增加调用接口合法性判断

config/config.go

@@ -13,6 +13,8 @@ var SerCfg *ServiceConfig
 type WebConfig struct {
 	ListenAddr string
 	DebugMode  bool
+	ApiKey     string
+	ApiKeyMode bool
 }
 
 type LogConfig struct {
@@ -126,6 +128,22 @@ func (c *ServiceConfig) Init(path string) error {
 			return errors.New("read debug mode is invalid:")
 		}
 		SerCfg.WebCfg.DebugMode = (ret == 1)
+
+		apiKey := setting.SelectElement("ApiKey")
+		if apiKey == nil {
+			return errors.New("read web listen ApiKey failed")
+		}
+		SerCfg.WebCfg.ApiKey = apiKey.SelectAttrValue("value", "GELSZqhh4mqzlDKW")
+
+		apiKeyMode := setting.SelectElement("ApiKeyMode")
+		if apiKeyMode == nil {
+			return errors.New("read ApiKeyMode failed")
+		}
+		ret, err = strconv.ParseUint(apiKeyMode.SelectAttrValue("value", "0"), 10, 32)
+		if err != nil {
+			return errors.New("read ApiKeyMode is invalid:")
+		}
+		SerCfg.WebCfg.ApiKeyMode = (ret == 1)
 	}
 
 	// 日志配置
@@ -490,6 +508,14 @@ func (c *ServiceConfig) GetDebugMode() bool {
 	return SerCfg.WebCfg.DebugMode
 }
 
+func (c *ServiceConfig) GetApiKey() string {
+	return SerCfg.WebCfg.ApiKey
+}
+
+func (c *ServiceConfig) GetApiKeyMode() bool {
+	return SerCfg.WebCfg.ApiKeyMode
+}
+
 func (c *ServiceConfig) GetLogSetting() (string, int) {
 	return SerCfg.LogCfg.LogPath, SerCfg.LogCfg.LogLevel
 }

config/config.j2

@@ -3,6 +3,8 @@
   <WebSetting>
     <ListenAddress value="0.0.0.0:{{go_queryservice_listen_port}}"/>
     <DebugMode value="{{go_debug_mode}}"/>
+    <ApiKey value="{{go_api_key}}"/>
+    <ApiKeyMode value="{{go_api_key_mode}}"/>
   </WebSetting>
   <LogSetting>
     <LogPath value="log"/>

config/config.xml

@@ -3,6 +3,8 @@
   <WebSetting>
     <ListenAddress value="0.0.0.0:8082"/>
     <DebugMode value="1"/>
+    <ApiKey value="dZChvstdjmqIt5fP"/>
+    <ApiKeyMode value="1"/>
   </WebSetting>
   <LogSetting>
     <LogPath value="./log"/>
@@ -47,18 +49,18 @@
     <SecretId value="AKIDPktwvneP2WqxvmWFsMclmfLLKDyrbAXp"/>
     <SecretKey value="GNH9tX8c6Wls02vhNzUvdLuGMYfeVErM"/>
     <EndPoint value="essbasic.tencentcloudapi.com"/>
-    <AppId value="yDCWqUUg63lbs0UENeS7LSsrPRep9bLP"/>
-    <ProxyOrganizationName value="海南丹农商业管理有限公司"/>
-    <ProxyOrganizationOpenId value="NHGJ"/>
-    <ProxyOperatorOpenId value="NHGJ_LEGAL"/>
-    <SignToken value="1DB4705B05654E978D0A3108CA64BA91"/>
-    <SignKey value="4B223CB5F60146248D0A54B9974DF66A"/>
+    <AppId value="yDCVHUUnhh968yUBGk3b6eQygvFYco8o"/>
+    <ProxyOrganizationName value="深圳市亿爵珠宝有限公司"/>
+    <ProxyOrganizationOpenId value="SBYJ"/>
+    <ProxyOperatorOpenId value="SBYJ_LEGAL"/>
+    <SignToken value="45CA9AC2778A4B7E8007E3EFC935296E"/>
+    <SignKey value="EB49C115EEDE44049F11495F6EA7526F"/>
   </Tencent>
   <Asign>
-    <Url value="https://oapi.asign.cn"/>
-    <AppId value="964764021"/>
-    <PrivateKey value="MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCS/rJCcUMRiWehBmmr1E2nAs6vB5YHb9BhmjxgyGZH2JcEIwtz7Qi46GL2iJlHVzPT0sB/Y5r7ssukCFP3PIIwdjO03i+QkuEHqNAzWmjbX7yr48pNFAxafA7bkctAMOd8bO3AAQrznRnFBn5rkv/FBPth1H393p0h+SNce9s6Sdntc//GFkQcT4qQLqi6H/prQ7tMO3HAEpRUORVWBAGpARg9cLmm6X1g6SE6YoGsr0pfhzn/clQ3xTDvnTTaipfl2bnHRnbUfC8j4zq1IYfD21oRxaY4bFWYdnquhsmv1U7jGR7G/WtCh76tNz4OlYl1DHWX498MvDmN/8++tWDjAgMBAAECggEAe3gEM1r/gtNvgAnq6LHDJ+1rvgkZM9Xvqovq+0BY6TA8aPUmwZDwKqDHv1ytowbUObBkkJwRqilcc8OrA5iHoj0m4V1fhohZDB34A6qFOP8Jczg6zNNyLO7XbAbiOmDZj+HPMd+uW0IySxRRS/qFa+/rVxktWviJ8+dYlG5UjngDvfVZbUHNdJWxk+cxU5YkaBKEfpJqs2sVIfFx0aQs0A+UmgAUwszmNAmtvu7y/kT0U9f1lbrze1Ndgg6S/JLjOmORFsbAgCm7NhAWG6yAMViyZ6R9dewqUwOJ214KDAeRREPp6mzvbPLbUg1imBEP5QU3YcEeCP01f3qpxukowQKBgQDJjHVxLRC/ynR3pXF/nYGY/aaNdLAKvWwQFLg/Xs1/Jes8GJ96/9A5VLq4h5pt5EhO0zsVy9S7D0FLSseswVKnRIfjahhiYLRiN9Of4Vgm81vQDduQyweFDh9yiorTerrrKcfFGuOwRKWZOdoxgjSUkRVq1c1G3jJGDmMniibSRwKBgQC6tS6EBQvwxs9mgbVvYISsN2AuPwN9mmpa9y99l5Iv+V+TjToXUJeH+j/i8pB8VrUZRS5MGE4zFCuIru9A1qIoctuMzQ2Ho/yAsTnsZd/LTVApPxLfZWMtLpFhzpoNmVwtuSUWCxZfnDZpb8Bcn3wKjVSgZaJe1z5Sm2cKV4POhQKBgE3TGL484ozMRjC1B6B5V0OWHivc9OUQw5tqBMMjfkIsiCrKbzp1cRfSKc97PRxV273kPppp/JjGiTXjiDqi46GHCtm7a/MA2GZcnDDOONXBfqBV2YSNgTfVfjsiV/zVFTwdA/COM4Eq4K7L8f7QAjGj3BtGt184CT2X7J2l8NudAoGADk6f9+HjHlo9vl8mJhjBUekUZ7bQb6mLiNj0PK2GuEJlvorN7sdwNS1KA/wOcli6m+sfNxmNtIBRLbIqB0/rMSpMBKgZ51D7omjyRVkxIwUTpXV93ryIMwgkf9gzGeOsmpxbaSsEVeNEkCPOG8rk2HIoD/p5zMa1seLSrIo0QXkCgYEAxme+IEcMPzQ/B9ZLdz5zj1W+p7FTK157CZrDlBrg2f+okf1dhItimB4uU7VPOPtH6aI21m7k0BSnuz1fGe8nf6oceMVowV7dXgjNcrPvWpYEY1Dp/w4YGeB7RpJBExUl6oOz6QOrezSBWEfCzy8TKBFFIDnahwken6aHyUTn3Rg="/>
+    <Url value="https://prev.asign.cn"/>
+    <AppId value="896210645"/>
