mirror of
https://github.com/bufanyun/hotgo.git
synced 2025-08-28 05:12:32 +08:00
发布v2.6.10版本,更新内容请查看:https://github.com/bufanyun/hotgo/blob/v2.0/docs/guide-zh-CN/start-update-log.md
This commit is contained in:
孟帅
@@ -21,7 +21,7 @@ import (
|
||||
"hotgo/internal/library/contexts"
|
||||
"hotgo/internal/library/hgorm/handler"
|
||||
"hotgo/internal/library/hgorm/hook"
|
||||
"hotgo/internal/library/jwt"
|
||||
"hotgo/internal/library/token"
|
||||
"hotgo/internal/model"
|
||||
"hotgo/internal/model/do"
|
||||
"hotgo/internal/model/entity"
|
||||
@@ -663,9 +663,8 @@ func (s *sAdminMember) LoginMemberInfo(ctx context.Context) (res *adminin.LoginM
|
||||
// Login 提交登录
|
||||
func (s *sAdminMember) Login(ctx context.Context, in adminin.MemberLoginInp) (res *adminin.MemberLoginModel, err error) {
|
||||
var (
|
||||
ro *entity.AdminRole
|
||||
mb *entity.AdminMember
|
||||
expires = g.Cfg().MustGet(ctx, "jwt.expires", 1).Int64()
|
||||
ro *entity.AdminRole
|
||||
mb *entity.AdminMember
|
||||
)
|
||||
|
||||
if err = dao.AdminMember.Ctx(ctx).Where("username", in.Username).Scan(&mb); err != nil {
|
||||
@@ -707,7 +706,7 @@ func (s *sAdminMember) Login(ctx context.Context, in adminin.MemberLoginInp) (re
|
||||
return
|
||||
}
|
||||
|
||||
identity := &model.Identity{
|
||||
user := &model.Identity{
|
||||
Id: mb.Id,
|
||||
Pid: mb.Pid,
|
||||
DeptId: mb.DeptId,
|
||||
@@ -718,20 +717,17 @@ func (s *sAdminMember) Login(ctx context.Context, in adminin.MemberLoginInp) (re
|
||||
Avatar: mb.Avatar,
|
||||
Email: mb.Email,
|
||||
Mobile: mb.Mobile,
|
||||
Exp: gtime.Timestamp() + expires,
|
||||
Expires: expires,
|
||||
App: consts.AppAdmin,
|
||||
LoginAt: gtime.Now(),
|
||||
}
|
||||
|
||||
token, err := jwt.GenerateLoginToken(ctx, identity, false)
|
||||
loginToken, expires, err := token.Login(ctx, user)
|
||||
if err != nil {
|
||||
err = gerror.New(err.Error())
|
||||
return
|
||||
return nil, err
|
||||
}
|
||||
|
||||
update := do.AdminMember{
|
||||
AuthKey: jwt.GenAuthKey(token),
|
||||
LastActiveAt: gtime.Now(),
|
||||
LastActiveAt: user.LoginAt,
|
||||
}
|
||||
|
||||
// 更新登录信息
|
||||
@@ -740,8 +736,8 @@ func (s *sAdminMember) Login(ctx context.Context, in adminin.MemberLoginInp) (re
|
||||
}
|
||||
|
||||
res = &adminin.MemberLoginModel{
|
||||
Id: identity.Id,
|
||||
Token: token,
|
||||
Id: user.Id,
|
||||
Token: loginToken,
|
||||
Expires: expires,
|
||||
}
|
||||
|
||||
|
||||
@@ -21,7 +21,6 @@ import (
