v2.0

server/internal/logic/middleware/admin_auth.go

@@ -0,0 +1,51 @@
+// Package middleware
+// @Link  https://github.com/bufanyun/hotgo
+// @Copyright  Copyright (c) 2022 HotGo CLI
+// @Author  Ms <133814250@qq.com>
+// @License  https://github.com/bufanyun/hotgo/blob/master/LICENSE
+//
+package middleware
+
+import (
+	"github.com/gogf/gf/v2/errors/gcode"
+	"github.com/gogf/gf/v2/frame/g"
+	"github.com/gogf/gf/v2/net/ghttp"
+	"github.com/gogf/gf/v2/text/gstr"
+	"hotgo/internal/consts"
+	"hotgo/internal/library/contexts"
+	"hotgo/internal/library/response"
+	"hotgo/internal/service"
+	"hotgo/utility/auth"
+)
+
+// AdminAuth 后台鉴权中间件
+func (s *sMiddleware) AdminAuth(r *ghttp.Request) {
+
+	var (
+		ctx = r.Context()
+	)
+
+	// 替换掉模块前缀
+	routerPrefix, _ := g.Cfg().Get(ctx, "router.admin.prefix", "/admin")
+	path := gstr.Replace(r.URL.Path, routerPrefix.String(), "", 1)
+
+	/// 不需要验证登录的路由地址
+	if auth.IsExceptLogin(ctx, path) {
+		r.Middleware.Next()
+		return
+	}
+
+	if err := inspectAuth(r, consts.AppAdmin); err != nil {
+		response.JsonExit(r, gcode.CodeNotAuthorized.Code(), err.Error())
+		return
+	}
+
+	// 验证路由访问权限
+	if !service.AdminRole().Verify(ctx, path, r.Method) {
+		g.Log().Warningf(ctx, "AdminAuth fail path:%+v, GetRoleKey:%+v, r.Method:%+v", path, contexts.GetRoleKey(ctx), r.Method)
+		response.JsonExit(r, gcode.CodeSecurityReason.Code(), "你没有访问权限！")
+		return
+	}
+
+	r.Middleware.Next()
+}

server/internal/logic/middleware/api_auth.go

@@ -0,0 +1,49 @@
+// Package middleware
+// @Link  https://github.com/bufanyun/hotgo
+// @Copyright  Copyright (c) 2022 HotGo CLI
+// @Author  Ms <133814250@qq.com>
+// @License  https://github.com/bufanyun/hotgo/blob/master/LICENSE
+//
+package middleware
+
+import (
+	"github.com/gogf/gf/v2/errors/gcode"
+	"github.com/gogf/gf/v2/frame/g"
+	"github.com/gogf/gf/v2/net/ghttp"
+	"github.com/gogf/gf/v2/text/gstr"
+	"hotgo/internal/consts"
+	"hotgo/internal/library/response"
+	"hotgo/utility/auth"
+)
+
+// ApiAuth API鉴权中间件
+func (s *sMiddleware) ApiAuth(r *ghttp.Request) {
+
+	var (
+		ctx = r.Context()
+	)
+
+	// 替换掉模块前缀
+	routerPrefix, _ := g.Cfg().Get(ctx, "router.api.prefix", "/api")
+	path := gstr.Replace(r.URL.Path, routerPrefix.String(), "", 1)
+
+	/// 不需要验证登录的路由地址
+	if auth.IsExceptLogin(ctx, path) {
+		r.Middleware.Next()
+		return
+	}
+
+	if err := inspectAuth(r, consts.AppAdmin); err != nil {
+		response.JsonExit(r, gcode.CodeNotAuthorized.Code(), err.Error())
+		return
+	}
+
+	//// 验证路由访问权限
+	//verify := adminService.Role.Verify(ctx, customCtx.User.Id, path)
+	//if !verify {
+	//	response.JsonExit(r, gcode.CodeSecurityReason.Code(), "你没有访问权限！")
+	//	return
+	//}
+
+	r.Middleware.Next()
+}

