From c30f7c838787e0e7ccdeeaf1c459e798d1d83c5b Mon Sep 17 00:00:00 2001 From: "Mr. Lan" Date: Mon, 17 Aug 2020 01:24:51 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0ldap=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- handler/auth.go | 100 ++++++++++++++++++++++++++---------- pkg/jwtauth/jwtauth.go | 77 +++------------------------ router/router.go | 25 ++------- router/system/sys_router.go | 14 +++++ 4 files changed, 101 insertions(+), 115 deletions(-) diff --git a/handler/auth.go b/handler/auth.go index f64a906..4644d66 100644 --- a/handler/auth.go +++ b/handler/auth.go @@ -1,10 +1,13 @@ package handler import ( + "ferry/global/orm" "ferry/models/system" jwt "ferry/pkg/jwtauth" + "ferry/pkg/ldap" "ferry/pkg/logger" "ferry/tools" + "fmt" "net/http" "github.com/gin-gonic/gin" @@ -51,45 +54,90 @@ func IdentityHandler(c *gin.Context) interface{} { // @Success 200 {string} string "{"code": 200, "expire": "2019-08-07T12:45:48+08:00", "token": ".eyJleHAiOjE1NjUxNTMxNDgsImlkIjoiYWRtaW4iLCJvcmlnX2lhdCI6MTU2NTE0OTU0OH0.-zvzHvbg0A" }" // @Router /login [post] func Authenticator(c *gin.Context) (interface{}, error) { - var loginVals system.Login - var loginlog system.LoginLog + var ( + err error + loginVal system.Login + loginLog system.LoginLog + roleValue system.SysRole + authUserCount int + l = ldap.Connection{} + userInfo system.SysUser + addUserInfo struct { + Username string `json:"username"` + RoleId int `json:"role_id"` + } + ) + loginType := c.DefaultQuery("login_type", "0") ua := user_agent.New(c.Request.UserAgent()) - loginlog.Ipaddr = c.ClientIP() + loginLog.Ipaddr = c.ClientIP() location := tools.GetLocation(c.ClientIP()) - loginlog.LoginLocation = location - loginlog.LoginTime = tools.GetCurrntTime() - loginlog.Status = "0" - loginlog.Remark = c.Request.UserAgent() + loginLog.LoginLocation = location + loginLog.LoginTime = tools.GetCurrntTime() + loginLog.Status = "0" + loginLog.Remark = c.Request.UserAgent() browserName, browserVersion := ua.Browser() - loginlog.Browser = browserName + " " + browserVersion - loginlog.Os = ua.OS() - loginlog.Msg = "登录成功" - loginlog.Platform = ua.Platform() + loginLog.Browser = browserName + " " + browserVersion + loginLog.Os = ua.OS() + loginLog.Msg = "登录成功" + loginLog.Platform = ua.Platform() - if err := c.ShouldBind(&loginVals); err != nil { - loginlog.Status = "1" - loginlog.Msg = "数据解析失败" - loginlog.Username = loginVals.Username - _, _ = loginlog.Create() + // 获取前端过来的数据 + if err := c.ShouldBind(&loginVal); err != nil { + fmt.Println("********** " + err.Error() + " **********") + loginLog.Status = "1" + loginLog.Msg = "数据解析失败" + loginLog.Username = loginVal.Username + _, _ = loginLog.Create() return nil, jwt.ErrMissingLoginValues } - loginlog.Username = loginVals.Username - if !store.Verify(loginVals.UUID, loginVals.Code, true) { - loginlog.Status = "1" - loginlog.Msg = "验证码错误" - _, _ = loginlog.Create() + loginLog.Username = loginVal.Username + + // 校验验证码 + if !store.Verify(loginVal.UUID, loginVal.Code, true) { + loginLog.Status = "1" + loginLog.Msg = "验证码错误" + _, _ = loginLog.Create() return nil, jwt.ErrInvalidVerificationode } - user, role, e := loginVals.GetUser() + // ldap 验证 + if loginType == "1" { + // ldap登陆 + err = l.LdapLogin(loginVal.Username, loginVal.Password) + if err != nil { + return nil, jwt.ErrInvalidVerificationode + } + // 2. 