更新ldap。

2020-08-17 01:24:51 +08:00 · 2020-08-17 01:24:51 +08:00 · c30f7c8387
commit c30f7c8387
parent 45899369d0
4 changed files with 101 additions and 115 deletions
--- a/handler/auth.go
+++ b/handler/auth.go
@ -1,10 +1,13 @@
 package handler

 import (
+	"ferry/global/orm"
 	"ferry/models/system"
 	jwt "ferry/pkg/jwtauth"
+	"ferry/pkg/ldap"
 	"ferry/pkg/logger"
 	"ferry/tools"
+	"fmt"
 	"net/http"

 	"github.com/gin-gonic/gin"
@ -51,45 +54,90 @@ func IdentityHandler(c *gin.Context) interface{} {
 // @Success 200 {string} string "{"code": 200, "expire": "2019-08-07T12:45:48+08:00", "token": ".eyJleHAiOjE1NjUxNTMxNDgsImlkIjoiYWRtaW4iLCJvcmlnX2lhdCI6MTU2NTE0OTU0OH0.-zvzHvbg0A" }"
 // @Router /login [post]
 func Authenticator(c *gin.Context) (interface{}, error) {
-	var loginVals system.Login
-	var loginlog system.LoginLog
+	var (
+		err           error
+		loginVal      system.Login
+		loginLog      system.LoginLog
+		roleValue     system.SysRole
+		authUserCount int
+		l             = ldap.Connection{}
+		userInfo      system.SysUser
+		addUserInfo   struct {
+			Username string `json:"username"`
+			RoleId   int    `json:"role_id"`
+		}
+	)

+	loginType := c.DefaultQuery("login_type", "0")
 	ua := user_agent.New(c.Request.UserAgent())
-	loginlog.Ipaddr = c.ClientIP()
+	loginLog.Ipaddr = c.ClientIP()
 	location := tools.GetLocation(c.ClientIP())
-	loginlog.LoginLocation = location
-	loginlog.LoginTime = tools.GetCurrntTime()
-	loginlog.Status = "0"
-	loginlog.Remark = c.Request.UserAgent()
+	loginLog.LoginLocation = location
+	loginLog.LoginTime = tools.GetCurrntTime()
+	loginLog.Status = "0"
+	loginLog.Remark = c.Request.UserAgent()
 	browserName, browserVersion := ua.Browser()
-	loginlog.Browser = browserName + " " + browserVersion
-	loginlog.Os = ua.OS()
-	loginlog.Msg = "登录成功"
-	loginlog.Platform = ua.Platform()
+	loginLog.Browser = browserName + " " + browserVersion
+	loginLog.Os = ua.OS()
+	loginLog.Msg = "登录成功"
+	loginLog.Platform = ua.Platform()

-	if err := c.ShouldBind(&loginVals); err != nil {
-		loginlog.Status = "1"
-		loginlog.Msg = "数据解析失败"
-		loginlog.Username = loginVals.Username
-		_, _ = loginlog.Create()
+	// 获取前端过来的数据
+	if err := c.ShouldBind(&loginVal); err != nil {
+		fmt.Println("********** " + err.Error() + " **********")
+		loginLog.Status = "1"
+		loginLog.Msg = "数据解析失败"
+		loginLog.Username = loginVal.Username
+		_, _ = loginLog.Create()
 		return nil, jwt.ErrMissingLoginValues
 	}
-	loginlog.Username = loginVals.Username
-	if !store.Verify(loginVals.UUID, loginVals.Code, true) {
-		loginlog.Status = "1"
-		loginlog.Msg = "验证码错误"
-		_, _ = loginlog.Create()
+	loginLog.Username = loginVal.Username
+
+	// 校验验证码
+	if !store.Verify(loginVal.UUID, loginVal.Code, true) {
+		loginLog.Status = "1"
+		loginLog.Msg = "验证码错误"
+		_, _ = loginLog.Create()
 		return nil, jwt.ErrInvalidVerificationode
 	}

