user auth初步搭建

app/device/dao/common.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	_ "github.com/go-sql-driver/mysql"
 	"github.com/jinzhu/gorm"
+	"iot_manager_service/app/user/dao"
 )
 
 var Db *gorm.DB
@@ -11,7 +12,7 @@ var Db *gorm.DB
 func InitDB(db *gorm.DB) {
 	Db = db
 	err := Db.AutoMigrate(
-		&User{},
+		&dao.User{},
 		&Dict{},
 		&LampPoleGroup{},
 		&LampPole{},

app/user/controller/role.go

@@ -0,0 +1 @@
+package controller

app/user/controller/tenant.go

@@ -0,0 +1 @@
+package controller

app/user/controller/token.go

@@ -0,0 +1,137 @@
+package controller
+
+import (
+	"github.com/gin-gonic/gin"
+	"github.com/golang-jwt/jwt"
+	"time"
+
+	"iot_manager_service/app/user/model"
+	"iot_manager_service/config"
+	"iot_manager_service/util"
+	"net/http"
+	"strings"
+)
+
+var Auth = new(auth)
+
+type auth struct{}
+
+func (c *auth) Token(ctx *gin.Context) {
+	tenantId := ctx.Query("tenantId")
+	userName := ctx.Query("username")
+	password := ctx.Query("password")
+	grantType := ctx.Query("grant_type")
+	refreshToken := ctx.Query("refresh_token")
+
+	checkLock()
+
+	userType := ctx.GetHeader(model.USER_TYPE_HEADER_KEY)
+	token := model.Token{
+		TenantId:     tenantId,
+		UserName:     userName,
+		Password:     password,
+		GrantType:    grantType,
+		RefreshToken: refreshToken,
+		UserType:     userType,
+	}
+	userInfo, err := grant(token, ctx)
+	if err != nil {
+		ctx.JSON(http.StatusOK, err)
+		return
+	}
+	if userInfo == nil || userInfo.User == nil {
+		ctx.JSON(http.StatusOK, util.NormalResponse(http.StatusBadRequest, model.USER_NOT_FOUND, nil))
+		return
+	}
+	if len(userInfo.Roles) == 0 {
+		ctx.JSON(http.StatusOK, util.NormalResponse(http.StatusBadRequest, model.USER_HAS_NO_ROLE, nil))
+		return
+	}
+
+	jwtToken, e := getAccessToken(*userInfo)
+	if e != nil {
+		ctx.JSON(http.StatusOK, util.NormalResponse(http.StatusBadRequest, e.Error(), nil))
+	}
+	ctx.JSON(http.StatusOK, model.RspToken{
+		TenantId:     "",
+		UserId:       "",
+		DeptId:       "",
+		PostId:       "",
+		RoleId:       "",
+		OauthId:      "",
+		Account:      "",
+		UserName:     "",
+		NickName:     "",
+		RoleName:     "",
+		Avatar:       "",
+		AccessToken:  jwtToken,
+		RefreshToken: "",
+		TokenType:    "",
+		ExpiresIn:    0,
+		License:      "",
+	})
+}
+
+//checkLock 校验用户登录失败次数
+func checkLock() {
+
+}
+
+func getAccessToken(info model.UserInfo) (string, error) {
+	claims := jwt.NewWithClaims(jwt.SigningMethodHS512, jwt.MapClaims{
+		model.Iss:       "issuser",
+		model.Aud:       "audience",
+		model.TenantId:  info.TenantId,
+		model.RoleId:    info.RoleId,
+		model.RoleName:  info.Roles[0],
+		model.UserId:    info.ID,
+		model.DeptId:    info.DeptId,
+		model.PostId:    info.PostId,
+		model.OauthID:   info.OauthId,
+		model.Account:   info.Account,
+		model.UserName:  info.Account,
+		model.NickName:  info.RealName,
+		model.TokenType: "access_token",
+		model.ClientId:  "saber",
+		model.Exp:       time.Now().Add(7 * 24 * time.Hour).Unix(),
+		model.Nbf:       time.Now().Unix(),
+	})
+	return claims.SigningString()
+}
+
+func getRefreshToken(info model.UserInfo) (string, error) {
+	claims := jwt.NewWithClaims(jwt.SigningMethodHS512, jwt.MapClaims{
+		model.Iss:       "issuser",
+		model.Aud:       "audience",
+		model.UserId:    info.ID,
+		model.ClientId:  "saber",
+		model.TokenType: "refresh_token",
+		model.Exp:       time.Now().Add(7 * 24 * time.Hour).Unix(),
+		model.Nbf:       time.Now().Unix(),
+	})
+	return claims.SigningString()
+}
+
+func grant(token model.Token, ctx *gin.Context) (*model.UserInfo, *util.Errors) {
+	info := &model.UserInfo{}
+	key := ctx.GetHeader(model.CAPTCHA_HEADER_KEY)
+	code := ctx.GetHeader(model.CAPTCHA_HEADER_CODE)
+	// 获取验证码
+	redisCode := util.Redis.Get(model.CAPTCHA_KEY + key).String()
+	// 判断验证码
+	if config.Instance().Server.CodeEnable && (code == "" || !strings.EqualFold(redisCode, code)) {
+		return nil, util.NormalResponse(http.StatusBadRequest, model.CAPTCHA_NOT_CORRECT, nil)
+	}
+
+	if token.UserName != "" && token.Password != "" {
+		// 获取租户信息
+		//Tenant tenant = tenantService.getByTenantId(tenantId);
+		//if (TokenUtil.judgeTenant(tenant)) {
+		//    throw new ServiceException(TokenUtil.USER_HAS_NO_TENANT_PERMISSION);
+		//}
+		// 获取用户类型
+		// 根据不同用户类型调用对应的接口返回数据，用户可自行拓展
+		// info.User = userService.GetUser(token.tenantId, token.UserName, token.password)
+	}
+	return info, nil
+}

