package auth import ( "fmt" "git.qianqiusoft.com/qianqiusoft/light-apiengine/config" "git.qianqiusoft.com/qianqiusoft/light-apiengine/entitys" sysmodel "git.qianqiusoft.com/qianqiusoft/light-apiengine/models" sysutils "git.qianqiusoft.com/qianqiusoft/light-apiengine/utils" "github.com/xormplus/xorm" "net" "net/http" "strings" ) type LightAuth struct { } var session, erpDb *xorm.Engine func init() { var err error lightAuth := &LightAuth{} RegisterAuth("qianqiusoft.com", lightAuth) if session == nil { session, err = xorm.NewEngine("mysql", config.AppConfig.GetKey("logger_data_source")) if err != nil { fmt.Println(err) return } } if erpDb == nil { erpDb, err = xorm.NewEngine("mysql", config.AppConfig.GetKey("erp_data_source")) if err != nil { fmt.Println(err) return } } } func (la *LightAuth) Init() { } func (la *LightAuth) Login(c *entitys.CtrlContext) { var logininfo sysmodel.LoginInfo c.Ctx.BindJSON(&logininfo) //fmt.Println(logininfo) var user sysmodel.SysUser ret, err := c.PlatformDbEngine.SQL(sysmodel.SqlUserLogin, logininfo.Account).Get(&user) if ret && err == nil { // 输错密码5次,锁定账户10分钟不允许登录 if !sysutils.GetGlobalLoginCheck().CheckErrNum(user.LoginId) { c.Ctx.JSON(200, sysmodel.SysReturn{400, "输错密码5次,锁定账户10分钟!", nil}) return } md5Pwd := sysutils.HashPassword(logininfo.Password, "") //密码错误 if !strings.EqualFold(user.Password, md5Pwd) { if !sysutils.GetGlobalLoginCheck().AddPwdErrNum(user.LoginId) { c.Ctx.JSON(200, sysmodel.SysReturn{400, "输错密码5次,锁定账户10分钟!", nil}) return } c.Ctx.JSON(200, sysmodel.SysReturn{400, "password incorrect!", nil}) return } //token := &entitys.Token{} //timestamp_str := strconv.FormatUint(timestamp, 10) //sec_tooken := sysutils.GenerateToken(logininfo.Account + timestamp_str) //if v := sysutils.GetGlobalTokenStore().Get(sec_tooken); v == nil { // token.AccessToken = sec_tooken // token.RefreshToken = sec_tooken // token.LoginID = logininfo.Account // token.UserId = user.Id // token.Result = 200 // //token.Password = pwd // token.ServerIp = "" // token.Domain = user.Domain // sysutils.GetGlobalTokenStore().Set(sec_tooken, token) // //sysutils.GetGlobalTokenStore().Set(token.LoginID+user.Domain, token) //} else { // token = v //} //// 查找Business对应的用户信息 //var businessUser sysmodel.SysUser //_, err = c.App.GetBusinessDb(user.Domain).Table(new(sysmodel.SysUser)).ID(user.Id).Get(&businessUser) //if err != nil { // c.Ctx.JSON(200, sysmodel.SysReturn{400, "business db con't found user!", nil}) // return //} // //data := sysmodel.LoginReturnInfo{} //data.Id = user.Id //data.LoginId = user.LoginId //data.Token = token.AccessToken //data.Type = user.Type //data.Domain = user.Domain //data.OrgId = businessUser.OrgId //data.Name = businessUser.Name //data.Mobile = businessUser.Mobile //data.Email = businessUser.Email // //// 查找用户对应角色 //var roles []sysmodel.SysRole //c.App.GetBusinessDb(user.Domain).SQL("select sys_role.