-	user, role, e := loginVals.GetUser()
+	// ldap 验证
+	if loginType == "1" {
+		// ldap登陆
+		err = l.LdapLogin(loginVal.Username, loginVal.Password)
+		if err != nil {
+			return nil, jwt.ErrInvalidVerificationode
+		}
+		// 2. 将ldap用户信息写入到用户数据表中
+		err = orm.Eloquent.Table("sys_user").
+			Where("username = ?", userInfo.Username).
+			Count(&authUserCount).Error
+		if err != nil {
+			return nil, jwt.ErrInvalidVerificationode
+		}
+		if authUserCount == 0 {
+			addUserInfo.Username = userInfo.Username
+			// 获取默认权限ID
+			err = orm.Eloquent.Table("sys_role").Where("role_key = 'common'").Find(&roleValue).Error
+			if err != nil {
+				return nil, jwt.ErrInvalidVerificationode
+			}
+			addUserInfo.RoleId = roleValue.RoleId // 绑定通用角色
+			err = orm.Eloquent.Table("sys_user").Create(&addUserInfo).Error
+			if err != nil {
+				return nil, jwt.ErrInvalidVerificationode
+			}
+		}
+	}
+
+	user, role, e := loginVal.GetUser()
 	if e == nil {
-		_, _ = loginlog.Create()
+		_, _ = loginLog.Create()
 		return map[string]interface{}{"user": user, "role": role}, nil
 	} else {
-		loginlog.Status = "1"
-		loginlog.Msg = "登录失败"
-		_, _ = loginlog.Create()
+		loginLog.Status = "1"
+		loginLog.Msg = "登录失败"
+		_, _ = loginLog.Create()
 		logger.Info(e.Error())
 	}

--- a/pkg/jwtauth/jwtauth.go
+++ b/pkg/jwtauth/jwtauth.go
@ -3,8 +3,6 @@ package jwtauth
 import (
 	"crypto/rsa"
 	"errors"
-	"ferry/global/orm"
-	"ferry/pkg/ldap"
 	config2 "ferry/tools/config"
 	"io/ioutil"
 	"net/http"
@ -439,74 +437,15 @@ func (mw *GinJWTMiddleware) LoginHandler(c *gin.Context) {
 		err  error
 	)

-	loginType := c.DefaultQuery("login_type", "0")
+	if mw.Authenticator == nil {
+		mw.unauthorized(c, http.StatusInternalServerError, mw.HTTPStatusMessageFunc(ErrMissingAuthenticatorFunc, c))
+		return
+	}

-	if loginType == "0" {
-		// 普通登陆
-		if mw.Authenticator == nil {
-			mw.unauthorized(c, http.StatusInternalServerError, mw.HTTPStatusMessageFunc(ErrMissingAuthenticatorFunc, c))
-			return
-		}
-
-		data, err = mw.Authenticator(c)
-
-		if err != nil {
-			mw.unauthorized(c, 400, mw.HTTPStatusMessageFunc(err, c))
-			return
-		}
-	} else {
-		// ldap登陆
-		// 1. 获取ldap用户信息
-		var (
-			roleValue struct {
-				RoleId int `json:"role_id"`
-			}
-			authUserCount int
-			l             = ldap.Connection{}
-			userInfo      struct {
-				Username string `json:"username"`
-				Password string `json:"password"`
-			}
-			addUserInfo struct {
-				Username string `json:"username"`
-				RoleId   int    `json:"role_id"`
-			}
-		)
-		err = c.ShouldBind(&userInfo)
-		if err != nil {
-			mw.unauthorized(c, -1, mw.HTTPStatusMessageFunc(err, c))
-			return
-		}
-		err = l.LdapLogin(userInfo.Username, userInfo.Password)
-		if err != nil {
-			mw.unauthorized(c, -1, mw.HTTPStatusMessageFunc(err, c))
-			return
-		}
-		// 2. 将ldap用户信息写入到用户数据表中
-		err = orm.Eloquent.Table("sys_user").
-			Where("username = ?", userInfo.Username).
-			Count(&authUserCount).Error
-		if err != nil {
-			mw.unauthorized(c, -1, mw.HTTPStatusMessageFunc(err, c))
-			return
-		}
-		if authUserCount == 0 {
-			addUserInfo.Username = userInfo.Username
-			// 获取默认权限ID
-			err = orm.Eloquent.Table("sys_role").Where("role_key = 'common'").Scan(&roleValue).Error
-			if err != nil {
-				mw.unauthorized(c, -1, mw.HTTPStatusMessageFunc(err, c))
-				return
-			}
-			addUserInfo.RoleId = roleValue.RoleId // 绑定通用角色
-			err = orm.Eloquent.Table("sys_user").Create(&addUserInfo).Error
-			if err != nil {
-				mw.unauthorized(c, -1, mw.HTTPStatusMessageFunc(err, c))
-				return
-			}
-		}
-
-		// 3. 获取
+	data, err = mw.Authenticator(c)
+	if err != nil {
+		mw.unauthorized(c, 400, mw.HTTPStatusMessageFunc(err, c))
+		return
 	}