|
||||
"hotgo/internal/model/input/adminin"
|
||||
"hotgo/internal/model/input/form"
|
||||
"hotgo/internal/service"
|
||||
"hotgo/utility/auth"
|
||||
"hotgo/utility/convert"
|
||||
"hotgo/utility/tree"
|
||||
"sort"
|
||||
@@ -39,10 +38,6 @@ func init() {
|
||||
|
||||
// Verify 验证权限
|
||||
func (s *sAdminRole) Verify(ctx context.Context, path, method string) bool {
|
||||
if auth.IsExceptAuth(ctx, path) {
|
||||
return true
|
||||
}
|
||||
|
||||
var (
|
||||
user = contexts.Get(ctx).User
|
||||
superRoleKey = g.Cfg().MustGet(ctx, "hotgo.admin.superRoleKey")
|
||||
@@ -57,6 +52,7 @@ func (s *sAdminRole) Verify(ctx context.Context, path, method string) bool {
|
||||
if service.AdminMember().VerifySuperId(ctx, user.Id) || user.RoleKey == superRoleKey.String() {
|
||||
return true
|
||||
}
|
||||
|
||||
ok, err := casbin.Enforcer.Enforce(user.RoleKey, path, method)
|
||||
if err != nil {
|
||||
g.Log().Infof(ctx, "admin Verify Enforce err:%+v", err)
|
||||
|
||||
@@ -19,8 +19,8 @@ import (
|
||||
"hotgo/internal/consts"
|
||||
"hotgo/internal/library/cache"
|
||||
"hotgo/internal/library/contexts"
|
||||
"hotgo/internal/library/jwt"
|
||||
"hotgo/internal/library/response"
|
||||
"hotgo/internal/library/token"
|
||||
"hotgo/internal/library/wechat"
|
||||
"hotgo/internal/model/input/commonin"
|
||||
"hotgo/internal/service"
|
||||
@@ -65,7 +65,7 @@ func (s *sCommonWechat) Authorize(ctx context.Context, in commonin.WechatAuthori
|
||||
path = gmeta.Get(common.WechatAuthorizeCallReq{}, "path").String()
|
||||
redirectUri = basic.Domain + prefix + path
|
||||
memberId = contexts.GetUserId(ctx)
|
||||
state = s.GetCacheKey(in.Type, jwt.GenAuthKey(jwt.GetAuthorization(request)))
|
||||
state = s.GetCacheKey(in.Type, token.GetAuthKey(token.GetAuthorization(request)))
|
||||
scope string
|
||||
)
|
||||
|
||||
@@ -109,14 +109,14 @@ func (s *sCommonWechat) AuthorizeCall(ctx context.Context, in commonin.WechatAut
|
||||
|
||||
defer delete(s.temp, in.State)
|
||||
|
||||
token, err := wechat.GetUserAccessToken(ctx, in.Code)
|
||||
tk, err := wechat.GetUserAccessToken(ctx, in.Code)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
switch data.Type {
|
||||
case consts.WechatAuthorizeOpenId: // 设置openid
|
||||
cache.Instance().Set(ctx, data.State, token.OpenID, time.Hour*24*7)
|
||||
cache.Instance().Set(ctx, data.State, tk.OpenID, time.Hour*24*7)
|
||||
case consts.WechatAuthorizeBindLogin: // 绑定微信登录
|
||||
// ...