将ldap用户信息写入到用户数据表中 + err = orm.Eloquent.Table("sys_user"). + Where("username = ?", userInfo.Username). + Count(&authUserCount).Error + if err != nil { + return nil, jwt.ErrInvalidVerificationode + } + if authUserCount == 0 { + addUserInfo.Username = userInfo.Username + // 获取默认权限ID + err = orm.Eloquent.Table("sys_role").Where("role_key = 'common'").Find(&roleValue).Error + if err != nil { + return nil, jwt.ErrInvalidVerificationode + } + addUserInfo.RoleId = roleValue.RoleId // 绑定通用角色 + err = orm.Eloquent.Table("sys_user").Create(&addUserInfo).Error + if err != nil { + return nil, jwt.ErrInvalidVerificationode + } + } + } + + user, role, e := loginVal.GetUser() if e == nil { - _, _ = loginlog.Create() + _, _ = loginLog.Create() return map[string]interface{}{"user": user, "role": role}, nil } else { - loginlog.Status = "1" - loginlog.Msg = "登录失败" - _, _ = loginlog.Create() + loginLog.Status = "1" + loginLog.Msg = "登录失败" + _, _ = loginLog.Create() logger.Info(e.Error()) } diff --git a/pkg/jwtauth/jwtauth.go b/pkg/jwtauth/jwtauth.go index 2929ac9..bc43b30 100644 --- a/pkg/jwtauth/jwtauth.go +++ b/pkg/jwtauth/jwtauth.go @@ -3,8 +3,6 @@ package jwtauth import ( "crypto/rsa" "errors" - "ferry/global/orm" - "ferry/pkg/ldap" config2 "ferry/tools/config" "io/ioutil" "net/http" @@ -439,74 +437,15 @@ func (mw *GinJWTMiddleware) LoginHandler(c *gin.Context) { err error ) - loginType := c.DefaultQuery("login_type", "0") + if mw.Authenticator == nil { + mw.unauthorized(c, http.StatusInternalServerError, mw.HTTPStatusMessageFunc(ErrMissingAuthenticatorFunc, c)) + return + } - if loginType == "0" { - // 普通登陆 - if mw.Authenticator == nil { - mw.unauthorized(c, http.StatusInternalServerError, mw.HTTPStatusMessageFunc(ErrMissingAuthenticatorFunc, c)) - return - } - - data, err = mw.Authenticator(c) - - if err != nil { - mw.unauthorized(c, 400, mw.HTTPStatusMessageFunc(err, c)) - return - } - } else { - // ldap登陆 - // 1. 获取ldap用户信息 - var ( - roleValue struct { - RoleId int `json:"role_id"` - } - authUserCount int - l = ldap.Connection{} - userInfo struct { - Username string `json:"username"` - Password string `json:"password"` - } - addUserInfo struct { - Username string `json:"username"` - RoleId int `json:"role_id"` - } - ) - err = c.ShouldBind(&userInfo) - if err != nil { - mw.unauthorized(c, -1, mw.HTTPStatusMessageFunc(err, c)) - return - } - err = l.LdapLogin(userInfo.Username, userInfo.Password) - if err != nil { - mw.unauthorized(c, -1, mw.HTTPStatusMessageFunc(err, c)) - return - } - // 2. 