 	// Create the token
--- a/router/router.go
+++ b/router/router.go
@ -1,11 +1,7 @@
 package router

 import (
-	"ferry/apis/monitor"
-	"ferry/apis/system"
-	"ferry/handler"
 	"ferry/pkg/jwtauth"
-	jwt "ferry/pkg/jwtauth"
 	"ferry/router/dashboard"
 	"ferry/router/process"
 	systemRouter "ferry/router/system"
@ -17,10 +13,11 @@ import (
 	_ "github.com/gin-gonic/gin"
 )

-func InitSysRouter(r *gin.Engine, authMiddleware *jwt.GinJWTMiddleware) *gin.RouterGroup {
+func InitSysRouter(r *gin.Engine, authMiddleware *jwtauth.GinJWTMiddleware) *gin.RouterGroup {
 	g := r.Group("")

-	sysBaseRouter(g)
+	systemRouter.SysBaseRouter(g)
+
 	// 静态文件
 	sysStaticFileRouter(g)

@ -28,18 +25,14 @@ func InitSysRouter(r *gin.Engine, authMiddleware *jwt.GinJWTMiddleware) *gin.Rou
 	sysSwaggerRouter(g)

 	// 无需认证
-	sysNoCheckRoleRouter(g)
+	systemRouter.SysNoCheckRoleRouter(g)
+
 	// 需要认证
 	sysCheckRoleRouterInit(g, authMiddleware)

 	return g
 }

-func sysBaseRouter(r *gin.RouterGroup) {
-	r.GET("/", system.HelloWorld)
-	r.GET("/info", handler.Ping)
-}
-
 func sysStaticFileRouter(r *gin.RouterGroup) {
 	r.Static("/static", "./static")
 }
@ -48,14 +41,6 @@ func sysSwaggerRouter(r *gin.RouterGroup) {
 	r.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerFiles.Handler))
 }

-func sysNoCheckRoleRouter(r *gin.RouterGroup) {
-	v1 := r.Group("/api/v1")
-
-	v1.GET("/monitor/server", monitor.ServerInfo)
-	v1.GET("/getCaptcha", system.GenerateCaptchaHandler)
-	v1.GET("/menuTreeselect", system.GetMenuTreeelect)
-}
-
 func sysCheckRoleRouterInit(r *gin.RouterGroup, authMiddleware *jwtauth.GinJWTMiddleware) {
 	r.POST("/login", authMiddleware.LoginHandler)
 	// Refresh time can be longer than token timeout
--- a/router/system/sys_router.go
+++ b/router/system/sys_router.go
@ -2,6 +2,7 @@ package system

 import (
 	log2 "ferry/apis/log"
+	"ferry/apis/monitor"
 	"ferry/apis/system"
 	_ "ferry/docs"
 	"ferry/handler"
@ -11,6 +12,19 @@ import (
 	"github.com/gin-gonic/gin"
 )

+func SysBaseRouter(r *gin.RouterGroup) {
+	r.GET("/", system.HelloWorld)
+	r.GET("/info", handler.Ping)
+}
+
+func SysNoCheckRoleRouter(r *gin.RouterGroup) {
+	v1 := r.Group("/api/v1")
+
+	v1.GET("/monitor/server", monitor.ServerInfo)
+	v1.GET("/getCaptcha", system.GenerateCaptchaHandler)
+	v1.GET("/menuTreeselect", system.GetMenuTreeelect)
+}
+
 func RegisterBaseRouter(v1 *gin.RouterGroup, authMiddleware *jwt.GinJWTMiddleware) {
 	v1auth := v1.Use(authMiddleware.MiddlewareFunc()).Use(middleware.AuthCheckRole())
 	{