|
||||
default:
|
||||
@@ -131,7 +131,7 @@ func (s *sCommonWechat) AuthorizeCall(ctx context.Context, in commonin.WechatAut
|
||||
// GetOpenId 从缓存中获取临时openid
|
||||
func (s *sCommonWechat) GetOpenId(ctx context.Context) (openId string, err error) {
|
||||
request := ghttp.RequestFromCtx(ctx)
|
||||
key := s.GetCacheKey(consts.WechatAuthorizeOpenId, jwt.GenAuthKey(jwt.GetAuthorization(request)))
|
||||
key := s.GetCacheKey(consts.WechatAuthorizeOpenId, token.GetAuthKey(token.GetAuthorization(request)))
|
||||
date, err := cache.Instance().Get(ctx, key)
|
||||
if err != nil {
|
||||
err = gerror.Newf("GetOpenId err:%+v", err.Error())
|
||||
|
||||
@@ -3,7 +3,6 @@
|
||||
// @Copyright Copyright (c) 2023 HotGo CLI
|
||||
// @Author Ms <133814250@qq.com>
|
||||
// @License https://github.com/bufanyun/hotgo/blob/master/LICENSE
|
||||
//
|
||||
package middleware
|
||||
|
||||
import (
|
||||
@@ -15,27 +14,35 @@ import (
|
||||
"hotgo/internal/library/contexts"
|
||||
"hotgo/internal/library/response"
|
||||
"hotgo/internal/service"
|
||||
"hotgo/utility/auth"
|
||||
)
|
||||
|
||||
// AdminAuth 后台鉴权中间件
|
||||
func (s *sMiddleware) AdminAuth(r *ghttp.Request) {
|
||||
var ctx = r.Context()
|
||||
// 替换掉模块前缀
|
||||
routerPrefix := g.Cfg().MustGet(ctx, "router.admin.prefix", "/admin")
|
||||
path := gstr.Replace(r.URL.Path, routerPrefix.String(), "", 1)
|
||||
var (
|
||||
ctx = r.Context()
|
||||
prefix = g.Cfg().MustGet(ctx, "router.admin.prefix", "/admin").String()
|
||||
path = gstr.Replace(r.URL.Path, prefix, "", 1)
|
||||
)
|
||||
|
||||
/// 不需要验证登录的路由地址
|
||||
if auth.IsExceptLogin(ctx, path) {
|
||||
// 不需要验证登录的路由地址
|
||||
if isExceptLogin(ctx, consts.AppAdmin, path) {
|
||||
r.Middleware.Next()
|
||||
return
|
||||
}
|
||||
|
||||
if err := inspectAuth(r, consts.AppAdmin); err != nil {
|
||||
// 将用户信息传递到上下文中
|
||||
if err := deliverUserContext(r); err != nil {
|
||||
g.Log().Warningf(ctx, "deliverUserContext err:%+v", err)
|
||||
response.JsonExit(r, gcode.CodeNotAuthorized.Code(), err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
// 不需要验证权限的路由地址
|
||||
if isExceptAuth(ctx, consts.AppAdmin, path) {
|
||||
r.Middleware.Next()
|
||||
return
|
||||
}
|
||||
|
||||
// 验证路由访问权限
|
||||
if !service.AdminRole().Verify(ctx, path, r.Method) {
|
||||
g.Log().Debugf(ctx, "AdminAuth fail path:%+v, GetRoleKey:%+v, r.Method:%+v", path, contexts.GetRoleKey(ctx), r.Method)
|
||||
|
||||
@@ -3,7 +3,6 @@
|
||||
// @Copyright Copyright (c) 2023 HotGo CLI
|
||||
// @Author Ms <133814250@qq.com>
|
||||
// @License https://github.com/bufanyun/hotgo/blob/master/LICENSE
|
||||
//
|
||||
package middleware
|
||||
|
||||
import (
|
||||
@@ -13,34 +12,30 @@ import (
|
||||
"github.com/gogf/gf/v2/text/gstr"
|
||||
"hotgo/internal/consts"
|
||||
"hotgo/internal/library/response"
|
||||
"hotgo/utility/auth"
|
||||
)
|
||||
|
||||
// ApiAuth API鉴权中间件
|
||||
func (s *sMiddleware) ApiAuth(r *ghttp.Request) {
|
||||
var ctx = r.Context()
|
||||
var (
|
||||
ctx = r.Context()
|
||||
prefix = g.Cfg().MustGet(ctx, "router.api.prefix", "/api").String()
|
||||
path = gstr.Replace(r.URL.Path, prefix, "", 1)
|
||||
)
|
||||
|
||||
// 替换掉模块前缀
|
||||
routerPrefix := g.Cfg().MustGet(ctx, "router.api.prefix", "/api")
|
||||
path := gstr.Replace(r.URL.Path, routerPrefix.String(), "", 1)
|
||||
|
||||
/// 不需要验证登录的路由地址
|
||||
if auth.IsExceptLogin(ctx, path) {
|
||||
// 不需要验证登录的路由地址
|
||||
if isExceptLogin(ctx, consts.AppApi, path) {
|
||||
r.Middleware.Next()
|
||||
return
|
||||
}
|
||||
|
||||
if err := inspectAuth(r, consts.AppAdmin); err != nil {
|
||||
// 将用户信息传递到上下文中
|
||||
if err := deliverUserContext(r); err != nil {
|
||||
response.JsonExit(r, gcode.CodeNotAuthorized.Code(), err.Error())
|
||||
return
|
||||
}
|
||||
|
||||
//// 验证路由访问权限
|
||||
//verify := service.AdminRole().Verify(ctx, path, r.Method)
|
||||
//if !verify {
|
||||
// response.JsonExit(r, consts.CodeSecurityReason, "你没有访问权限!")
