更新ldap。

2020-08-17 01:24:51 +08:00 · 2020-08-17 01:24:51 +08:00 · c30f7c8387
commit c30f7c8387
parent 45899369d0
4 changed files with 101 additions and 115 deletions
--- a/handler/auth.go
+++ b/handler/auth.go
@ -1,10 +1,13 @@
 package handler
 import (
 	"ferry/global/orm"
 	"ferry/models/system"
 	jwt "ferry/pkg/jwtauth"
 	"ferry/pkg/ldap"
 	"ferry/pkg/logger"
 	"ferry/tools"
 	"fmt"
 	"net/http"
 	"github.com/gin-gonic/gin"
@ -51,45 +54,90 @@ func IdentityHandler(c *gin.Context) interface{} {
 // @Success 200 {string} string "{"code": 200, "expire": "2019-08-07T12:45:48+08:00", "token": ".eyJleHAiOjE1NjUxNTMxNDgsImlkIjoiYWRtaW4iLCJvcmlnX2lhdCI6MTU2NTE0OTU0OH0.-zvzHvbg0A" }"
 // @Router /login [post]
 func Authenticator(c *gin.Context) (interface{}, error) {
-	var loginVals system.Login
+	var (
-	var loginlog system.LoginLog
+		err           error
 		loginVal      system.Login
 		loginLog      system.LoginLog
 		roleValue     system.SysRole
 		authUserCount int
 		l             = ldap.Connection{}
 		userInfo      system.SysUser
 		addUserInfo   struct {
 			Username string `json:"username"`
 			RoleId   int    `json:"role_id"`
 		}
 	)
 	loginType := c.DefaultQuery("login_type", "0")
 	ua := user_agent.New(c.Request.UserAgent())
-	loginlog.Ipaddr = c.ClientIP()
+	loginLog.Ipaddr = c.ClientIP()
 	location := tools.GetLocation(c.ClientIP())
-	loginlog.LoginLocation = location
+	loginLog.LoginLocation = location
-	loginlog.LoginTime = tools.GetCurrntTime()
+	loginLog.LoginTime = tools.GetCurrntTime()
-	loginlog.Status = "0"
+	loginLog.Status = "0"
-	loginlog.Remark = c.Request.UserAgent()
+	loginLog.Remark = c.Request.UserAgent()
 	browserName, browserVersion := ua.Browser()
-	loginlog.Browser = browserName + " " + browserVersion
+	loginLog.Browser = browserName + " " + browserVersion
-	loginlog.Os = ua.OS()
+	loginLog.Os = ua.OS()
-	loginlog.Msg = "登录成功"
+	loginLog.Msg = "登录成功"
-	loginlog.Platform = ua.Platform()
+	loginLog.Platform = ua.Platform()
-	if err := c.ShouldBind(&loginVals); err != nil {
+	// 获取前端过来的数据
-		loginlog.Status = "1"
+	if err := c.ShouldBind(&loginVal); err != nil {
-		loginlog.Msg = "数据解析失败"
+		fmt.Println("********** " + err.Error() + " **********")
-		loginlog.Username = loginVals.Username
+		loginLog.Status = "1"
-		_, _ = loginlog.Create()
+		loginLog.Msg = "数据解析失败"
 		loginLog.Username = loginVal.Username
 		_, _ = loginLog.Create()
 		return nil, jwt.ErrMissingLoginValues
 	}
-	loginlog.Username = loginVals.Username
+	loginLog.Username = loginVal.Username
-	if !store.Verify(loginVals.UUID, loginVals.Code, true) {
+
-		loginlog.Status = "1"
+	// 校验验证码
-		loginlog.Msg = "验证码错误"
+	if !store.Verify(loginVal.UUID, loginVal.Code, true) {
-		_, _ = loginlog.Create()
+		loginLog.Status = "1"
 		loginLog.Msg = "验证码错误"
 		_, _ = loginLog.Create()
 		return nil, jwt.ErrInvalidVerificationode
 	}
-	user, role, e := loginVals.GetUser()
+	// ldap 验证
 	if loginType == "1" {
 		// ldap登陆
 		err = l.LdapLogin(loginVal.Username, loginVal.Password)
 		if err != nil {
 			return nil, jwt.ErrInvalidVerificationode
 		}
 		// 2. 将ldap用户信息写入到用户数据表中
 		err = orm.Eloquent.Table("sys_user").
