...
|
...
|
@@ -2,11 +2,19 @@ package auth |
|
|
|
|
|
import (
|
|
|
"fmt"
|
|
|
"github.com/tiptok/gocomm/xa/eda"
|
|
|
"gitlab.fjmaimaimai.com/mmm-go/partner/pkg/application/factory"
|
|
|
"gitlab.fjmaimaimai.com/mmm-go/partner/pkg/application/userAuth"
|
|
|
"gitlab.fjmaimaimai.com/mmm-go/partner/pkg/constant"
|
|
|
"gitlab.fjmaimaimai.com/mmm-go/partner/pkg/domain"
|
|
|
"gitlab.fjmaimaimai.com/mmm-go/partner/pkg/domain/event"
|
|
|
"gitlab.fjmaimaimai.com/mmm-go/partner/pkg/infrastructure/domain_service"
|
|
|
http_gateway "gitlab.fjmaimaimai.com/mmm-go/partner/pkg/infrastructure/svr"
|
|
|
"gitlab.fjmaimaimai.com/mmm-go/partner/pkg/infrastructure/utils"
|
|
|
"gitlab.fjmaimaimai.com/mmm-go/partner/pkg/log"
|
|
|
"gitlab.fjmaimaimai.com/mmm-go/partner/pkg/protocol"
|
|
|
protocolx "gitlab.fjmaimaimai.com/mmm-go/partner/pkg/protocol/auth"
|
|
|
"strconv"
|
|
|
"strings"
|
|
|
"time"
|
|
|
)
|
...
|
...
|
@@ -66,9 +74,15 @@ func Login(header *protocol.RequestHeader, request *protocol.LoginRequest) (rsp |
|
|
err = protocol.NewCustomMessage(1, "登录方式不支持!")
|
|
|
break
|
|
|
}
|
|
|
rsp.AuthCode, _ = utils.GenerateToken(partnerInfo.Id, protocol.AuthCodeExpire*time.Second)
|
|
|
userClaim := utils.UserTokenClaims{
|
|
|
UserId: partnerInfo.Id,
|
|
|
Phone: partnerInfo.Account,
|
|
|
AdminType: int(protocolx.AdminTypePartner),
|
|
|
CompanyId: 1, //默认公司
|
|
|
}
|
|
|
rsp.AuthCode, _ = utils.GenerateTokenWithClaim(userClaim, protocol.AuthCodeExpire*time.Second)
|
|
|
|
|
|
if err = InitOrUpdateUserIMInfo(partnerInfo, transactionContext); err != nil {
|
|
|
if _, err = InitOrUpdateUserIMInfo(partnerInfo.Id, partnerInfo.PartnerName, transactionContext); err != nil {
|
|
|
log.Error(err)
|
|
|
return
|
|
|
}
|
...
|
...
|
@@ -105,24 +119,45 @@ func AccessToken(request *protocol.AccessTokenRequest) (rsp *protocol.AccessToke |
|
|
err = protocol.NewErrWithMessage(1, fmt.Errorf("jwt authCode (%v) valid", request.AuthCode))
|
|
|
return
|
|
|
}
|
|
|
rsp.AccessToken, _ = utils.GenerateToken(claim.UserId, protocol.TokenExpire*time.Second)
|
|
|
rsp.RefreshToken, _ = utils.GenerateToken(claim.UserId, protocol.RefreshTokenExipre*time.Second)
|
|
|
userClaims := utils.UserTokenClaims{
|
|
|
UserId: claim.UserId,
|
|
|
CompanyId: claim.CompanyId,
|
|
|
AdminType: claim.AdminType,
|
|
|
Phone: claim.Phone,
|
|
|
}
|
|
|
rsp.AccessToken, _ = utils.GenerateTokenWithClaim(userClaims, protocol.TokenExpire*time.Second)
|
|
|
rsp.RefreshToken, _ = utils.GenerateTokenWithClaim(userClaims, protocol.RefreshTokenExipre*time.Second)
|
|
|
rsp.ExpiresIn = protocol.TokenExpire
|
|
|
|
|
|
//auth := userAuth.NewRedisUserAuth(userAuth.WithUserId(claim.UserId),
|
|
|
// userAuth.WithAccessToken(rsp.AccessToken),
|
|
|
// userAuth.WithRefreshToken(rsp.RefreshToken))
|
|
|
//if err = auth.AddAuth(); err != nil {
|
|
|
// log.Error(err)
|
|
|
// return
|
|
|
//}
|
|
|
eda.Publish(&event.AccessTokenEvent{
|
|
|
UserPhone: claim.Phone,
|
|
|
AccessToken: rsp.AccessToken,
|
|
|
RefreshToken: rsp.RefreshToken,
|
|
|
})
|
|
|
return
|
|
|
}
|
|
|
|
|
|
func RefreshToken(request *protocol.RefreshTokenRequest) (rsp *protocol.RefreshTokenResponse, err error) {
|
|
|
var (
|
|
|
claim *utils.UserTokenClaims
|
|
|
transactionContext, _ = factory.CreateTransactionContext(nil)
|
|
|
PartnerInfoService, _ = factory.CreatePartnerInfoRepositoryIn(transactionContext)
|
|
|
UsersRepository, _ = factory.CreateUsersRepository(transactionContext)
|
|
|
CompanyRepository, _ = factory.CreateCompanyRepository(transactionContext)