app/user/controller/user.go

@@ -0,0 +1 @@
+package controller

app/user/dao/common.go

@@ -0,0 +1,19 @@
+package dao
+
+import (
+	"fmt"
+	_ "github.com/go-sql-driver/mysql"
+	"github.com/jinzhu/gorm"
+)
+
+var Db *gorm.DB
+
+func InitDB(db *gorm.DB) {
+	Db = db
+	err := Db.AutoMigrate(
+		&User{},
+	).Error
+	if err != nil {
+		panic(fmt.Sprintf("AutoMigrate err : %v", err))
+	}
+}

app/device/dao/user.go

@@ -1,6 +1,7 @@
 package dao
 
 import (
+	"iot_manager_service/app/device/dao"
 	"time"
 )
 
@@ -38,5 +39,5 @@ func (User) TableName() string {
 }
 
 func (c *User) GetUser() error {
-	return Db.Model(&c).Where("id = ?", c.ID).Find(&c).Error
+	return dao.Db.Model(&c).Where("id = ?", c.ID).Find(&c).Error
 }

app/user/model/token.go

@@ -0,0 +1,77 @@
+package model
+
+import "iot_manager_service/app/user/dao"
+
+type Token struct {
+	TenantId     string
+	UserName     string
+	Password     string
+	GrantType    string
+	RefreshToken string
+	UserType     string
+}
+
+type UserInfo struct {
+	*dao.User            //用户基础信息
+	Permissions []string //权限标识集合
+	Roles       []string //角色集合
+	OauthId     string   //第三方授权id
+}
+
+type RspToken struct {
+	TenantId     string `json:"tenant_id"`
+	UserId       string `json:"user_id"`
+	DeptId       string `json:"dept_id"`
+	PostId       string `json:"post_id"`
+	RoleId       string `json:"role_id"`
+	OauthId      string `json:"oauth_id"`
+	Account      string `json:"account"`
+	UserName     string `json:"user_name"`
+	NickName     string `json:"nick_name"`
+	RoleName     string `json:"role_name"`
+	Avatar       string `json:"avatar"`
+	AccessToken  string `json:"access_token"`
+	RefreshToken string `json:"refresh_token"`
+	TokenType    string `json:"token_type"`
+	ExpiresIn    int    `json:"expires_in"`
+	License      string `json:"license"`
+}
+
+// JWT
+const (
+	Iss       = "iss"
+	Aud       = "aud"
+	TenantId  = "tenant_id"
+	RoleName  = "role_name"
+	PostId    = "post_id"
+	UserId    = "user_id"
+	RoleId    = "role_id"
+	UserName  = "user_name"
+	OauthID   = "oauth_id"
+	NickName  = "nick_name"
+	TokenType = "token_type"
+	DeptId    = "dept_id"
+	Account   = "account"
+	ClientId  = "client_id"
+	Exp       = "exp"
+	Nbf       = "nbf"
+)
+
+const (
+	CAPTCHA_HEADER_KEY            = "Captcha-Key"
+	CAPTCHA_HEADER_CODE           = "Captcha-Code"
+	CAPTCHA_NOT_CORRECT           = "验证码不正确"
+	TENANT_HEADER_KEY             = "Tenant-Id"
+	DEFAULT_TENANT_ID             = "000000"
+	USER_TYPE_HEADER_KEY          = "User-Type"
+	DEFAULT_USER_TYPE             = "web"
+	USER_NOT_FOUND                = "用户名或密码错误"
+	USER_HAS_NO_ROLE              = "未获得用户的角色信息"
+	USER_HAS_NO_TENANT            = "未获得用户的租户信息"
+	USER_HAS_NO_TENANT_PERMISSION = "租户授权已过期,请联系管理员"
+	HEADER_KEY                    = "Authorization"
+	HEADER_PREFIX                 = "Basic "
+	DEFAULT_AVATAR                = "https://gw.alipayobjects.com/zos/rmsportal/BiazfanxmamNRoxxVxka.png"
+
+	CAPTCHA_KEY = "blade:auth::blade:captcha:"
+)