 			Where("username = ?", userInfo.Username).
 			Count(&authUserCount).Error
 		if err != nil {
 			return nil, jwt.ErrInvalidVerificationode
 		}
 		if authUserCount == 0 {
 			addUserInfo.Username = userInfo.Username
 			// 获取默认权限ID
 			err = orm.Eloquent.Table("sys_role").Where("role_key = 'common'").Find(&roleValue).Error
 			if err != nil {
 				return nil, jwt.ErrInvalidVerificationode
 			}
 			addUserInfo.RoleId = roleValue.RoleId // 绑定通用角色
 			err = orm.Eloquent.Table("sys_user").Create(&addUserInfo).Error
 			if err != nil {
 				return nil, jwt.ErrInvalidVerificationode
 			}
 		}
 	}
 	user, role, e := loginVal.GetUser()
 	if e == nil {
-		_, _ = loginlog.Create()
+		_, _ = loginLog.Create()
 		return map[string]interface{}{"user": user, "role": role}, nil
 	} else {
-		loginlog.Status = "1"
+		loginLog.Status = "1"
-		loginlog.Msg = "登录失败"
+		loginLog.Msg = "登录失败"
-		_, _ = loginlog.Create()
+		_, _ = loginLog.Create()
 		logger.Info(e.Error())
 	}
--- a/pkg/jwtauth/jwtauth.go
+++ b/pkg/jwtauth/jwtauth.go
@ -3,8 +3,6 @@ package jwtauth
 import (
 	"crypto/rsa"
 	"errors"
 	"ferry/global/orm"
 	"ferry/pkg/ldap"
 	config2 "ferry/tools/config"
 	"io/ioutil"
 	"net/http"
@ -439,74 +437,15 @@ func (mw *GinJWTMiddleware) LoginHandler(c *gin.Context) {
 		err  error
 	)
-	loginType := c.DefaultQuery("login_type", "0")
+	if mw.Authenticator == nil {
 		mw.unauthorized(c, http.StatusInternalServerError, mw.HTTPStatusMessageFunc(ErrMissingAuthenticatorFunc, c))
 		return
 	}
-	if loginType == "0" {
+	data, err = mw.Authenticator(c)
-		// 普通登陆
+	if err != nil {
-		if mw.Authenticator == nil {
+		mw.unauthorized(c, 400, mw.HTTPStatusMessageFunc(err, c))
-			mw.unauthorized(c, http.StatusInternalServerError, mw.HTTPStatusMessageFunc(ErrMissingAuthenticatorFunc, c))
+		return
 			return
 		}
 		data, err = mw.Authenticator(c)
 		if err != nil {
 			mw.unauthorized(c, 400, mw.HTTPStatusMessageFunc(err, c))
 			return
 		}
 	} else {
 		// ldap登陆
 		// 1. 获取ldap用户信息
 		var (
 			roleValue struct {
 				RoleId int `json:"role_id"`
 			}
 			authUserCount int
 			l             = ldap.Connection{}
 			userInfo      struct {
 				Username string `json:"username"`
 				Password string `json:"password"`
 			}
 			addUserInfo struct {
 				Username string `json:"username"`
 				RoleId   int    `json:"role_id"`
 			}
 		)
 		err = c.ShouldBind(&userInfo)
 		if err != nil {
 			mw.unauthorized(c, -1, mw.HTTPStatusMessageFunc(err, c))
 			return
 		}
 		err = l.LdapLogin(userInfo.Username, userInfo.Password)
 		if err != nil {
 			mw.unauthorized(c, -1, mw.HTTPStatusMessageFunc(err, c))
 			return
 		}
 		// 2. 将ldap用户信息写入到用户数据表中
 		err = orm.Eloquent.Table("sys_user").
 			Where("username = ?", userInfo.Username).