|
||||
// return
|
||||
//}
|
||||
// 验证路由访问权限
|
||||
// ...
|
||||
|
||||
r.Middleware.Next()
|
||||
}
|
||||
|
||||
@@ -6,22 +6,21 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"github.com/gogf/gf/v2/crypto/gmd5"
|
||||
"context"
|
||||
"fmt"
|
||||
"github.com/gogf/gf/v2/encoding/gjson"
|
||||
"github.com/gogf/gf/v2/errors/gcode"
|
||||
"github.com/gogf/gf/v2/errors/gerror"
|
||||
"github.com/gogf/gf/v2/frame/g"
|
||||
"github.com/gogf/gf/v2/net/ghttp"
|
||||
"github.com/gogf/gf/v2/text/gstr"
|
||||
"github.com/gogf/gf/v2/util/gconv"
|
||||
"hotgo/internal/consts"
|
||||
"hotgo/internal/library/addons"
|
||||
"hotgo/internal/library/cache"
|
||||
"hotgo/internal/library/contexts"
|
||||
"hotgo/internal/library/jwt"
|
||||
"hotgo/internal/library/response"
|
||||
"hotgo/internal/library/token"
|
||||
"hotgo/internal/model"
|
||||
"hotgo/internal/service"
|
||||
"hotgo/utility/validate"
|
||||
"net/http"
|
||||
"strings"
|
||||
)
|
||||
@@ -33,10 +32,10 @@ type sMiddleware struct {
|
||||
}
|
||||
|
||||
func init() {
|
||||
service.RegisterMiddleware(New())
|
||||
service.RegisterMiddleware(NewMiddleware())
|
||||
}
|
||||
|
||||
func New() *sMiddleware {
|
||||
func NewMiddleware() *sMiddleware {
|
||||
return &sMiddleware{
|
||||
LoginUrl: "/common",
|
||||
DemoWhiteList: g.Map{
|
||||
@@ -124,85 +123,38 @@ func (s *sMiddleware) Addon(r *ghttp.Request) {
|
||||
r.Middleware.Next()
|
||||
}
|
||||
|
||||
// inspectAuth 检查并完成身份认证
|
||||
func inspectAuth(r *ghttp.Request, appName string) (err error) {
|
||||
var (
|
||||
ctx = r.Context()
|
||||
user = new(model.Identity)
|
||||
authorization = jwt.GetAuthorization(r)
|
||||
customCtx = &model.Context{}
|
||||
)
|
||||
|
||||
if authorization == "" {
|
||||
err = gerror.New("请先登录!")
