packages
/
light-apiengine-feature


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219
							package auth

import (
	"fmt"
	"git.qianqiusoft.com/qianqiusoft/light-apiengine/config"
	"git.qianqiusoft.com/qianqiusoft/light-apiengine/entitys"
	sysmodel "git.qianqiusoft.com/qianqiusoft/light-apiengine/models"
	sysutils "git.qianqiusoft.com/qianqiusoft/light-apiengine/utils"
	"github.com/xormplus/xorm"
	"net"
	"net/http"
	"strings"
)

type LightAuth struct {
}

var session, erpDb *xorm.Engine

func init() {
	var err error
	lightAuth := &LightAuth{}
	RegisterAuth("qianqiusoft.com", lightAuth)
	if session == nil {
		session, err = xorm.NewEngine("mysql", config.AppConfig.GetKey("logger_data_source"))
		if err != nil {
			fmt.Println(err)
			return
		}
	}

	if erpDb == nil {
		erpDb, err = xorm.NewEngine("mysql", config.AppConfig.GetKey("erp_data_source"))
		if err != nil {
			fmt.Println(err)
			return
		}
	}
}

func (la *LightAuth) Init() {

}

func (la *LightAuth) Login(c *entitys.CtrlContext) {
	var logininfo sysmodel.LoginInfo
	c.Ctx.BindJSON(&logininfo)
	//fmt.Println(logininfo)
	var user sysmodel.SysUser
	ret, err := c.PlatformDbEngine.SQL(sysmodel.SqlUserLogin, logininfo.Account).Get(&user)
	if ret && err == nil {
		// 输错密码5次，锁定账户10分钟不允许登录
		if !sysutils.GetGlobalLoginCheck().CheckErrNum(user.LoginId) {
			c.Ctx.JSON(200, sysmodel.SysReturn{400, "输错密码5次，锁定账户10分钟!", nil})
			return
		}

		md5Pwd := sysutils.HashPassword(logininfo.Password, "")
		//密码错误
		if !strings.EqualFold(user.Password, md5Pwd) {
			if !sysutils.GetGlobalLoginCheck().AddPwdErrNum(user.LoginId) {
				c.Ctx.JSON(200, sysmodel.SysReturn{400, "输错密码5次，锁定账户10分钟!", nil})
				return
			}
			c.Ctx.JSON(200, sysmodel.SysReturn{400, "password incorrect!", nil})
			return
		}
		//token := &entitys.Token{}
		//timestamp_str := strconv.FormatUint(timestamp, 10)
		//sec_tooken := sysutils.GenerateToken(logininfo.Account + timestamp_str)
		//if v := sysutils.GetGlobalTokenStore().Get(sec_tooken); v == nil {
		//	token.AccessToken = sec_tooken
		//	token.RefreshToken = sec_tooken
		//	token.LoginID = logininfo.Account
		//	token.UserId = user.Id
		//	token.Result = 200
		//	//token.Password = pwd
		//	token.ServerIp = ""
		//	token.Domain = user.Domain
		//	sysutils.GetGlobalTokenStore().Set(sec_tooken, token)
		//	//sysutils.GetGlobalTokenStore().Set(token.LoginID+user.Domain, token)
		//} else {
		//	token = v
		//}
		//// 查找Business对应的用户信息
		//var businessUser sysmodel.SysUser
		//_, err = c.App.GetBusinessDb(user.Domain).Table(new(sysmodel.SysUser)).ID(user.Id).Get(&businessUser)
		//if err != nil {
		//	c.Ctx.JSON(200, sysmodel.SysReturn{400, "business db con't found user!", nil})
		//	return
		//}
		//
		//data := sysmodel.LoginReturnInfo{}
		//data.Id = user.Id
		//data.LoginId = user.LoginId
		//data.Token = token.AccessToken
		//data.Type = user.Type
		//data.Domain = user.Domain
		//data.OrgId = businessUser.OrgId
		//data.Name = businessUser.Name
		//data.Mobile = businessUser.Mobile
		//data.Email = businessUser.Email
		//
		//// 查找用户对应角色
		//var roles []sysmodel.SysRole
		//c.App.GetBusinessDb(user.Domain).SQL("select sys_role.* from sys_user_role, sys_role where sys_user_role.role_id = sys_role.id and sys_role.del_flag = 0 and sys_user_role.user_id = ? order by sys_role.priority asc", user.Id).Find(&roles)
		//data.Roles = roles