config/config.go

@@ -41,7 +41,8 @@ type config struct {
 }
 
 type server struct {
-	Address string `yaml:address"`
+	Address    string `yaml:"address"`
+	CodeEnable bool   `yaml:"code_enable"`
 }
 
 type database struct {

config/config.yaml

@@ -1,6 +1,7 @@
 # HTTP Server.
 server:
   address: ":8199"
+  code_enabled: true
 
 # Logger configurations.
 logger:

go.mod

@@ -6,8 +6,8 @@ require (
 	github.com/gin-gonic/gin v1.8.1
 	github.com/go-redis/redis v6.15.9+incompatible
 	github.com/go-sql-driver/mysql v1.6.0
+	github.com/golang-jwt/jwt v3.2.2+incompatible
 	github.com/jinzhu/gorm v1.9.16
-	github.com/patrickmn/go-cache v2.1.0+incompatible
 	gopkg.in/yaml.v2 v2.4.0
 )
 

main.go

@@ -3,7 +3,8 @@ package main
 import (
 	"github.com/gin-gonic/gin"
 	"github.com/jinzhu/gorm"
-	"iot_manager_service/app/device/dao"
+	device "iot_manager_service/app/device/dao"
+	user "iot_manager_service/app/user/dao"
 	"iot_manager_service/config"
 	_ "iot_manager_service/config"
 	"iot_manager_service/router"
@@ -38,5 +39,6 @@ func initDB() {
 		db.DB().SetMaxIdleConns(5)
 		db.LogMode(false)
 	}
-	dao.InitDB(db)
+	device.InitDB(db)
+	user.InitDB(db)
 }

router/router.go

@@ -4,6 +4,7 @@ import (
 	"github.com/gin-gonic/gin"
 	"iot_manager_service/app/device/controller"
 	"iot_manager_service/app/middleware"
+	user "iot_manager_service/app/user/controller"
 )
 
 func InitRouter(engine *gin.Engine) {
@@ -332,4 +333,9 @@ func InitRouter(engine *gin.Engine) {
 		onDemandLightingControl.POST("/relation", controller.OnDemandLightingControl.Relation)
 		onDemandLightingControl.POST("/changHandSwitch", controller.OnDemandLightingControl.ChangeHandSwitch)
 	}
+
+	auth := engine.Group("/api/blade-auth")
+	{
+		auth.POST("/oauth/token", user.Auth.Token)
+	}
 }

util/errors.go

@@ -50,3 +50,11 @@ func OperationInvalidResponse(msg string, data interface{}) *Errors {
 		Data: data,
 	}
 }
+
+func NormalResponse(code int, msg string, data interface{}) *Errors {
+	return &Errors{
+		Code: code,
+		Msg:  msg,
+		Data: data,
+	}
+}

util/redis.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"github.com/go-redis/redis"
 	"iot_manager_service/app/device/dao"
+	dao2 "iot_manager_service/app/user/dao"
 	"iot_manager_service/config"
 	"strconv"
 	"time"
@@ -43,7 +44,7 @@ func GetUserName(id int64) string {
 	key := fmt.Sprintf(UserKey, id)
 	name, err := Redis.Get(key).Result()
 	if err != nil {
-		user := &dao.User{ID: id}
+		user := &dao2.User{ID: id}
 		if err := user.GetUser(); err != nil {
 			fmt.Printf("GetUser err = %s \n", err)
 		} else {