server/internal/logic/middleware/init.go

@@ -0,0 +1,172 @@
+// Package middleware
+// @Link  https://github.com/bufanyun/hotgo
+// @Copyright  Copyright (c) 2022 HotGo CLI
+// @Author  Ms <133814250@qq.com>
+// @License  https://github.com/bufanyun/hotgo/blob/master/LICENSE
+//
+package middleware
+
+import (
+	"github.com/gogf/gf/v2/crypto/gmd5"
+	"github.com/gogf/gf/v2/errors/gcode"
+	"github.com/gogf/gf/v2/errors/gerror"
+	"github.com/gogf/gf/v2/frame/g"
+	"github.com/gogf/gf/v2/net/ghttp"
+	"github.com/gogf/gf/v2/util/gconv"
+	"hotgo/internal/consts"
+	"hotgo/internal/library/cache"
+	"hotgo/internal/library/contexts"
+	"hotgo/internal/library/jwt"
+	"hotgo/internal/library/response"
+	"hotgo/internal/model"
+	"hotgo/internal/service"
+	"net/http"
+	"strings"
+)
+
+type sMiddleware struct {
+	LoginUrl      string // 登录路由地址
+	DemoWhiteList g.Map  // 演示模式放行的路由白名單
+}
+
+func init() {
+	service.RegisterMiddleware(New())
+}
+
+func New() *sMiddleware {
+	return &sMiddleware{
+		LoginUrl: "/common",
+		DemoWhiteList: g.Map{
+			"/admin/site/login": struct{}{}, // 后台登录
+		},
+	}
+}
+
+// Ctx 初始化请求上下文
+func (s *sMiddleware) Ctx(r *ghttp.Request) {
+	contexts.Init(r, &model.Context{
+		Data:   make(g.Map),
+		Module: getModule(r.URL.Path),
+	})
+
+	r.Middleware.Next()
+}
+
+func getModule(path string) (module string) {
+	slice := strings.Split(path, "/")
+	if len(slice) < 2 {
+		module = consts.AppDefault
+		return
+	}
+
+	if slice[1] == "" {
+		module = consts.AppDefault
+		return
+	}
+
+	return slice[1]
+}
+
+// CORS allows Cross-origin resource sharing.
+func (s *sMiddleware) CORS(r *ghttp.Request) {
+	r.Response.CORSDefault()
+	r.Middleware.Next()
+}
+
+// DemoLimit 演示系統操作限制
+func (s *sMiddleware) DemoLimit(r *ghttp.Request) {
+	isDemo, _ := g.Cfg().Get(r.Context(), "hotgo.isDemo", false)
+	if !isDemo.Bool() {
+		r.Middleware.Next()
+		return
+	}
+
+	if r.Method == http.MethodPost {
+		if _, ok := s.DemoWhiteList[r.URL.Path]; ok {
+			r.Middleware.Next()
+			return
+		}
+		response.JsonExit(r, gcode.CodeInvalidRequest.Code(), "演示系統禁止操作！")
+		return
+	}
+
+	r.Middleware.Next()
+}
+
+// inspectAuth 检查并完成身份认证
+func inspectAuth(r *ghttp.Request, appName string) error {
+	var (
+		ctx           = r.Context()
+		user          = new(model.Identity)
+		authorization = jwt.GetAuthorization(r)
+		c             = cache.New()
+		customCtx     = &model.Context{}
+	)
+
+	if authorization == "" {
+		return gerror.New("请先登录！")
+	}
+
+	// 获取jwtToken
+	jwtToken := consts.RedisJwtToken + gmd5.MustEncryptString(authorization)
+	jwtSign, _ := g.Cfg().Get(ctx, "jwt.sign", "hotgo")
+
+	data, ParseErr := jwt.ParseToken(authorization, jwtSign.Bytes())
+	if ParseErr != nil {
+		return gerror.Newf("token不正确或已过期! err :%+v", ParseErr.Error())
+	}
+
+	parseErr := gconv.Struct(data, &user)
+	if parseErr != nil {
+		return gerror.Newf("登录信息解析异常，请重新登录！ err :%+v", ParseErr.Error())
+	}
+
+	// 判断token跟redis的缓存的token是否一样
+	isContains, containsErr := c.Contains(ctx, jwtToken)
+	if containsErr != nil {
+		return gerror.Newf("token无效！ err :%+v", ParseErr.Error())
+	}
+	if !isContains {
+		return gerror.New("token已过期")
+	}
+
+	// 是否开启多端登录
+	if multiPort, _ := g.Cfg().Get(ctx, "jwt.multiPort", true); !multiPort.Bool() {
+		key := consts.RedisJwtUserBind + appName + ":" + gconv.String(user.Id)
+		originJwtToken, originErr := c.Get(ctx, key)
+		if originErr != nil {
+			return gerror.Newf("信息异常，请重新登录！ err :%+v", originErr.Error())
+		}
+
+		if originJwtToken == nil || originJwtToken.IsEmpty() {
+			return gerror.New("token已过期！")
+		}
+
+		if jwtToken != originJwtToken.String() {
+			return gerror.New("账号已在其他地方登录！")
+		}
+	}
+
+	// 保存到上下文
+	if user != nil {
+		customCtx.User = &model.Identity{
+			Id:         user.Id,
+			Username:   user.Username,
+			RealName:   user.RealName,
+			Avatar:     user.Avatar,
+			Email:      user.Email,
+			Mobile:     user.Mobile,
+			VisitCount: user.VisitCount,
+			LastTime:   user.LastTime,
+			LastIp:     user.LastIp,
+			Role:       user.Role,
+			RoleKey:    user.RoleKey,
+			Exp:        user.Exp,
+			Expires:    user.Expires,
+			App:        user.App,
+		}
+	}
+	contexts.SetUser(ctx, customCtx.User)
+
+	return nil
+}

