package controller import ( "github.com/gin-gonic/gin" "github.com/golang-jwt/jwt" "strconv" "time" "iot_manager_service/app/user/model" "iot_manager_service/config" "iot_manager_service/util" "net/http" "strings" ) var Auth = new(auth) type auth struct{} func (c *auth) Token(ctx *gin.Context) { tenantId := ctx.Query("tenantId") userName := ctx.Query("username") password := ctx.Query("password") grantType := ctx.Query("grant_type") refreshToken := ctx.Query("refresh_token") checkLock() userType := ctx.GetHeader(model.USER_TYPE_HEADER_KEY) token := model.Token{ TenantId: tenantId, UserName: userName, Password: password, GrantType: grantType, RefreshToken: refreshToken, UserType: userType, } userInfo, err := grant(token, ctx) if err != nil { ctx.JSON(http.StatusOK, err) return } if userInfo == nil || userInfo.User == nil { ctx.JSON(http.StatusOK, util.NormalResponse(http.StatusBadRequest, model.USER_NOT_FOUND, nil)) return } if len(userInfo.Roles) == 0 { ctx.JSON(http.StatusOK, util.NormalResponse(http.StatusBadRequest, model.USER_HAS_NO_ROLE, nil)) return } jwtToken, e := getAccessToken(*userInfo) if e != nil { ctx.JSON(http.StatusOK, util.NormalResponse(http.StatusBadRequest, e.Error(), nil)) } ctx.JSON(http.StatusOK, model.RspToken{ TenantId: userInfo.TenantId, UserId: strconv.FormatInt(userInfo.ID, 64), DeptId: userInfo.DeptId, PostId: userInfo.PostId, RoleId: userInfo.RoleId, OauthId: userInfo.OauthId, Account: userInfo.Account, UserName: userInfo.Name, NickName: userInfo.RealName, RoleName: userInfo.Roles[0], Avatar: userInfo.Avatar, AccessToken: jwtToken, RefreshToken: getRefreshToken(*userInfo), TokenType: model.BEARER, ExpiresIn: 7200, License: "", }) } //checkLock 校验用户登录失败次数 func checkLock() { } func getAccessToken(info model.UserInfo) (string, error) { claims := jwt.NewWithClaims(jwt.SigningMethodHS512, jwt.MapClaims{ model.Iss: "issuser", model.Aud: "audience", model.TokenType: "access_token", model.ClientId: "saber", model.TenantId: info.TenantId, model.RoleId: info.RoleId, model.RoleName: info.Roles[0], model.UserId: info.ID, model.DeptId: info.DeptId, model.PostId: info.PostId, model.OauthID: info.OauthId, model.Account: info.Account, model.UserName: info.Account, model.NickName: info.RealName, model.Exp: time.Now().Add(2 * time.Hour).Unix(), model.Nbf: time.Now().Unix(), }) return claims.SigningString() } func getRefreshToken(info model.UserInfo) string { claims := jwt.NewWithClaims(jwt.SigningMethodHS512, jwt.MapClaims{ model.Iss: "issuser", model.Aud: "audience", model.ClientId: "saber", model.TokenType: "refresh_token", model.UserId: info.ID, model.Exp: time.Now().Add(7 * 24 * time.Hour).Unix(), model.Nbf: time.Now().Unix(), }) token, _ := claims.SigningString() return token } func grant(token model.Token, ctx *gin.Context) (*model.UserInfo, *util.Errors) { info := &model.UserInfo{} key := ctx.GetHeader(model.CAPTCHA_HEADER_KEY) code := ctx.GetHeader(model.CAPTCHA_HEADER_CODE) // 获取验证码 redisCode := util.Redis.Get(model.CAPTCHA_KEY + key).String() // 判断验证码 if config.Instance().Server.CodeEnable && (code == "" || !strings.EqualFold(redisCode, code)) { return nil, util.NormalResponse(http.StatusBadRequest, model.CAPTCHA_NOT_CORRECT, nil) } if token.UserName != "" && token.Password != "" { // 获取租户信息 //Tenant tenant = tenantService.getByTenantId(tenantId); //if (TokenUtil.judgeTenant(tenant)) { // throw new ServiceException(TokenUtil.USER_HAS_NO_TENANT_PERMISSION); //} // 获取用户类型 // 根据不同用户类型调用对应的接口返回数据,用户可自行拓展 // info.User = userService.GetUser(token.tenantId, token.UserName, token.password) } return info, nil }