将ldap用户信息写入到用户数据表中 - err = orm.Eloquent.Table("sys_user"). - Where("username = ?", userInfo.Username). - Count(&authUserCount).Error - if err != nil { - mw.unauthorized(c, -1, mw.HTTPStatusMessageFunc(err, c)) - return - } - if authUserCount == 0 { - addUserInfo.Username = userInfo.Username - // 获取默认权限ID - err = orm.Eloquent.Table("sys_role").Where("role_key = 'common'").Scan(&roleValue).Error - if err != nil { - mw.unauthorized(c, -1, mw.HTTPStatusMessageFunc(err, c)) - return - } - addUserInfo.RoleId = roleValue.RoleId // 绑定通用角色 - err = orm.Eloquent.Table("sys_user").Create(&addUserInfo).Error - if err != nil { - mw.unauthorized(c, -1, mw.HTTPStatusMessageFunc(err, c)) - return - } - } - - // 3. 获取 + data, err = mw.Authenticator(c) + if err != nil { + mw.unauthorized(c, 400, mw.HTTPStatusMessageFunc(err, c)) + return } // Create the token diff --git a/router/router.go b/router/router.go index 1bb2fd4..1dea422 100644 --- a/router/router.go +++ b/router/router.go @@ -1,11 +1,7 @@ package router import ( - "ferry/apis/monitor" - "ferry/apis/system" - "ferry/handler" "ferry/pkg/jwtauth" - jwt "ferry/pkg/jwtauth" "ferry/router/dashboard" "ferry/router/process" systemRouter "ferry/router/system" @@ -17,10 +13,11 @@ import ( _ "github.com/gin-gonic/gin" ) -func InitSysRouter(r *gin.Engine, authMiddleware *jwt.GinJWTMiddleware) *gin.RouterGroup { +func InitSysRouter(r *gin.Engine, authMiddleware *jwtauth.GinJWTMiddleware) *gin.RouterGroup { g := r.Group("") - sysBaseRouter(g) + systemRouter.SysBaseRouter(g) + // 静态文件 sysStaticFileRouter(g) @@ -28,18 +25,14 @@ func InitSysRouter(r *gin.Engine, authMiddleware *jwt.GinJWTMiddleware) *gin.Rou sysSwaggerRouter(g) // 无需认证 - sysNoCheckRoleRouter(g) + systemRouter.SysNoCheckRoleRouter(g) + // 需要认证 sysCheckRoleRouterInit(g, authMiddleware) return g } -func sysBaseRouter(r *gin.RouterGroup) { - r.GET("/", system.HelloWorld) - r.GET("/info", handler.Ping) -} - func sysStaticFileRouter(r *gin.RouterGroup) { r.Static("/static", "./static") } @@ -48,14 +41,6 @@ func sysSwaggerRouter(r *gin.RouterGroup) { r.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerFiles.Handler)) } -func sysNoCheckRoleRouter(r *gin.RouterGroup) { - v1 := r.Group("/api/v1") - - v1.GET("/monitor/server", monitor.ServerInfo) - v1.GET("/getCaptcha", system.GenerateCaptchaHandler) - v1.GET("/menuTreeselect", system.GetMenuTreeelect) -} - func sysCheckRoleRouterInit(r *gin.RouterGroup, authMiddleware *jwtauth.GinJWTMiddleware) { r.POST("/login", authMiddleware.LoginHandler) // Refresh time can be longer than token timeout diff --git a/router/system/sys_router.go b/router/system/sys_router.go index 26ce0e4..95c5224 100644 --- a/router/system/sys_router.go +++ b/router/system/sys_router.go @@ -2,6 +2,7 @@ package system import ( log2 "ferry/apis/log" + "ferry/apis/monitor" "ferry/apis/system" _ "ferry/docs" "ferry/handler" @@ -11,6 +12,19 @@ import ( "github.com/gin-gonic/gin" ) +func SysBaseRouter(r *gin.RouterGroup) { + r.GET("/", system.HelloWorld) + r.GET("/info", handler.Ping) +} + +func SysNoCheckRoleRouter(r *gin.RouterGroup) { + v1 := r.Group("/api/v1") + + v1.GET("/monitor/server", monitor.ServerInfo) + v1.GET("/getCaptcha", system.GenerateCaptchaHandler) + v1.GET("/menuTreeselect", system.GetMenuTreeelect) +} + func RegisterBaseRouter(v1 *gin.RouterGroup, authMiddleware *jwt.GinJWTMiddleware) { v1auth := v1.Use(authMiddleware.MiddlewareFunc()).Use(middleware.AuthCheckRole()) {