+    <PrivateKey value="MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCqmByEbXbqqq+FYxD1+mJzqrVxG/7xNF3iZJV9q0PqOVwWPEtND8nNuB2FeAwHc5+W7dZwXheVaQqWXvV6lnWp3KaQ9S4CbeOX7zKKF0j42JMj4Adknid9X6OlULZeVoXcQsdQ2h9xpfJhwLka4aOX5p1eP6WocXMrkAVRXEA8aNAlTUHBWhrbiJpKdL4KIDs6hwh0QqLbnt8i7t02wq6qubGW0hYvdY3MQL2GfbNoIZUbYezp5eCyHm/8cFT/WTt1sGSg4hD8JbUn0GTMcrh4rrQLmcJbjStNUOyjqouASTK1A2QQxSS5p2Y7AC4yut3MIqyr7ByAX9/85HtHrdX3AgMBAAECggEAFWRBnzGCyeZhYB6OD+o30j1Dx001aNWiODNYs4t4VrSeoYMqBh3Gtm8x9HybNYwAJRLp4ulJl8i2NSjvK1IWqxgqIt87x74z3ed2tO46jknKGaOMCcfzN7t4b9BxLd83pekRyUewzbV7cVqTW5WTyAZ5EUp14Wtof7vtjsg8ndZp1C0LzJrsQ63LWJAWsfkiRwNwbjkIKTl12xwe3ctZD/PmxYVgWGog+32OiiiTuSf4O1ddp3y2kth66dSIO06VPCqgu8gLwG5epgHmy0Y1ugunpZINN2D7FCH7aaE+H+aQ4nltNIxpQV20grtQG546oDilfPCQLxeW1HUipq2wkQKBgQDyqo180/lJ4wSNFU/hNqLfs2629vU9MH9aSjG5nQpchkTgBxUhAE5RkKgQHLJHJTfPx7vkx2xkI3qddwsWzvt8lNs5NQNxh+LyXQEgy9FCfpopijy2epLpzd2WT+0Y9WK5oB7O32s2YW/6fm0ahu3EJnvBlp1M23FzuRfrV7gu5QKBgQCz98MyV0UAnP3x+Gq5/0siVGPInzYlfTfYcEI3qhlMfqPVkRqqHdGGsiQL70YJlTlZkLeh3r2UvoR956nV9lZgh37aWnaHw7FAYcA5z4FYEFdmpLK/8znaKn/fxypr9xkJtw5V1QgCeaSUCFbt0xp41LaAvwSDBfFqdOTzQMFHqwKBgEyZN4YypxsClPovwwI1K95vFkCc3baN63VFvEJ55r5kB7OrqKi9HvuyLMrBNCku/1oQEyhZJsbJSDgSTqbJeSrPFhANwuOAYEveva9rhsd1jRYVs6pqMJuqxwpeeloJgztS5saoUYBd62nnpGreMolbGG94KnkLP9mmkH1SOCpdAoGAbheD3ljKilx/cLVxvIRy1vZe8EyNGBPoxMuvhlPVFBloae5RLH3/PfHd4TsnUhdqNOM1op0axlJhxI+iMpR2NKjOrg6m8diBpwvlRrgsvM2KWe0ouAm3e0GCZkd1KQTI2UuVRmaCdtkpF7GeU/BPAlnFpy6zON+61k/Z+wDC++8CgYEA54xmJqIr19BpKkcHAxE2pzDrj6ssu2qObKLfsS27o4RevBnrhoY9kPwn8kUKpngoCTd7tM42y9fcpAdUDv+lENAcIF/kz4u+zkyRGR+SpirgAsCYzxZN3GfRNDHBaFEiTkyL6NFdPGV2GTPcd0b6JGf82Thb0JJCxB/J3hVnDIs="/>
     <NotifyUrl value="http://218.17.158.45:15105/api/Asign/HandleASignCompleted"/>
-    <OpenApiUrl value="http://192.168.31.134:5015/mtp2-onlineopen"/>
+    <OpenApiUrl value="http://192.168.31.202:5015/mtp2-onlineopen"/>
   </Asign>
 </Configuration>

config/readme.md

@@ -85,6 +85,23 @@ SignKey 腾讯电子签密回调通知密钥，用于解密，使用公司账号
 </Tencent>
 ```
 
+### 水贝亿爵正式环境
+
+```xml
+<Tencent>
+  <Enabled value="1"/>
+  <SecretId value="AKIDPktwvneP2WqxvmWFsMclmfLLKDyrbAXp"/>
+  <SecretKey value="GNH9tX8c6Wls02vhNzUvdLuGMYfeVErM"/>
+  <EndPoint value="essbasic.tencentcloudapi.com"/>
+  <AppId value="yDCVHUUnhh968yUBGk3b6eQygvFYco8o"/>
+  <ProxyOrganizationName value="深圳市亿爵珠宝有限公司"/>
+  <ProxyOrganizationOpenId value="SBYJ"/>
+  <ProxyOperatorOpenId value="SBYJ_LEGAL"/>
+  <SignToken value="45CA9AC2778A4B7E8007E3EFC935296E"/>
+  <SignKey value="EB49C115EEDE44049F11495F6EA7526F"/>
+</Tencent>
+```
+
 ---
 
 ## 爱签配置说明

middleware/key.go

@@ -0,0 +1,72 @@
+package middleware
+
+import (
+	"crypto/hmac"
+	"crypto/sha256"
+	"encoding/hex"
+	"fmt"
+	"mtp2_if/config"
+	"mtp2_if/global/e"
+	"net/http"
+	"runtime"
+
+	"github.com/gin-gonic/gin"
+)
+
+func CheckKey() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if !config.SerCfg.GetApiKeyMode() {
+			c.Next()
+			return
+		}
+
+		// windows下方便开发调试, 不做校验
+		if config.SerCfg.GetDebugMode() &&
+			runtime.GOOS == "windows" {
+			c.Next()
+			return
+		}
+
+		timestamp := c.GetHeader("Timestamp")
+		token := c.GetHeader("Authorization")
+		verification := c.GetHeader("Verification")
+		if timestamp == "" || token == "" || verification == "" {
+			c.JSON(http.StatusUnauthorized, gin.H{
+				"code": e.ERROR,
+				"msg":  "缺少检验参数",
+				"data": struct{}{},
+			})
+
+			c.Abort()
+			return
+		}
+
+		s := fmt.Sprintf("%s%s", token, timestamp)
+		hashed := hmac.New(sha256.New, []byte(config.SerCfg.WebCfg.ApiKey))
+		hashed.Write([]byte(s))
+		h := hex.EncodeToString(hashed.Sum(nil))
+		if h == "" {
+			c.JSON(http.StatusUnauthorized, gin.H{
+				"code": e.ERROR,
+				"msg":  "接口检验失败",
+				"data": struct{}{},
+			})
+
+			c.Abort()
+			return
+		}
+		if h != verification {
+			c.JSON(http.StatusUnauthorized, gin.H{
+				"code": e.ERROR,
+				"msg":  "非法调用接口",
+				"data": struct{}{},
+			})
+
+			c.Abort()
+			return
+		}
+
+		// 检验成功
+		c.Next()
+	}
+}

routers/router.go

@@ -39,6 +39,7 @@ import (
 	"mtp2_if/controllers/zhongrong"
 	"mtp2_if/controllers/zj"
 	"mtp2_if/logger"
+	"mtp2_if/middleware"
 	"mtp2_if/token"
 	"net/http"
 	"time"
@@ -76,7 +77,7 @@ func InitRouter() *gin.Engine {
 
 	// 主业务路由分组
 	apiR := r.Group("/api")
-	// apiR.Use(token.Auth())
+	// apiR.Use(token.Auth()).Use(middleware.CheckKey())
 
 	// ************************ 账户信息 ************************
 	userR := apiR.Group("User")
@@ -87,35 +88,35 @@ func InitRouter() *gin.Engine {
 		// 获取用户邀请码请求参数
 		userR.GET("/QueryUserReferNum", user.QueryUserReferNum)