* from sys_user_role, sys_role where sys_user_role.role_id = sys_role.id and sys_role.del_flag = 0 and sys_user_role.user_id = ? order by sys_role.priority asc", user.Id).Find(&roles) //data.Roles = roles //erp插入的用户 判断用户状态是否禁用 sql := fmt.Sprintf("select binding_id from school_account_binding where del_flag = 0 and user_id = ?") bindRes, err := c.App.GetBusinessDb(user.Domain).SQL(sql, user.Id).Query().List() if err != nil { c.Ctx.JSON(200, sysmodel.SysReturn{400, err.Error(), nil}) return } if len(bindRes) >= 1 { erpUserId, ok := bindRes[0]["binding_id"] if ok { sql := fmt.Sprintf("select * from sys_user where del_flag = 0 and id = ?") erpRes, err := erpDb.NewSession().SQL(sql, erpUserId).Query().List() if err != nil { c.Ctx.JSON(200, sysmodel.SysReturn{400, err.Error(), nil}) return } if len(erpRes) <= 0 { c.Ctx.JSON(200, sysmodel.SysReturn{400, "ERP账号不存在", nil}) return } stauts, _ := erpRes[0]["status"] if stauts.(int64) == 1 || stauts == "1" { c.Ctx.JSON(200, sysmodel.SysReturn{400, "ERP账号已经禁用", nil}) return } } } data, err := AddToGlobalTokenStore(c, &user) if err != nil { c.Ctx.JSON(200, sysmodel.SysReturn{400, err.Error(), nil}) return } //登录日志 if session != nil { ip := RemoteIp(c.Ctx.Request) sql := "insert into log_sys_login (user_id,account,ip_addr,login_time,del_flag,login_type,user_name,resource_type) values (?, ?,?,?,?,?,?,?)" _, err = session.Exec(sql, user.Id, user.LoginId, ip, sysmodel.NowLocal().Value(), 0, 0, user.Name, "E-school账号") if err != nil { c.Ctx.JSON(200, sysmodel.SysReturn{400, err.Error(), nil}) return } } // c.Ctx.JSON(200, sysmodel.SysReturn{200, "", data}) } else { //fmt.Println(err.Error()) c.Ctx.JSON(200, sysmodel.SysReturn{400, "username or password incorrect!", nil}) } } func (la *LightAuth) Logout(c *entitys.CtrlContext) { token := c.Ctx.GetHeader("token") //登录日志 tokenStore := sysutils.GetGlobalTokenStore() tokenInfo := tokenStore.Get(token) fmt.Println("delete token: ", token) sysutils.GetGlobalTokenStore().Remove(token) user := new(sysmodel.SysUser) if session != nil && tokenInfo != nil { _, err := c.PlatformDbEngine.Table(user.TableName()).Where("login_id = ?", tokenInfo.LoginID).Get(user) if err != nil { c.Ctx.JSON(200, sysmodel.SysReturn{400, err.Error(), 111}) return } ip := RemoteIp(c.Ctx.Request) var resource_type string res, err := session.SQL("SELECT `resource_type` FROM `log_sys_login` WHERE (account = ?) ORDER BY id desc LIMIT 1", tokenInfo.LoginID).Query().List() if err != nil { c.Ctx.JSON(200, sysmodel.SysReturn{400, err.Error(), 2222}) return } if len(res) > 0 { resource_type, _ = res[0]["resource_type"].(string) } sql := "insert into log_sys_login (user_id,account,ip_addr,login_time,del_flag,login_type,user_name,resource_type) values (?, ?,?,?,?,?,?,?)" _, err = session.Exec(sql, user.Id, user.LoginId, ip, sysmodel.NowLocal().Value(), 0, 1, user.Name, resource_type) if err != nil { c.Ctx.JSON(200, sysmodel.SysReturn{400, err.Error(), nil}) return } } // c.Ctx.JSON(200, sysmodel.SysReturn{200, "", nil}) } const ( XForwardedFor = "X-Forwarded-For" XRealIP = "X-Real-IP" ) // RemoteIp 返回远程客户端的 IP,如 192.168.1.1 func RemoteIp(req *http.Request) string { remoteAddr := req.RemoteAddr if ip := req.Header.Get(XRealIP); ip != "" { remoteAddr = ip } else if ip = req.Header.Get(XForwardedFor); ip != "" { remoteAddr = ip } else if ip = req.Header.Get("x-original-forwarded-for"); ip != "" { remoteAddr = ip } else { remoteAddr, _, _ = net.SplitHostPort(remoteAddr) } if remoteAddr == "::1" { remoteAddr = "127.0.0.1" } return remoteAddr }