lc_veterans/app/user/controller/token.go

package controller

import (
	"github.com/gin-gonic/gin"
	"github.com/golang-jwt/jwt"
	"strconv"
	"time"

	"iot_manager_service/app/user/model"
	"iot_manager_service/config"
	"iot_manager_service/util"
	"net/http"
	"strings"
)

var Auth = new(auth)

type auth struct{}

func (c *auth) Token(ctx *gin.Context) {
	tenantId := ctx.Query("tenantId")
	userName := ctx.Query("username")
	password := ctx.Query("password")
	grantType := ctx.Query("grant_type")
	refreshToken := ctx.Query("refresh_token")

	checkLock()

	userType := ctx.GetHeader(model.USER_TYPE_HEADER_KEY)
	token := model.Token{
		TenantId:     tenantId,
		UserName:     userName,
		Password:     password,
		GrantType:    grantType,
		RefreshToken: refreshToken,
		UserType:     userType,
	}
	userInfo, err := grant(token, ctx)
	if err != nil {
		ctx.JSON(http.StatusOK, err)
		return
	}
	if userInfo == nil || userInfo.User == nil {
		ctx.JSON(http.StatusOK, util.NormalResponse(http.StatusBadRequest, model.USER_NOT_FOUND, nil))
		return
	}
	if len(userInfo.Roles) == 0 {
		ctx.JSON(http.StatusOK, util.NormalResponse(http.StatusBadRequest, model.USER_HAS_NO_ROLE, nil))
		return
	}

	jwtToken, e := getAccessToken(*userInfo)
	if e != nil {
		ctx.JSON(http.StatusOK, util.NormalResponse(http.StatusBadRequest, e.Error(), nil))
	}
	ctx.JSON(http.StatusOK, model.RspToken{
		TenantId:     userInfo.TenantId,
		UserId:       strconv.FormatInt(userInfo.ID, 64),
		DeptId:       userInfo.DeptId,
		PostId:       userInfo.PostId,
		RoleId:       userInfo.RoleId,
		OauthId:      userInfo.OauthId,
		Account:      userInfo.Account,
		UserName:     userInfo.Name,
		NickName:     userInfo.RealName,
		RoleName:     userInfo.Roles[0],
		Avatar:       userInfo.Avatar,
		AccessToken:  jwtToken,
		RefreshToken: getRefreshToken(*userInfo),
		TokenType:    model.BEARER,
		ExpiresIn:    7200,
		License:      "",
	})
}

//checkLock 校验用户登录失败次数
func checkLock() {

}

func getAccessToken(info model.UserInfo) (string, error) {
	claims := jwt.NewWithClaims(jwt.SigningMethodHS512, jwt.MapClaims{
		model.Iss:       "issuser",
		model.Aud:       "audience",
		model.TokenType: "access_token",
		model.ClientId:  "saber",
		model.TenantId:  info.TenantId,
		model.RoleId:    info.RoleId,
		model.RoleName:  info.Roles[0],
		model.UserId:    info.ID,
		model.DeptId:    info.DeptId,
		model.PostId:    info.PostId,
		model.OauthID:   info.OauthId,
		model.Account:   info.Account,
		model.UserName:  info.Account,
		model.NickName:  info.RealName,
		model.Exp:       time.Now().Add(2 * time.Hour).Unix(),
		model.Nbf:       time.Now().Unix(),
	})
	return claims.SigningString()
}

func getRefreshToken(info model.UserInfo) string {
	claims := jwt.NewWithClaims(jwt.SigningMethodHS512, jwt.MapClaims{
		model.Iss:       "issuser",
		model.Aud:       "audience",
		model.ClientId:  "saber",
		model.TokenType: "refresh_token",
		model.UserId:    info.ID,
		model.Exp:       time.Now().Add(7 * 24 * time.Hour).Unix(),
		model.Nbf:       time.Now().Unix(),
	})
	token, _ := claims.SigningString()
	return token
}

func grant(token model.Token, ctx *gin.Context) (*model.UserInfo, *util.Errors) {
	info := &model.UserInfo{}
	key := ctx.GetHeader(model.CAPTCHA_HEADER_KEY)
	code := ctx.GetHeader(model.CAPTCHA_HEADER_CODE)
	// 获取验证码
	redisCode := util.Redis.Get(model.CAPTCHA_KEY + key).String()
	// 判断验证码
	if config.Instance().Server.CodeEnable && (code == "" || !strings.EqualFold(redisCode, code)) {
		return nil, util.NormalResponse(http.StatusBadRequest, model.CAPTCHA_NOT_CORRECT, nil)
	}

	if token.UserName != "" && token.Password != "" {
		// 获取租户信息
		//Tenant tenant = tenantService.getByTenantId(tenantId);
		//if (TokenUtil.judgeTenant(tenant)) {
		//    throw new ServiceException(TokenUtil.USER_HAS_NO_TENANT_PERMISSION);
		//}
		// 获取用户类型
		// 根据不同用户类型调用对应的接口返回数据，用户可自行拓展
		// info.User = userService.GetUser(token.tenantId, token.UserName, token.password)
	}
	return info, nil
}