 		// 获取用户信息请求参数
-		userR.Use(token.Auth()).GET("/QueryUserInfo", user.QueryUserInfo)
+		userR.Use(token.Auth()).Use(middleware.CheckKey()).GET("/QueryUserInfo", user.QueryUserInfo)
 		// 获取用户实名认证状态
-		userR.Use(token.Auth()).GET("/GetUserAuthStatus", user.GetUserAuthStatus)
+		userR.Use(token.Auth()).Use(middleware.CheckKey()).GET("/GetUserAuthStatus", user.GetUserAuthStatus)
 		// 获取用户商品收藏信息
-		userR.Use(token.Auth()).GET("/QueryUserFavoriteGoodses", user.QueryUserFavoriteGoodses)
+		userR.Use(token.Auth()).Use(middleware.CheckKey()).GET("/QueryUserFavoriteGoodses", user.QueryUserFavoriteGoodses)
 		// 添加用户商品收藏信息
-		userR.Use(token.Auth()).POST("/AddUserFavoriteGoods", user.AddUserFavoriteGoods)
+		userR.Use(token.Auth()).Use(middleware.CheckKey()).POST("/AddUserFavoriteGoods", user.AddUserFavoriteGoods)
 		// 移除用户商品收藏信息
-		userR.Use(token.Auth()).POST("/RemoveUserFavoriteGoods", user.RemoveUserFavoriteGoods)
+		userR.Use(token.Auth()).Use(middleware.CheckKey()).POST("/RemoveUserFavoriteGoods", user.RemoveUserFavoriteGoods)
 		// 获取用户留言板信息
-		userR.Use(token.Auth()).GET("/QueryMessageBoard", user.QueryMessageBoard)
+		userR.Use(token.Auth()).Use(middleware.CheckKey()).GET("/QueryMessageBoard", user.QueryMessageBoard)
 		// 添加用户留言板信息
-		userR.Use(token.Auth()).POST("/AddMessageBoard", user.AddMessageBoard)
+		userR.Use(token.Auth()).Use(middleware.CheckKey()).POST("/AddMessageBoard", user.AddMessageBoard)
 		// 获取用户账号信息
-		userR.Use(token.Auth()).GET("/GetUserAccount", user.GetUserAccount)
+		userR.Use(token.Auth()).Use(middleware.CheckKey()).GET("/GetUserAccount", user.GetUserAccount)
 		// 更新用户状态
-		userR.Use(token.Auth()).POST("/UpdateUserAccountStatus", user.UpdateUserAccountStatus)
+		userR.Use(token.Auth()).Use(middleware.CheckKey()).POST("/UpdateUserAccountStatus", user.UpdateUserAccountStatus)
 		// 账户登录后信息查询
-		userR.Use(token.Auth()).GET("/LoginQuery", user.LoginQuery)
+		userR.Use(token.Auth()).Use(middleware.CheckKey()).GET("/LoginQuery", user.LoginQuery)
 
-		userR.Use(token.Auth()).POST("/UpdateUserHeadUrl", user.UpdateUserHeadUrl)
-		userR.Use(token.Auth()).POST("/UpdateUserInfoWechatAndEmail", user.UpdateUserInfoWechatAndEmail)
+		userR.Use(token.Auth()).Use(middleware.CheckKey()).POST("/UpdateUserHeadUrl", user.UpdateUserHeadUrl)
+		userR.Use(token.Auth()).Use(middleware.CheckKey()).POST("/UpdateUserInfoWechatAndEmail", user.UpdateUserInfoWechatAndEmail)
 
-		userR.Use(token.Auth()).GET("/QueryMdUserSwapProtocol", user.QueryMdUserSwapProtocol)
-		userR.Use(token.Auth()).GET("/GetTodayAccountConfigInfo", user.GetTodayAccountConfigInfo)
+		userR.Use(token.Auth()).Use(middleware.CheckKey()).GET("/QueryMdUserSwapProtocol", user.QueryMdUserSwapProtocol)
+		userR.Use(token.Auth()).Use(middleware.CheckKey()).GET("/GetTodayAccountConfigInfo", user.GetTodayAccountConfigInfo)
 	}
 	// ************************ 资金账户 ************************
 	taAccountR := apiR.Group("TaAccount")
-	taAccountR.Use(token.Auth())
+	taAccountR.Use(token.Auth()).Use(middleware.CheckKey())
 	{
 		// 获取资金账户信息
 		taAccountR.GET("/GetTaAccounts", taaccount.GetTaAccounts)
@@ -157,24 +158,24 @@ func InitRouter() *gin.Engine {
 		commonR.GET("/GetJ10News", common.GetJ10News)
 
 		// 通知公告系统消息查询
-		commonR.Use(token.Auth()).GET("/QueryNotice", common.QueryNotice)
+		commonR.Use(token.Auth()).Use(middleware.CheckKey()).GET("/QueryNotice", common.QueryNotice)
 		// 通知公告设置已读请求
-		commonR.Use(token.Auth()).POST("/NoticeReaded", common.NoticeReaded)
+		commonR.Use(token.Auth()).Use(middleware.CheckKey()).POST("/NoticeReaded", common.NoticeReaded)
 		// 获取交易端菜单
-		commonR.Use(token.Auth()).GET("/GetClientMenus", common.GetClientMenus)
+		commonR.Use(token.Auth()).Use(middleware.CheckKey()).GET("/GetClientMenus", common.GetClientMenus)
 		// 获取PCWeb交易端菜单（V6版本之后使用）
-		commonR.Use(token.Auth()).GET("/GetPCWebMenus", common.GetPCWebMenus)
+		commonR.Use(token.Auth()).Use(middleware.CheckKey()).GET("/GetPCWebMenus", common.GetPCWebMenus)
 
 		// 这四个接口不开放给一般操作人员使用
-		commonR.Use(token.Auth()).GET("/FindNewFuncmenu", common.FindNewFuncmenu)
-		commonR.Use(token.Auth()).POST("/InsertNewFuncmenu", common.InsertNewFuncmenu)
-		commonR.Use(token.Auth()).PUT("/UpdateNewFuncmenu", common.UpdateNewFuncmenu)
-		commonR.Use(token.Auth()).DELETE("/DeleteNewFuncmenu", common.DeleteNewFuncmenu)
+		commonR.Use(token.Auth()).Use(middleware.CheckKey()).GET("/FindNewFuncmenu", common.FindNewFuncmenu)
+		commonR.Use(token.Auth()).Use(middleware.CheckKey()).POST("/InsertNewFuncmenu", common.InsertNewFuncmenu)