 			Count(&authUserCount).Error
 		if err != nil {
 			mw.unauthorized(c, -1, mw.HTTPStatusMessageFunc(err, c))
 			return
 		}
 		if authUserCount == 0 {
 			addUserInfo.Username = userInfo.Username
 			// 获取默认权限ID
 			err = orm.Eloquent.Table("sys_role").Where("role_key = 'common'").Scan(&roleValue).Error
 			if err != nil {
 				mw.unauthorized(c, -1, mw.HTTPStatusMessageFunc(err, c))
 				return
 			}
 			addUserInfo.RoleId = roleValue.RoleId // 绑定通用角色
 			err = orm.Eloquent.Table("sys_user").Create(&addUserInfo).Error
 			if err != nil {
 				mw.unauthorized(c, -1, mw.HTTPStatusMessageFunc(err, c))
 				return
 			}
 		}
 		// 3. 获取
 	}
 	// Create the token
--- a/router/router.go
+++ b/router/router.go
@ -1,11 +1,7 @@
 package router
 import (
 	"ferry/apis/monitor"
 	"ferry/apis/system"
 	"ferry/handler"
 	"ferry/pkg/jwtauth"
 	jwt "ferry/pkg/jwtauth"
 	"ferry/router/dashboard"
 	"ferry/router/process"
 	systemRouter "ferry/router/system"
@ -17,10 +13,11 @@ import (
 	_ "github.com/gin-gonic/gin"
 )
-func InitSysRouter(r *gin.Engine, authMiddleware *jwt.GinJWTMiddleware) *gin.RouterGroup {
+func InitSysRouter(r *gin.Engine, authMiddleware *jwtauth.GinJWTMiddleware) *gin.RouterGroup {
 	g := r.Group("")
-	sysBaseRouter(g)
+	systemRouter.SysBaseRouter(g)
 	// 静态文件
 	sysStaticFileRouter(g)
@ -28,18 +25,14 @@ func InitSysRouter(r *gin.Engine, authMiddleware *jwt.GinJWTMiddleware) *gin.Rou
 	sysSwaggerRouter(g)
 	// 无需认证
-	sysNoCheckRoleRouter(g)
+	systemRouter.SysNoCheckRoleRouter(g)
 	// 需要认证
 	sysCheckRoleRouterInit(g, authMiddleware)
 	return g
 }
 func sysBaseRouter(r *gin.RouterGroup) {
 	r.GET("/", system.HelloWorld)
 	r.GET("/info", handler.Ping)
 }
 func sysStaticFileRouter(r *gin.RouterGroup) {
 	r.Static("/static", "./static")
 }
@ -48,14 +41,6 @@ func sysSwaggerRouter(r *gin.RouterGroup) {
 	r.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerFiles.Handler))
 }
 func sysNoCheckRoleRouter(r *gin.RouterGroup) {
 	v1 := r.Group("/api/v1")
 	v1.GET("/monitor/server", monitor.ServerInfo)
 	v1.GET("/getCaptcha", system.GenerateCaptchaHandler)
 	v1.GET("/menuTreeselect", system.GetMenuTreeelect)
 }
 func sysCheckRoleRouterInit(r *gin.RouterGroup, authMiddleware *jwtauth.GinJWTMiddleware) {
 	r.POST("/login", authMiddleware.LoginHandler)
 	// Refresh time can be longer than token timeout
--- a/router/system/sys_router.go
+++ b/router/system/sys_router.go
@ -2,6 +2,7 @@ package system
 import (
 	log2 "ferry/apis/log"
 	"ferry/apis/monitor"
 	"ferry/apis/system"
 	_ "ferry/docs"
 	"ferry/handler"
@ -11,6 +12,19 @@ import (
 	"github.com/gin-gonic/gin"
 )
 func SysBaseRouter(r *gin.RouterGroup) {
 	r.GET("/", system.HelloWorld)
 	r.GET("/info", handler.Ping)
 }
 func SysNoCheckRoleRouter(r *gin.RouterGroup) {
 	v1 := r.Group("/api/v1")
 	v1.GET("/monitor/server", monitor.ServerInfo)
 	v1.GET("/getCaptcha", system.GenerateCaptchaHandler)
 	v1.GET("/menuTreeselect", system.GetMenuTreeelect)
 }
 func RegisterBaseRouter(v1 *gin.RouterGroup, authMiddleware *jwt.GinJWTMiddleware) {
 	v1auth := v1.Use(authMiddleware.MiddlewareFunc()).Use(middleware.AuthCheckRole())
 	{