|
||||
// deliverUserContext 将用户信息传递到上下文中
|
||||
func deliverUserContext(r *ghttp.Request) (err error) {
|
||||
user, err := token.ParseLoginUser(r)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
// 获取jwtToken
|
||||
jwtToken := consts.CacheJwtToken + gmd5.MustEncryptString(authorization)
|
||||
jwtSign := g.Cfg().MustGet(ctx, "jwt.sign", "hotgo")
|
||||
|
||||
data, parseErr := jwt.ParseToken(authorization, jwtSign.Bytes())
|
||||
if parseErr != nil {
|
||||
err = gerror.Newf("token不正确或已过期! err :%+v", parseErr.Error())
|
||||
return
|
||||
}
|
||||
|
||||
if parseErr = gconv.Struct(data, &user); parseErr != nil {
|
||||
err = gerror.Newf("登录信息解析异常,请重新登录! err :%+v", parseErr.Error())
|
||||
return
|
||||
}
|
||||
|
||||
// 判断token跟redis的缓存的token是否一样
|
||||
isContains, containsErr := cache.Instance().Contains(ctx, jwtToken)
|
||||
if containsErr != nil {
|
||||
err = gerror.Newf("token无效! err :%+v", containsErr.Error())
|
||||
return
|
||||
}
|
||||
|
||||
if !isContains {
|
||||
err = gerror.Newf("token已过期")
|
||||
return
|
||||
}
|
||||
|
||||
// 是否开启多端登录
|
||||
if !g.Cfg().MustGet(ctx, "jwt.multiPort", true).Bool() {
|
||||
key := consts.CacheJwtUserBind + appName + ":" + gconv.String(user.Id)
|
||||
originJwtToken, originErr := cache.Instance().Get(ctx, key)
|
||||
if originErr != nil {
|
||||
err = gerror.Newf("信息异常,请重新登录! err :%+v", originErr.Error())
|
||||
return
|
||||
}
|
||||
|
||||
if originJwtToken == nil || originJwtToken.IsEmpty() {
|
||||
err = gerror.New("token已过期!")
|
||||
return
|
||||
}
|
||||
|
||||
if jwtToken != originJwtToken.String() {
|
||||
err = gerror.New("账号已在其他地方登录!")
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
// 保存到上下文
|
||||
if user != nil {
|
||||
customCtx.User = &model.Identity{
|
||||
Id: user.Id,
|
||||
Pid: user.Pid,
|
||||
DeptId: user.DeptId,
|
||||
RoleId: user.RoleId,
|
||||
RoleKey: user.RoleKey,
|
||||
Username: user.Username,
|
||||
RealName: user.RealName,
|
||||
Avatar: user.Avatar,
|
||||
Email: user.Email,
|
||||
Mobile: user.Mobile,
|
||||
Exp: user.Exp,
|
||||
Expires: user.Expires,
|
||||
App: user.App,
|
||||
}
|
||||
}
|
||||
contexts.SetUser(ctx, customCtx.User)
|
||||
contexts.SetUser(r.Context(), user)
|
||||
return
|
||||
}
|
||||
|
||||
// isExceptAuth 是否是不需要验证权限的路由地址
|
||||
func isExceptAuth(ctx context.Context, appName, path string) bool {
|
||||
pathList := g.Cfg().MustGet(ctx, fmt.Sprintf("router.%v.exceptAuth", appName)).Strings()
|
||||
|
||||
for i := 0; i < len(pathList); i++ {
|
||||
if validate.InSliceExistStr(pathList[i], path) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
// isExceptLogin 是否是不需要登录的路由地址
|
||||
func isExceptLogin(ctx context.Context, appName, path string) bool {
|
||||
pathList := g.Cfg().MustGet(ctx, fmt.Sprintf("router.%v.exceptLogin", appName)).Strings()
|
||||
|
||||