+		commonR.Use(token.Auth()).Use(middleware.CheckKey()).PUT("/UpdateNewFuncmenu", common.UpdateNewFuncmenu)
+		commonR.Use(token.Auth()).Use(middleware.CheckKey()).DELETE("/DeleteNewFuncmenu", common.DeleteNewFuncmenu)
 
-		commonR.Use(token.Auth()).GET("/GetClientNewFuncmenu", common.GetClientNewFuncmenu)
+		commonR.Use(token.Auth()).Use(middleware.CheckKey()).GET("/GetClientNewFuncmenu", common.GetClientNewFuncmenu)
 
-		commonR.Use(token.Auth()).GET("/QueryRates", common.QueryRates)
-		commonR.Use(token.Auth()).GET("/QueryMemberGoodsLimitConfig", common.QueryMemberGoodsLimitConfig)
+		commonR.Use(token.Auth()).Use(middleware.CheckKey()).GET("/QueryRates", common.QueryRates)
+		commonR.Use(token.Auth()).Use(middleware.CheckKey()).GET("/QueryMemberGoodsLimitConfig", common.QueryMemberGoodsLimitConfig)
 	}
 	// ************************ 通用市场 ************************
 	marketR := apiR.Group("Market")
@@ -184,15 +185,15 @@ func InitRouter() *gin.Engine {
 		marketR.GET("/QueryMarketRun", market.QueryMarketRun)
 		marketR.GET("/GetMarketSections", market.GetMarketSections)
 		// 获取登录账号有权限的市场信息
-		marketR.Use(token.Auth()).GET("/QueryMarketsByLoginID", market.QueryMarketsByLoginID)
+		marketR.Use(token.Auth()).Use(middleware.CheckKey()).GET("/QueryMarketsByLoginID", market.QueryMarketsByLoginID)
 		// 获取登录账号有权限的商品信息
-		marketR.Use(token.Auth()).GET("/QueryGoodsesByLoginID", market.QueryGoodsesByLoginID)
+		marketR.Use(token.Auth()).Use(middleware.CheckKey()).GET("/QueryGoodsesByLoginID", market.QueryGoodsesByLoginID)
 		// 获取所有外部交易所信息
-		marketR.Use(token.Auth()).GET("/GetAllExExchanges", market.GetAllExExchanges)
+		marketR.Use(token.Auth()).Use(middleware.CheckKey()).GET("/GetAllExExchanges", market.GetAllExExchanges)
 	}
 	// ************************ 通用单据 ************************
 	orderR := apiR.Group("Order")
-	orderR.Use(token.Auth())
+	orderR.Use(token.Auth()).Use(middleware.CheckKey())
 	{
 		// 持仓汇总查询（合约市场）
 		orderR.GET("/QueryTradePosition", order.QueryTradePosition)
@@ -210,7 +211,7 @@ func InitRouter() *gin.Engine {
 	}
 	// ************************ 通用交易 ************************
 	tradeR := apiR.Group("Trade")
-	tradeR.Use(token.Auth())
+	tradeR.Use(token.Auth()).Use(middleware.CheckKey())
 	{
 		// 点选挂牌委托单据查询（保证金摘牌大厅）
 		tradeR.GET("/QueryRecieptOrder", trade.QueryRecieptOrder)
@@ -222,13 +223,13 @@ func InitRouter() *gin.Engine {
 	{
 		quoteR.Use().GET("/GetTouristQuoteDay", quote.GetTouristQuoteDay)
 		// 查询行情历史数据
-		quoteR.Use(token.Auth()).GET("/QueryHistoryDatas", quote.QueryHistoryDatas)
+		quoteR.Use(token.Auth()).Use(middleware.CheckKey()).GET("/QueryHistoryDatas", quote.QueryHistoryDatas)
 		// 查询行情Tik数据
-		quoteR.Use(token.Auth()).GET("/QueryHistoryTikDatas", quote.QueryHistoryTikDatas)
+		quoteR.Use(token.Auth()).Use(middleware.CheckKey()).GET("/QueryHistoryTikDatas", quote.QueryHistoryTikDatas)
 		// 查询分时图历史数据
-		quoteR.Use(token.Auth()).GET("/QueryTSData", quote.QueryTSData)
+		quoteR.Use(token.Auth()).Use(middleware.CheckKey()).GET("/QueryTSData", quote.QueryTSData)
 		// 获取商品盘面信息
-		quoteR.Use(token.Auth()).GET("/QueryQuoteDay", quote.QueryQuoteDay)
+		quoteR.Use(token.Auth()).Use(middleware.CheckKey()).GET("/QueryQuoteDay", quote.QueryQuoteDay)
 	}
 	// ************************ 检索服务 ************************
 	searchR := apiR.Group("Search")
@@ -239,13 +240,13 @@ func InitRouter() *gin.Engine {
 	}
 	// ************************ 仓单贸易 ************************
 	wrTradeR := apiR.Group("WRTrade")
-	wrTradeR.Use(token.Auth())
+	wrTradeR.Use(token.Auth()).Use(middleware.CheckKey())
 	{
 		wrTradeR.GET("/GetAllDeliveryGoods", wrtrade.GetAllDeliveryGoods)
 	}
 	// ************************ 产能预售 ************************
 	cpTradeR := apiR.Group("CPTrade")
-	cpTradeR.Use(token.Auth())
+	cpTradeR.Use(token.Auth()).Use(middleware.CheckKey())
 	{
 		// 查询产能预售申请表
 		cpTradeR.GET("/QueryPreasleApply", cptrade.QueryPreasleApply)
@@ -264,14 +265,14 @@ func InitRouter() *gin.Engine {
 	}
 	// ************************ 交割服务 ************************
 	deliveryR := apiR.Group("Delivery")
-	deliveryR.Use(token.Auth())
+	deliveryR.Use(token.Auth()).Use(middleware.CheckKey())
 	{
 		// 查询商品交割关系表
 		deliveryR.GET("/QueryDeliveryRelation", delivery.QueryDeliveryRelation)
 	}
 	// ************************ 风险管理 ************************
 	erms2R := apiR.Group("Erms2")
-	erms2R.Use(token.Auth())
+	erms2R.Use(token.Auth()).Use(middleware.CheckKey())
 	{
 		// 查询内部成交单信息
 		erms2R.GET("/QueryInnerTradeDetail", erms2.QueryInnerTradeDetail)