|
|
|
|
|
|
partnerInfo *domain.PartnerInfo
|
|
|
user *domain.Users
|
|
|
company *domain.Company
|
|
|
userId int64
|
|
|
)
|
|
|
|
|
|
if err = transactionContext.StartTransaction(); err != nil {
|
|
|
return nil, err
|
|
|
}
|
|
|
defer func() {
|
|
|
transactionContext.RollbackTransaction()
|
|
|
}()
|
|
|
|
|
|
rsp = &protocol.RefreshTokenResponse{}
|
|
|
if claim, err = utils.ParseJWTToken(request.RefreshToken); err != nil {
|
|
|
err = protocol.NewErrWithMessage(4140, err)
|
...
|
...
|
@@ -132,23 +167,58 @@ func RefreshToken(request *protocol.RefreshTokenRequest) (rsp *protocol.RefreshT |
|
|
err = protocol.NewErrWithMessage(1, fmt.Errorf("jwt refrshToken (%v) valid", request.RefreshToken))
|
|
|
return
|
|
|
}
|
|
|
//oldAuth := userAuth.NewRedisUserAuth(userAuth.WithUserId(claim.UserId))
|
|
|
//if err = oldAuth.Check(userAuth.NewOptions(userAuth.WithRefreshToken(request.RefreshToken))); err != nil {
|
|
|
// log.Error(err)
|
|
|
// err = protocol.NewErrWithMessage(4140, err)
|
|
|
// return
|
|
|
//}
|
|
|
rsp.AccessToken, _ = utils.GenerateToken(claim.UserId, protocol.TokenExpire*time.Second)
|
|
|
rsp.RefreshToken, _ = utils.GenerateToken(claim.UserId, protocol.RefreshTokenExipre*time.Second)
|
|
|
if company, err = CompanyRepository.FindOne(map[string]interface{}{"id": claim.CompanyId, "status": 1, "enable": 1}); err != nil || company == nil {
|
|
|
log.Error(err)
|
|
|
err = protocol.NewErrWithMessage(4140, err)
|
|
|
return
|
|
|
}
|
|
|
|
|
|
switch claim.AdminType {
|
|
|
case int(protocolx.AdminTypePartner):
|
|
|
if partnerInfo, err = PartnerInfoService.FindOne(map[string]interface{}{"account": claim.Phone, "companyId": claim.CompanyId, "status": 1}); err != nil || partnerInfo == nil {
|
|
|
log.Error(err)
|
|
|
err = protocol.NewErrWithMessage(4140, err)
|
|
|
return
|
|
|
}
|
|
|
userId = partnerInfo.Id
|
|
|
break
|
|
|
case int(protocolx.AdminTypeManager):
|
|
|
if user, err = UsersRepository.FindOne(map[string]interface{}{"phone": claim.Phone, "companyId": claim.CompanyId, "status": 1}); err != nil || user == nil {
|
|
|
log.Error(err)
|
|
|
err = protocol.NewErrWithMessage(4140, err)
|
|
|
return
|
|
|
}
|
|
|
userId = user.Id
|
|
|
break
|
|
|
default:
|
|
|
err = protocol.NewErrWithMessage(4140, err)
|
|
|
return
|
|
|
}
|
|
|
|
|
|
userClaim := utils.UserTokenClaims{
|
|
|
UserId: userId,
|
|
|
Phone: claim.Phone,
|
|
|
AdminType: claim.AdminType,
|
|
|
CompanyId: claim.CompanyId,
|
|
|
}
|
|
|
rsp.AccessToken, _ = utils.GenerateTokenWithClaim(userClaim, protocol.TokenExpire*time.Second)
|
|
|
rsp.RefreshToken, _ = utils.GenerateTokenWithClaim(userClaim, protocol.RefreshTokenExipre*time.Second)
|
|
|
rsp.ExpiresIn = protocol.TokenExpire
|
|
|
|
|
|
//newAuth := userAuth.NewRedisUserAuth(userAuth.WithUserId(claim.UserId),
|
|
|
// userAuth.WithAccessToken(rsp.AccessToken),
|
|
|
// userAuth.WithRefreshToken(rsp.RefreshToken))
|
|
|
//if err = newAuth.AddAuth(); err != nil {
|
|
|
// log.Error(err)
|
|
|
// return
|
|
|
//}
|
|
|
if err = eda.Publish(&event.RefreshTokenEvent{
|
|
|
UserPhone: claim.Phone,
|
|
|
AccessToken: rsp.AccessToken,
|
|
|
RefreshToken: rsp.RefreshToken,
|
|
|
OldRefreshToken: request.RefreshToken,
|
|
|
OldAccessToken: "",
|
|
|
}); err != nil {
|
|
|
log.Error(err)
|
|
|
rsp.RefreshToken = ""
|
|
|
rsp.AccessToken = ""
|
|
|
err = protocol.NewErrWithMessage(4140, err)
|
|
|
return
|
|
|
}
|
|
|
err = transactionContext.CommitTransaction()
|
|
|
return
|
|
|
}
|
|
|
|
...