for i := 0; i < len(pathList); i++ {
|
||||
if validate.InSliceExistStr(pathList[i], path) {
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
@@ -3,7 +3,6 @@
|
||||
// @Copyright Copyright (c) 2023 HotGo CLI
|
||||
// @Author Ms <133814250@qq.com>
|
||||
// @License https://github.com/bufanyun/hotgo/blob/master/LICENSE
|
||||
//
|
||||
package middleware
|
||||
|
||||
import (
|
||||
@@ -13,24 +12,24 @@ import (
|
||||
"github.com/gogf/gf/v2/text/gstr"
|
||||
"hotgo/internal/consts"
|
||||
"hotgo/internal/library/response"
|
||||
"hotgo/utility/auth"
|
||||
)
|
||||
|
||||
// WebSocketToken 检查ws连接token
|
||||
func (s *sMiddleware) WebSocketToken(r *ghttp.Request) {
|
||||
var ctx = r.Context()
|
||||
// WebSocketAuth websocket鉴权中间件
|
||||
func (s *sMiddleware) WebSocketAuth(r *ghttp.Request) {
|
||||
var (
|
||||
ctx = r.Context()
|
||||
prefix = g.Cfg().MustGet(ctx, "router.websocket.prefix", "/websocket").String()
|
||||
path = gstr.Replace(r.URL.Path, prefix, "", 1)
|
||||
)
|
||||
|
||||
// 替换掉模块前缀
|
||||
routerPrefix := g.Cfg().MustGet(ctx, "router.ws.prefix", "/socket")
|
||||
path := gstr.Replace(r.URL.Path, routerPrefix.String(), "", 1)
|
||||
|
||||
/// 不需要验证登录的路由地址
|
||||
if auth.IsExceptLogin(ctx, path) {
|
||||
// 不需要验证登录的路由地址
|
||||
if isExceptLogin(ctx, consts.AppWebSocket, path) {
|
||||
r.Middleware.Next()
|
||||
return
|
||||
}
|
||||
|
||||
if err := inspectAuth(r, consts.AppAdmin); err != nil {
|
||||
// 将用户信息传递到上下文中
|
||||
if err := deliverUserContext(r); err != nil {
|
||||
response.JsonExit(r, gcode.CodeNotAuthorized.Code(), err.Error())
|
||||
return
|
||||
}
|
||||
@@ -17,6 +17,7 @@ import (
|
||||
"hotgo/internal/consts"
|
||||
"hotgo/internal/dao"
|
||||
"hotgo/internal/library/payment"
|
||||
"hotgo/internal/library/token"
|
||||
"hotgo/internal/library/wechat"
|
||||
"hotgo/internal/model"
|
||||
"hotgo/internal/model/entity"
|
||||
@@ -74,6 +75,12 @@ func (s *sSysConfig) InitConfig(ctx context.Context) {
|
||||
}
|
||||
payment.SetConfig(pay)
|
||||
|
||||
tk, err := s.GetLoadToken(ctx)
|
||||
if err != nil {
|
||||
g.Log().Fatalf(ctx, "init token conifg fail:%+v", err)
|
||||
}
|
||||
token.SetConfig(tk)
|
||||
|
||||
}
|
||||
|
||||
// GetLoadTCP 获取本地tcp配置
|
||||
@@ -94,6 +101,12 @@ func (s *sSysConfig) GetLoadGenerate(ctx context.Context) (conf *model.GenerateC
|
||||
return
|
||||
}
|
||||
|
||||
// GetLoadToken 获取本地token配置
|
||||
func (s *sSysConfig) GetLoadToken(ctx context.Context) (conf *model.TokenConfig, err error) {
|
||||
err = g.Cfg().MustGet(ctx, "token").Scan(&conf)
|
||||
return
|
||||
}
|
||||
|
||||
// GetWechat 获取微信配置
|
||||
func (s *sSysConfig) GetWechat(ctx context.Context) (conf *model.WechatConfig, err error) {
|
||||
models, err := s.GetConfigByGroup(ctx, sysin.GetConfigInp{Group: "wechat"})
|
||||
|
||||
Reference in New Issue
Block a user