@@ -282,7 +283,7 @@ func InitRouter() *gin.Engine {
 	}
 	// ************************ 风险管理v3 ************************
 	erms3R := apiR.Group("Erms3")
-	erms3R.Use(token.Auth())
+	erms3R.Use(token.Auth()).Use(middleware.CheckKey())
 	{
 		// 新增现货合同申请
 		erms3R.POST("/AddSpotContractApply", erms3.AddSpotContractApply)
@@ -313,7 +314,7 @@ func InitRouter() *gin.Engine {
 	}
 	// ************************ 定制【尚志大宗】 ************************
 	szdzR := apiR.Group("SZDZ")
-	szdzR.Use(token.Auth())
+	szdzR.Use(token.Auth()).Use(middleware.CheckKey())
 	{
 		// 点选挂牌委托单据查询（摘牌大厅）
 		szdzR.GET("/QueryRecieptOrder", szdz.QueryRecieptOrder)
@@ -384,7 +385,7 @@ func InitRouter() *gin.Engine {
 
 	// ***************************** 企业风险管理(app)***************************
 	ermcpR := apiR.Group("Ermcp")
-	ermcpR.Use(token.Auth())
+	ermcpR.Use(token.Auth()).Use(middleware.CheckKey())
 	{
 		// 查询待点价、履约和全部合同
 		ermcpR.GET("/QueryUserInfo", ermcp.QueryUserInfo)
@@ -471,7 +472,7 @@ func InitRouter() *gin.Engine {
 
 	// ***************************** 企业风险管理v3(app)***************************
 	ermcp3R := apiR.Group("Ermcp3")
-	ermcp3R.Use(token.Auth())
+	ermcp3R.Use(token.Auth()).Use(middleware.CheckKey())
 	{
 		ermcp3R.GET("/QueryDeliveryGoods", ermcp3.QueryDeliveryGoods)
 		ermcp3R.GET("/QueryDeliveryGoodsDetail", ermcp3.QueryDeliveryGoodsDetail)
@@ -527,7 +528,7 @@ func InitRouter() *gin.Engine {
 
 	// ***************************** 企业风险管理v8 ***************************
 	ermcp8R := apiR.Group("Ermcp8")
-	ermcp8R.Use(token.Auth())
+	ermcp8R.Use(token.Auth()).Use(middleware.CheckKey())
 	{
 		ermcp8R.GET("/QueryErmcp2HedgedItem", ermcp8.QueryErmcp2HedgedItem)
 		ermcp8R.GET("/QueryERMCPJRLinkPos", ermcp8.QueryERMCPJRLinkPos)
@@ -554,36 +555,36 @@ func InitRouter() *gin.Engine {
 	qhjR.Use()
 	{
 		qhjR.GET("QuerySiteColumnDetail", qhj.QuerySiteColumnDetail)
-		qhjR.Use(token.Auth()).GET("QueryContract", qhj.QueryContract)
-		qhjR.Use(token.Auth()).GET("QueryContractLog", qhj.QueryContractLog)
-		qhjR.Use(token.Auth()).GET("QueryRStrategy", qhj.QueryRStrategy)
-		qhjR.Use(token.Auth()).GET("QueryRSTriggerLog", qhj.QueryRSTriggerLog)
-		qhjR.Use(token.Auth()).GET("QueryUserReceiveInfo", qhj.QueryUserReceiveInfo)
-		qhjR.Use(token.Auth()).GET("QueryUserCollectConfig", qhj.QueryUserCollectConfig)
-		qhjR.Use(token.Auth()).GET("QueryTradeGoodsPickup", qhj.QueryTradeGoodsPickup)
-		qhjR.Use(token.Auth()).GET("QueryBankAccountSign", qhj.QueryBankAccountSign)
-		qhjR.Use(token.Auth()).GET("QueryPickGoods", qhj.QueryPickGoods)
-		qhjR.Use(token.Auth()).GET("QueryPickArea", qhj.QueryPickArea)
-		qhjR.Use(token.Auth()).GET("QueryBankInfo", qhj.QueryBankInfo)
-		qhjR.Use(token.Auth()).GET("QueryReckonPriceLog", qhj.QueryReckonPriceLog)
-		qhjR.Use(token.Auth()).GET("QueryCustomerInfo", qhj.QueryCustomerInfo)
-		qhjR.Use(token.Auth()).GET("QueryCusBankSignBank", qhj.QueryCusBankSignBank)
-		qhjR.Use(token.Auth()).GET("QueryAccountInOutApply", qhj.QueryAccountInOutApply)
-		qhjR.Use(token.Auth()).GET("QueryPayOrder", qhj.QueryPayOrder)
-		qhjR.Use(token.Auth()).GET("QueryGoodsEx", qhj.QueryGoodsEx)
-		qhjR.Use(token.Auth()).GET("QueryParentAreaList", qhj.QueryParentAreaList)
-		qhjR.Use(token.Auth()).GET("QueryAreaFinanceConfig", qhj.QueryAreaFinanceConfig)
-		qhjR.Use(token.Auth()).GET("QueryMyTeam", qhj.QueryMyTeam)
-		qhjR.Use(token.Auth()).GET("QueryMyTeamOrder", qhj.QueryTeamOrder)
-		qhjR.Use(token.Auth()).GET("QueryBrokerRewardLog", qhj.QueryBrokerRewardLog)
-		qhjR.Use(token.Auth()).GET("QueryScoreLog", qhj.QueryScoreLog)
-		qhjR.Use(token.Auth()).GET("QueryBrokerApply", qhj.QueryBrokerApply)
-		qhjR.Use(token.Auth()).GET("QueryBrokerApplyEx", qhj.QueryBrokerApplyEx)
+		qhjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryContract", qhj.QueryContract)
+		qhjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryContractLog", qhj.QueryContractLog)
+		qhjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryRStrategy", qhj.QueryRStrategy)
+		qhjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryRSTriggerLog", qhj.QueryRSTriggerLog)
+		qhjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryUserReceiveInfo", qhj.QueryUserReceiveInfo)
+		qhjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryUserCollectConfig", qhj.QueryUserCollectConfig)
+		qhjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryTradeGoodsPickup", qhj.QueryTradeGoodsPickup)
+		qhjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryBankAccountSign", qhj.QueryBankAccountSign)