|
...
|
@@ -192,3 +262,234 @@ func Revoke(header *protocol.RequestHeader, request *protocol.RevokeRequest) (rs |
|
|
//}
|
|
|
return
|
|
|
}
|
|
|
|
|
|
//注销登录
|
|
|
func UCenterRevoke(header *protocol.RequestHeader, userId int64) (rsp *protocol.RevokeResponse, err error) {
|
|
|
var (
|
|
|
transactionContext, _ = factory.CreateTransactionContext(nil)
|
|
|
UsersRepository, _ = factory.CreateUsersRepository(transactionContext)
|
|
|
user *domain.Users
|
|
|
)
|
|
|
|
|
|
rsp = &protocol.RevokeResponse{}
|
|
|
if err = transactionContext.StartTransaction(); err != nil {
|
|
|
return nil, err
|
|
|
}
|
|
|
defer func() {
|
|
|
transactionContext.RollbackTransaction()
|
|
|
}()
|
|
|
|
|
|
if user, err = UsersRepository.FindOne(map[string]interface{}{"openId": userId}); err != nil {
|
|
|
log.Error(err)
|
|
|
err = nil
|
|
|
return
|
|
|
}
|
|
|
id, _ := strconv.Atoi(user.Phone)
|
|
|
auth := userAuth.NewRedisUserAuth(userAuth.WithUserId(int64(id)))
|
|
|
if !auth.Exist() {
|
|
|
return
|
|
|
}
|
|
|
if err = auth.RemoveAuth(); err != nil {
|
|
|
log.Error(err)
|
|
|
return
|
|
|
}
|
|
|
err = transactionContext.CommitTransaction()
|
|
|
return
|
|
|
}
|
|
|
|
|
|
func CenterCompanys(header *protocol.RequestHeader, request *protocolx.CenterCompanysRequest) (v interface{}, err error) {
|
|
|
var (
|
|
|
transactionContext, _ = factory.CreateTransactionContext(nil)
|
|
|
imInfo *domain.ImInfo
|
|
|
loginSvr = domain_service.NewPgLoginService(transactionContext)
|
|
|
)
|
|
|
phoneId, e := strconv.Atoi(request.Phone)
|
|
|
if e != nil {
|
|
|
log.Error(e)
|
|
|
e = protocol.NewErrWithMessage(2)
|
|
|
return
|
|
|
}
|
|
|
rsp := &protocolx.CenterCompanysResponse{}
|
|
|
if err = transactionContext.StartTransaction(); err != nil {
|
|
|
log.Error(err)
|
|
|
return nil, err
|
|
|
}
|
|
|
defer func() {
|
|
|
transactionContext.RollbackTransaction()
|
|
|
}()
|
|
|
loginSvr.Init(request.Phone)
|
|
|
if len(loginSvr.Users) == 0 && len(loginSvr.PartnerInfo) == 0 {
|
|
|
err = protocol.NewErrWithMessage(10001)
|
|
|
return
|
|
|
}
|
|
|
switch request.GrantType {
|
|
|
case protocol.LoginByPassword:
|
|
|
if len(request.Password) == 0 {
|
|
|
err = protocol.NewCustomMessage(1, "密码不能为空!")