		//erp插入的用户 判断用户状态是否禁用
		sql := fmt.Sprintf("select binding_id from school_account_binding where del_flag = 0 and user_id = ?")
		bindRes, err := c.App.GetBusinessDb(user.Domain).SQL(sql, user.Id).Query().List()
		if err != nil {
			c.Ctx.JSON(200, sysmodel.SysReturn{400, err.Error(), nil})
			return
		}
		if len(bindRes) >= 1 {
			erpUserId, ok := bindRes[0]["binding_id"]
			if ok {
				sql := fmt.Sprintf("select * from sys_user where del_flag = 0 and id = ?")
				erpRes, err := erpDb.NewSession().SQL(sql, erpUserId).Query().List()
				if err != nil {
					c.Ctx.JSON(200, sysmodel.SysReturn{400, err.Error(), nil})
					return
				}
				if len(erpRes) <= 0 {
					c.Ctx.JSON(200, sysmodel.SysReturn{400, "ERP账号不存在", nil})
					return
				}
				stauts, _ := erpRes[0]["status"]
				if stauts == "0" {
					c.Ctx.JSON(200, sysmodel.SysReturn{400, "ERP账号已经禁用", nil})
					return
				}
			}
		}

		data, err := AddToGlobalTokenStore(c, &user)
		if err != nil {
			c.Ctx.JSON(200, sysmodel.SysReturn{400, err.Error(), nil})
			return
		}
		//登录日志
		if session != nil {
			ip := RemoteIp(c.Ctx.Request)
			sql := "insert into log_sys_login (user_id,account,ip_addr,login_time,del_flag,login_type,user_name,resource_type) values (?, ?,?,?,?,?,?,?)"
			_, err = session.Exec(sql, user.Id, user.LoginId, ip, sysmodel.NowLocal().Value(), 0, 0, user.Name, "E-school账号")
			if err != nil {
				c.Ctx.JSON(200, sysmodel.SysReturn{400, err.Error(), nil})
				return
			}

		}
		//
		c.Ctx.JSON(200, sysmodel.SysReturn{200, "", data})
	} else {
		//fmt.Println(err.Error())
		c.Ctx.JSON(200, sysmodel.SysReturn{400, "username or password incorrect!", nil})
	}
}

func (la *LightAuth) Logout(c *entitys.CtrlContext) {
	token := c.Ctx.GetHeader("token")
	//登录日志
	tokenStore := sysutils.GetGlobalTokenStore()
	tokenInfo := tokenStore.Get(token)
	fmt.Println("delete token: ", token)
	sysutils.GetGlobalTokenStore().Remove(token)
	user := new(sysmodel.SysUser)
	if session != nil && tokenInfo != nil {
		_, err := c.PlatformDbEngine.Table(user.TableName()).Where("login_id = ?", tokenInfo.LoginID).Get(user)
		if err != nil {
			c.Ctx.JSON(200, sysmodel.SysReturn{400, err.Error(), 111})
			return
		}
		ip := RemoteIp(c.Ctx.Request)
		var resource_type string
		res, err := session.SQL("SELECT `resource_type` FROM `log_sys_login` WHERE (account = ?) ORDER BY id desc  LIMIT 1", tokenInfo.LoginID).Query().List()
		if err != nil {
			c.Ctx.JSON(200, sysmodel.SysReturn{400, err.Error(), 2222})
			return
		}
		if len(res) > 0 {
			resource_type, _ = res[0]["resource_type"].(string)
		}

		sql := "insert into log_sys_login (user_id,account,ip_addr,login_time,del_flag,login_type,user_name,resource_type) values (?, ?,?,?,?,?,?,?)"

		_, err = session.Exec(sql, user.Id, user.LoginId, ip, sysmodel.NowLocal().Value(), 0, 1, user.Name, resource_type)
		if err != nil {
			c.Ctx.JSON(200, sysmodel.SysReturn{400, err.Error(), nil})
			return
		}
	}
	//
	c.Ctx.JSON(200, sysmodel.SysReturn{200, "", nil})
}

const (
	XForwardedFor = "X-Forwarded-For"
	XRealIP       = "X-Real-IP"
)

// RemoteIp 返回远程客户端的 IP，如 192.168.1.1
func RemoteIp(req *http.Request) string {
	remoteAddr := req.RemoteAddr
	if ip := req.Header.Get(XRealIP); ip != "" {
		remoteAddr = ip
	} else if ip = req.Header.Get(XForwardedFor); ip != "" {
		remoteAddr = ip
	} else if ip = req.Header.Get("x-original-forwarded-for"); ip != "" {
		remoteAddr = ip
	} else {
		remoteAddr, _, _ = net.SplitHostPort(remoteAddr)
	}
	if remoteAddr == "::1" {
		remoteAddr = "127.0.0.1"
	}
	return remoteAddr
}