+		qhjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryPickGoods", qhj.QueryPickGoods)
+		qhjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryPickArea", qhj.QueryPickArea)
+		qhjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryBankInfo", qhj.QueryBankInfo)
+		qhjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryReckonPriceLog", qhj.QueryReckonPriceLog)
+		qhjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryCustomerInfo", qhj.QueryCustomerInfo)
+		qhjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryCusBankSignBank", qhj.QueryCusBankSignBank)
+		qhjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryAccountInOutApply", qhj.QueryAccountInOutApply)
+		qhjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryPayOrder", qhj.QueryPayOrder)
+		qhjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryGoodsEx", qhj.QueryGoodsEx)
+		qhjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryParentAreaList", qhj.QueryParentAreaList)
+		qhjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryAreaFinanceConfig", qhj.QueryAreaFinanceConfig)
+		qhjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryMyTeam", qhj.QueryMyTeam)
+		qhjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryMyTeamOrder", qhj.QueryTeamOrder)
+		qhjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryBrokerRewardLog", qhj.QueryBrokerRewardLog)
+		qhjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryScoreLog", qhj.QueryScoreLog)
+		qhjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryBrokerApply", qhj.QueryBrokerApply)
+		qhjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryBrokerApplyEx", qhj.QueryBrokerApplyEx)
 	}
 
 	// *************************千海金(PCWeb)*****************************
 	qhjPCWebR := apiR.Group("QhjMgr")
-	qhjPCWebR.Use(token.Auth())
+	qhjPCWebR.Use(token.Auth()).Use(middleware.CheckKey())
 	{
 		qhjPCWebR.GET("QuerySubArea", qhjPCWeb.QuerySubArea)
 		qhjPCWebR.GET("QueryCustomerInfo", qhjPCWeb.QueryCustomerInfo)
@@ -615,57 +616,57 @@ func InitRouter() *gin.Engine {
 	{
 		wrTrade2R.GET("QuerySiteColumnConfig", wrTrade2.QuerySiteColumnConfig)
 		wrTrade2R.GET("QuerySiteColumnDetail", wrTrade2.QuerySiteColumnDetail)
-		wrTrade2R.Use(token.Auth()).GET("QueryOrderQuote", wrTrade2.QueryOrderQuote)
-		wrTrade2R.Use(token.Auth()).GET("QueryOrderQuoteDetail", wrTrade2.QueryOrderQuoteDetail)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrPosition", wrTrade2.QueryWrPosition)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrOrderDetail", wrTrade2.QueryWrOrderDetail)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrTradeDetail", wrTrade2.QueryWrTradeDetail)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrSpecialMatchOrder", wrTrade2.QueryWrSpecialMatchOrder)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrGoodsInfo", wrTrade2.QueryWrGoodsInfo)
-		wrTrade2R.Use(token.Auth()).GET("QueryPerformancePlan", wrTrade2.QueryPerformancePlan)
-		wrTrade2R.Use(token.Auth()).GET("QueryHoldLB", wrTrade2.QueryHoldLB)
-		wrTrade2R.Use(token.Auth()).GET("QueryFilterItem", wrTrade2.QueryFilterItem)
-		wrTrade2R.Use(token.Auth()).GET("QueryFaProductDetail", wrTrade2.QueryFaProductDetail)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrFactorTypeInfo", wrTrade2.QueryWrFactorTypeInfo)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrFactorTypeInfoEx", wrTrade2.QueryWrFactorTypeInfoEx)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrMarketTradeConfig", wrTrade2.QueryWrMarketTradeConfig)
-		wrTrade2R.Use(token.Auth()).GET("QueryFtDeliveryGoods", wrTrade2.QueryFtDeliveryGoods)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrStandardFactoryItem", wrTrade2.QueryWrStandardFactoryItem)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrPerformancePlanStep", wrTrade2.QueryWrPerformancePlanStep)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrFinanceBuyApply", wrTrade2.QueryWrFinanceBuyApply)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrScfContract", wrTrade2.QueryWrScfContract)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrBuybackDetail", wrTrade2.QueryWrBuybackDetail)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrScfContractInterest", wrTrade2.QueryWrScfContractInterest)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrOutInApply", wrTrade2.QueryWrOutInApply)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrDeliveryDetail", wrTrade2.QueryWrDeliveryDetail)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrBsGoodsInfo", wrTrade2.QueryWrBsGoodsInfo)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrTradeOrderDetail", wrTrade2.QueryWrTradeOrderDetail)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrAverageTradePrice", wrTrade2.QueryWrAverageTradePrice)