|
|
|
return
|
|
|
}
|
|
|
if loginSvr.ManagerLogin(request.Phone, request.Password) != nil && loginSvr.PartnerLogin(request.Phone, request.Password) != nil {
|
|
|
err = protocol.NewCustomMessage(1, "密码输入有误!")
|
|
|
return
|
|
|
}
|
|
|
break
|
|
|
case protocol.LoginBySmsCode:
|
|
|
if _, err = CheckSmsCode(request.Phone, request.Captcha); err != nil {
|
|
|
return
|
|
|
}
|
|
|
break
|
|
|
case protocol.LoginByCredentials:
|
|
|
if _, err = utils.ParseJWTToken(request.Credentials); err != nil {
|
|
|
err = protocol.NewErrWithMessage(4140, err)
|
|
|
return
|
|
|
}
|
|
|
default:
|
|
|
err = protocol.NewCustomMessage(1, "登录方式不支持!")
|
|
|
break
|
|
|
}
|
|
|
|
|
|
//获取统计信息
|
|
|
rsp.Partner, _ = loginSvr.PartnerStaticInfo()
|
|
|
rsp.Manager, _ = loginSvr.ManagerStaticInfo()
|
|
|
//没有有效人的时候
|
|
|
if !loginSvr.AvailableCompany {
|
|
|
err = protocol.NewErrWithMessage(10008) //账号禁用
|
|
|
return
|
|
|
}
|
|
|
|
|
|
var nickName string
|
|
|
if len(loginSvr.Users) > 0 {
|
|
|
nickName = loginSvr.Users[0].Name
|
|
|
} else if len(loginSvr.PartnerInfo) > 0 {
|
|
|
nickName = loginSvr.PartnerInfo[0].PartnerName
|
|
|
}
|
|
|
//初始化im信息
|
|
|
if imInfo, err = InitOrUpdateUserIMInfo(int64(phoneId), nickName, transactionContext); err != nil {
|
|
|
log.Error(err)
|
|
|
return
|
|
|
}
|
|
|
|
|
|
rsp.CsAccountID = fmt.Sprintf("%v", imInfo.CustomerImId)
|
|
|
rsp.ImToken = imInfo.ImToken
|
|
|
rsp.Accid, _ = strconv.Atoi(imInfo.ImId)
|
|
|
rsp.Phone = request.Phone
|
|
|
rsp.Credentials, _ = utils.GenerateToken(int64(phoneId), request.Phone, protocol.RefreshTokenExipre*time.Second)
|
|
|
|
|
|
err = transactionContext.CommitTransaction()
|
|
|
v = map[string]interface{}{"center": rsp}
|
|
|
return
|
|
|
}
|
|
|
|
|
|
func Companys(header *protocol.RequestHeader, request *protocolx.CompanysRequest) (rsp *protocolx.CompanysResponse, err error) {
|
|
|
var (
|
|
|
transactionContext, _ = factory.CreateTransactionContext(nil)
|
|
|
loginSvr = domain_service.NewPgLoginService(transactionContext)
|
|
|
claim *utils.UserTokenClaims
|
|
|
)
|
|
|
rsp = &protocolx.CompanysResponse{}
|
|
|
if err = transactionContext.StartTransaction(); err != nil {
|
|
|
log.Error(err)
|
|
|
return nil, err
|
|
|
}
|
|
|
defer func() {
|
|
|
transactionContext.RollbackTransaction()
|
|
|
}()
|
|
|
if claim, err = utils.ParseJWTToken(request.Credentials); err != nil {
|
|
|
err = protocol.NewErrWithMessage(4140, err)
|
|
|
return
|
|
|
}
|
|
|
loginSvr.Init(claim.Phone)
|
|
|
rsp.Partner, _ = loginSvr.PartnerStaticInfo()
|
|
|
rsp.Manager, _ = loginSvr.ManagerStaticInfo()
|
|
|
//没有有效人的时候
|
|
|
if !loginSvr.AvailableCompany {
|
|
|
err = protocol.NewErrWithMessage(4140, err) //账号禁用
|
|
|
return
|
|
|
}
|
|
|
err = transactionContext.CommitTransaction()
|
|
|
return
|
|
|
}
|
|
|
|
|
|
func LoginV2(header *protocol.RequestHeader, request *protocol.LoginRequestV2) (rsp *protocol.LoginResponse, err error) {
|
|
|
var (
|
|
|
claim *utils.UserTokenClaims
|
|
|
transactionContext, _ = factory.CreateTransactionContext(nil)
|
|
|
PartnerInfoRepository, _ = factory.CreatePartnerInfoRepositoryIn(transactionContext)