server/internal/logic/middleware/response.go

@@ -0,0 +1,74 @@
+// Package middleware
+// @Link  https://github.com/bufanyun/hotgo
+// @Copyright  Copyright (c) 2022 HotGo CLI
+// @Author  Ms <133814250@qq.com>
+// @License  https://github.com/bufanyun/hotgo/blob/master/LICENSE
+//
+package middleware
+
+import (
+	"github.com/gogf/gf/v2/errors/gcode"
+	"github.com/gogf/gf/v2/frame/g"
+	"github.com/gogf/gf/v2/net/ghttp"
+	"hotgo/internal/consts"
+	"hotgo/internal/library/contexts"
+	"hotgo/internal/library/response"
+	"hotgo/utility/charset"
+)
+
+// ResponseHandler HTTP响应预处理
+func (s *sMiddleware) ResponseHandler(r *ghttp.Request) {
+	r.Middleware.Next()
+
+	var (
+		ctx         = r.Context()
+		comResponse = contexts.Get(ctx).Response
+		code        = gcode.CodeOK.Code()
+		message     = "操作成功"
+		data        interface{}
+		err         error
+	)
+
+	if err := r.GetError(); err != nil {
+		g.Log().Print(ctx, err)
+		// 记录到自定义错误日志文件
+		//g.Log("exception").Error(err)
+		////返回固定的友好信息
+		//r.Response.ClearBuffer()
+		//r.Response.Writeln("服务器居然开小差了，请稍后再试吧！")
+	}
+
+	// 已存在响应内容，且是comResponse返回的时，中断运行
+	if r.Response.BufferLength() > 0 && comResponse != nil {
+		return
+	}
+
+	if err = r.GetError(); err != nil {
+		// 记录到自定义错误日志文件
+		g.Log("exception").Print(r.Context(), "exception:", err)
+
+		code = consts.CodeInternalError
+		message = "服务器居然开小差了，请稍后再试吧！"
+
+		// 是否输出错误到页面
+		if debug, _ := g.Cfg().Get(ctx, "hotgo.debug", true); debug.Bool() {
+			data = charset.GetStack(err)
+			message = err.Error()
+		}
+
+		//} else if data, err = r.GetHandlerResponse(); err != nil {
+		//	errCode := gerror.Code(err)
+		//	if errCode == gcode.CodeNil {
+		//		errCode = gcode.CodeInternalError
+		//	}
+		//	code = errCode.Code()
+		//	message = err.Error()
+		//}
+
+	} else {
+		data = r.GetHandlerResponse()
+	}
+
+	// 返回固定的友好信息
+	response.RJson(r, code, message, data)
+}

server/internal/logic/middleware/weboscket.go

@@ -0,0 +1,42 @@
+// Package middleware
+// @Link  https://github.com/bufanyun/hotgo
+// @Copyright  Copyright (c) 2022 HotGo CLI
+// @Author  Ms <133814250@qq.com>
+// @License  https://github.com/bufanyun/hotgo/blob/master/LICENSE
+//
+package middleware
+
+import (
+	"github.com/gogf/gf/v2/errors/gcode"
+	"github.com/gogf/gf/v2/frame/g"
+	"github.com/gogf/gf/v2/net/ghttp"
+	"github.com/gogf/gf/v2/text/gstr"
+	"hotgo/internal/consts"
+	"hotgo/internal/library/response"
+	"hotgo/utility/auth"
+)
+
+// WebSocketToken 检查ws连接token
+func (s *sMiddleware) WebSocketToken(r *ghttp.Request) {
+
+	var (
+		ctx = r.Context()
+	)
+
+	// 替换掉模块前缀
+	routerPrefix, _ := g.Cfg().Get(ctx, "router.ws.prefix", "/socket")
+	path := gstr.Replace(r.URL.Path, routerPrefix.String(), "", 1)
+
+	/// 不需要验证登录的路由地址
+	if auth.IsExceptLogin(ctx, path) {
+		r.Middleware.Next()
+		return
+	}
+
+	if err := inspectAuth(r, consts.AppAdmin); err != nil {
+		response.JsonExit(r, gcode.CodeNotAuthorized.Code(), err.Error())
+		return
+	}
+
+	r.Middleware.Next()
+}