintoken, protocol.NewErrWithMessage("10202")
641 } 641 }
642 - logintoken, _ = GenerateAuthToken(ucompany.UserId, ucompany.CompanyId, ucompany.Id) 642 + logintoken, _ = GenerateAuthToken(ucompany.UserId, ucompany.CompanyId, ucompany.Id, ucompany.Phone)
643 //更新用户数据 643 //更新用户数据
644 //用户数据的更新 交由数据同步的接口处理 644 //用户数据的更新 交由数据同步的接口处理
645 // var userdata *models.User 645 // var userdata *models.User
@@ -20,10 +20,11 @@ type MyToken struct { @@ -20,10 +20,11 @@ type MyToken struct {
20 UID int64 `json:"uid"` 20 UID int64 `json:"uid"`
21 CompanyID int64 `json:"company_id"` 21 CompanyID int64 `json:"company_id"`
22 UserCompanyId int64 `json:"user_company_id"` 22 UserCompanyId int64 `json:"user_company_id"`
  23 + Account string `json:"account"`
23 } 24 }
24 25
25 //CreateJWTToken ... 26 //CreateJWTToken ...
26 -func CreateJWTToken(uid int64, companyid int64, userCompanyId int64, expires int64) (string, error) { 27 +func CreateJWTToken(uid int64, companyid int64, userCompanyId int64, account string, expires int64) (string, error) {
27 nowTime := time.Now().Unix() 28 nowTime := time.Now().Unix()
28 claims := MyToken{ 29 claims := MyToken{
29 StandardClaims: jwt.StandardClaims{ 30 StandardClaims: jwt.StandardClaims{
@@ -35,6 +36,7 @@ func CreateJWTToken(uid int64, companyid int64, userCompanyId int64, expires int @@ -35,6 +36,7 @@ func CreateJWTToken(uid int64, companyid int64, userCompanyId int64, expires int
35 UID: uid, 36 UID: uid,
36 CompanyID: companyid, 37 CompanyID: companyid,
37 UserCompanyId: userCompanyId, 38 UserCompanyId: userCompanyId,
  39 + Account: account,
38 } 40 }
39 41
40 token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) 42 token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
@@ -60,8 +62,8 @@ func ValidJWTToken(tokenString string) (*MyToken, error) { @@ -60,8 +62,8 @@ func ValidJWTToken(tokenString string) (*MyToken, error) {
60 log.Error("获取userCompany数据失败,id=%d", claims.UserCompanyId) 62 log.Error("获取userCompany数据失败,id=%d", claims.UserCompanyId)
61 return nil, fmt.Errorf("token Valid fail") 63 return nil, fmt.Errorf("token Valid fail")
62 } 64 }
63 - if userCompanyData.UserId != claims.UID {  
64 - log.Error("登录信息uid与用户数据不匹配, userCompanyData.UserId=%d, claims.UID=%d", userCompanyData.UserId, claims.UID) 65 + if userCompanyData.Phone != claims.Account {
  66 + log.Error("登录信息Account与用户数据不匹配, userCompanyData.Phone=%d, claims.Account=%d", userCompanyData.Phone, claims.Account)
65 return nil, fmt.Errorf("token Valid fail") 67 return nil, fmt.Errorf("token Valid fail")
66 } 68 }
67 return claims, nil 69 return claims, nil
@@ -79,7 +81,7 @@ func IsJwtErrorExpired(err error) bool { @@ -79,7 +81,7 @@ func IsJwtErrorExpired(err error) bool {
79 return false 81 return false
80 } 82 }
81 83
82 -func GenerateAuthToken(uid int64, companyid int64, usercompanyid int64) (protocol.LoginAuthToken, error) { 84 +func GenerateAuthToken(uid int64, companyid int64, usercompanyid int64, account string) (protocol.LoginAuthToken, error) {
83 var ( 85 var (
84 authToken protocol.LoginAuthToken 86 authToken protocol.LoginAuthToken
85 accesstoken string //主token,请求用 87 accesstoken string //主token,请求用
@@ -87,7 +89,7 @@ func GenerateAuthToken(uid int64, companyid int64, usercompanyid int64) (protoco @@ -87,7 +89,7 @@ func GenerateAuthToken(uid int64, companyid int64, usercompanyid int64) (protoco
87 err error 89 err error
88 nowtime = time.Now() 90 nowtime = time.Now()
89 ) 91 )
90 - accesstoken, err = CreateJWTToken(uid, companyid, usercompanyid, nowtime.Unix()+expiresIn+1) 92 + accesstoken, err = CreateJWTToken(uid, companyid, usercompanyid, account, nowtime.Unix()+expiresIn+1)
91 if err != nil { 93 if err != nil {
92 return authToken, err 94 return authToken, err
93 } 95 }