|
|
|
UsersRepository, _ = factory.CreateUsersRepository(transactionContext)
|
|
|
CompanyRepository, _ = factory.CreateCompanyRepository(transactionContext)
|
|
|
userId int64
|
|
|
adminApiGateway = http_gateway.NewHttplibBusinessAdminApiServiceGateway()
|
|
|
)
|
|
|
rsp = &protocol.LoginResponse{}
|
|
|
if err = transactionContext.StartTransaction(); err != nil {
|
|
|
return nil, err
|
|
|
}
|
|
|
defer func() {
|
|
|
transactionContext.RollbackTransaction()
|
|
|
}()
|
|
|
if claim, err = utils.ParseJWTToken(request.Credentials); err != nil {
|
|
|
err = protocol.NewErrWithMessage(4140, err)
|
|
|
return
|
|
|
}
|
|
|
if company, e := CompanyRepository.FindOne(map[string]interface{}{"id": request.Cid, "enable": 1}); e != nil || company == nil {
|
|
|
err = protocol.NewErrWithMessage(10007, err)
|
|
|
return
|
|
|
}
|
|
|
switch request.IdType {
|
|
|
case int(protocolx.AdminTypePartner):
|
|
|
if p, e := PartnerInfoRepository.FindOne(map[string]interface{}{"account": claim.Phone, "companyId": request.Cid, "deleteAtIsNull": true}); e == nil {
|
|
|
userId = p.Id
|
|
|
if !p.IsEnable() {
|
|
|
err = protocol.NewErrWithMessage(10006, err) //当前账号已被禁用
|
|
|
return
|
|
|
}
|
|
|
}
|
|
|
//TODO:验证公司模块权限
|
|
|
if _, adminUsers, e := UsersRepository.Find(map[string]interface{}{"inCompanyIds": []int64{int64(request.Cid)}, "adminType": 2}); e == nil {
|
|
|
if len(adminUsers) > 0 {
|
|
|
au := adminUsers[0]
|
|
|
if code, e := adminApiGateway.UserAuth(au.Id, constant.BUSINESS_ADMIN_PLATFORM_ID); e != nil || code != 0 {
|
|
|
log.Debug("【合伙人检查权限】", claim.Phone, "【公司】", request.Cid, au.Id, code, e.Error())
|
|
|
err = protocol.NewErrWithMessage(10008, err) // 抱歉,企业管理员未帮您开通权限
|
|
|
return
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
break
|
|
|
case int(protocolx.AdminTypeManager):
|
|
|
if p, e := UsersRepository.FindOne(map[string]interface{}{"phone": claim.Phone, "companyId": request.Cid, "deleteAtIsNull": true}); e == nil {
|
|
|
userId = p.Id
|
|
|
if !p.IsEnable() {
|
|
|
err = protocol.NewErrWithMessage(10006, err) //当前账号已被禁用
|
|
|
return
|
|
|
}
|
|
|
}
|
|
|
//校验模块权限
|
|
|
if userId != 0 {
|
|
|
if code, e := adminApiGateway.UserAuth(userId, constant.BUSINESS_ADMIN_PLATFORM_ID); e != nil || code != 0 {
|
|
|
log.Debug("【检查权限】", userId, "【公司】", request.Cid, "【错误】:", code, e.Error())
|
|
|
err = protocol.NewErrWithMessage(10008, err) // 抱歉,企业管理员未帮您开通权限
|
|
|
return
|
|
|
}
|
|
|
}
|
|
|
break
|
|
|
default:
|
|
|
err = protocol.NewErrWithMessage(2, fmt.Errorf("idType :%v not in range (1,2)", request.IdType)) //用户类型有误
|
|
|
return
|
|
|
}
|
|
|
if userId == 0 {
|
|
|
err = protocol.NewErrWithMessage(10001, err) //账号不存在
|
|
|
return
|
|
|
}
|
|
|
//根据simnum + cid
|
|
|
userClaims := utils.UserTokenClaims{
|
|
|
UserId: userId,
|
|
|
CompanyId: int64(request.Cid),
|
|
|
AdminType: request.IdType,
|
|
|
Phone: claim.Phone,
|
|
|
}
|
|
|
rsp.AuthCode, _ = utils.GenerateTokenWithClaim(userClaims, protocol.AuthCodeExpire*time.Second)
|
|
|
|
|
|
err = transactionContext.CommitTransaction()
|
|
|
return
|
|
|
} |
...
|
...
|
|