-		wrTrade2R.Use(token.Auth()).GET("QueryOrderQuoteMyq", wrTrade2.QueryOrderQuoteMyq)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrDeliveryAvalidHoldLB", wrTrade2.QueryWrDeliveryAvalidHoldLB)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrUserFriend", wrTrade2.QueryWrUserFriend)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrFriendApply", wrTrade2.QueryWrFriendApply)
-		wrTrade2R.Use(token.Auth()).GET("QueryPermancePlanTmp", wrTrade2.QueryPermancePlanTmp)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrTradeBargainApply", wrTrade2.QueryWrTradeBargainApply)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrPerformanceStepType", wrTrade2.QueryWrPerformanceStepType)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrUserReceiptInfo", wrTrade2.QueryWrUserReceiptInfo)
-		wrTrade2R.Use(token.Auth()).GET("QueryDeliveryGoodsSection", wrTrade2.QueryDeliveryGoodsSection)
-		wrTrade2R.Use(token.Auth()).GET("QuerySpotGroupTradeSum", wrTrade2.QuerySpotGroupTradeSum)
-		wrTrade2R.Use(token.Auth()).GET("QuerySpotGroupTradeSumDetail", wrTrade2.QuerySpotGroupTradeSumDetail)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrPreSaleInfo", wrTrade2.QueryWrPreSaleInfo)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrReckonSpotGoodsTradeSum", wrTrade2.QueryWrReckonSpotGoodsTradeSum)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrSearchUser", wrTrade2.QueryWrSearchUser)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrDraftUserInfo", wrTrade2.QueryWrDraftUserInfo)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrBrandAndYears", wrTrade2.QueryWrBrandAndYears)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrClientAdSpaceConfig", wrTrade2.QueryWrClientAdSpaceConfig)
-		wrTrade2R.Use(token.Auth()).GET("QueryXhcpSellBackApply", wrTrade2.QueryXhcpSellBackApply)
-		wrTrade2R.Use(token.Auth()).POST("InsertXhcpSellBackApply", wrTrade2.InsertXhcpSellBackApply)
-		wrTrade2R.Use(token.Auth()).GET("QueryWrTradeQuote", wrTrade2.QueryWrTradeQuote)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryOrderQuote", wrTrade2.QueryOrderQuote)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryOrderQuoteDetail", wrTrade2.QueryOrderQuoteDetail)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrPosition", wrTrade2.QueryWrPosition)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrOrderDetail", wrTrade2.QueryWrOrderDetail)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrTradeDetail", wrTrade2.QueryWrTradeDetail)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrSpecialMatchOrder", wrTrade2.QueryWrSpecialMatchOrder)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrGoodsInfo", wrTrade2.QueryWrGoodsInfo)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryPerformancePlan", wrTrade2.QueryPerformancePlan)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryHoldLB", wrTrade2.QueryHoldLB)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryFilterItem", wrTrade2.QueryFilterItem)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryFaProductDetail", wrTrade2.QueryFaProductDetail)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrFactorTypeInfo", wrTrade2.QueryWrFactorTypeInfo)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrFactorTypeInfoEx", wrTrade2.QueryWrFactorTypeInfoEx)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrMarketTradeConfig", wrTrade2.QueryWrMarketTradeConfig)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryFtDeliveryGoods", wrTrade2.QueryFtDeliveryGoods)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrStandardFactoryItem", wrTrade2.QueryWrStandardFactoryItem)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrPerformancePlanStep", wrTrade2.QueryWrPerformancePlanStep)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrFinanceBuyApply", wrTrade2.QueryWrFinanceBuyApply)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrScfContract", wrTrade2.QueryWrScfContract)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrBuybackDetail", wrTrade2.QueryWrBuybackDetail)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrScfContractInterest", wrTrade2.QueryWrScfContractInterest)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrOutInApply", wrTrade2.QueryWrOutInApply)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrDeliveryDetail", wrTrade2.QueryWrDeliveryDetail)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrBsGoodsInfo", wrTrade2.QueryWrBsGoodsInfo)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrTradeOrderDetail", wrTrade2.QueryWrTradeOrderDetail)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrAverageTradePrice", wrTrade2.QueryWrAverageTradePrice)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryOrderQuoteMyq", wrTrade2.QueryOrderQuoteMyq)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrDeliveryAvalidHoldLB", wrTrade2.QueryWrDeliveryAvalidHoldLB)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrUserFriend", wrTrade2.QueryWrUserFriend)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrFriendApply", wrTrade2.QueryWrFriendApply)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryPermancePlanTmp", wrTrade2.QueryPermancePlanTmp)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrTradeBargainApply", wrTrade2.QueryWrTradeBargainApply)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrPerformanceStepType", wrTrade2.QueryWrPerformanceStepType)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrUserReceiptInfo", wrTrade2.QueryWrUserReceiptInfo)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryDeliveryGoodsSection", wrTrade2.QueryDeliveryGoodsSection)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QuerySpotGroupTradeSum", wrTrade2.QuerySpotGroupTradeSum)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QuerySpotGroupTradeSumDetail", wrTrade2.QuerySpotGroupTradeSumDetail)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrPreSaleInfo", wrTrade2.QueryWrPreSaleInfo)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrReckonSpotGoodsTradeSum", wrTrade2.QueryWrReckonSpotGoodsTradeSum)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrSearchUser", wrTrade2.QueryWrSearchUser)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrDraftUserInfo", wrTrade2.QueryWrDraftUserInfo)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrBrandAndYears", wrTrade2.QueryWrBrandAndYears)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrClientAdSpaceConfig", wrTrade2.QueryWrClientAdSpaceConfig)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryXhcpSellBackApply", wrTrade2.QueryXhcpSellBackApply)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).POST("InsertXhcpSellBackApply", wrTrade2.InsertXhcpSellBackApply)
+		wrTrade2R.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryWrTradeQuote", wrTrade2.QueryWrTradeQuote)
 	}
 
 	// **************************天津麦顿*************************
 	tjmdR := apiR.Group("Tjmd")
-	tjmdR.Use(token.Auth())
+	tjmdR.Use(token.Auth()).Use(middleware.CheckKey())
 	{
 		tjmdR.GET("QueryQuoteGoodsList", tjmd.QueryQuoteGoodsList)
 		tjmdR.GET("QueryTjmdTradeOrderDetail", tjmd.QueryTjmdTradeOrderDetail)
@@ -685,7 +686,7 @@ func InitRouter() *gin.Engine {
 
 	// **************************广钻*************************
 	guangzuanR := apiR.Group("Guangzuan")
-	guangzuanR.Use(token.Auth())
+	guangzuanR.Use(token.Auth()).Use(middleware.CheckKey())
 	{
 		guangzuanR.GET("QueryWarehouseInfo", guangzuan.QueryWarehouseInfo)
 		guangzuanR.GET("QueryMyWRPosition", guangzuan.QueryMyWRPosition)
@@ -739,58 +740,58 @@ func InitRouter() *gin.Engine {
 		ferroalloyR.Use().GET("QueryMyRegisterMoney", ferroalloy.QueryMyRegisterMoney)
 		ferroalloyR.Use().GET("QueryThjSpotQuoteConfig", ferroalloy.QueryThjSpotQuoteConfig)
 		ferroalloyR.Use().GET("QueryThjSpotQuote", ferroalloy.QueryThjSpotQuote)
-		ferroalloyR.Use(token.Auth()).GET("GetSpotGoodsPrice", ferroalloy.GetSpotGoodsPrice)
-		ferroalloyR.Use(token.Auth()).POST("Signin", ferroalloy.Signin)
-		ferroalloyR.Use(token.Auth()).GET("QueryMyRefer", ferroalloy.QueryMyRefer)
-		ferroalloyR.Use(token.Auth()).GET("QueryUserScoreLog", ferroalloy.QueryUserScoreLog)
-		ferroalloyR.Use(token.Auth()).GET("QueryTHJWrstandard", ferroalloy.QueryTHJWrstandard)
-		ferroalloyR.Use(token.Auth()).GET("QueryTHJListing", ferroalloy.QueryTHJListing)
-		ferroalloyR.Use(token.Auth()).GET("QueryTHJWrstandardDetail", ferroalloy.QueryTHJWrstandardDetail)
-		ferroalloyR.Use(token.Auth()).GET("QueryTHJPurchaseTradeDetail", ferroalloy.QueryTHJPurchaseTradeDetail)
-		ferroalloyR.Use(token.Auth()).GET("QueryTHJScoreConfig", ferroalloy.QueryTHJScoreConfig)
-		ferroalloyR.Use(token.Auth()).GET("QueryTHJProduct", ferroalloy.QueryTHJProduct)
-		ferroalloyR.Use(token.Auth()).GET("QueryTHJTradeData", ferroalloy.QueryTHJTradeData)
-		ferroalloyR.Use(token.Auth()).GET("QueryTHJGoodsDetail", ferroalloy.QueryTHJGoodsDetail)
-		ferroalloyR.Use(token.Auth()).GET("QueryTHJPurchaseTransfer", ferroalloy.QueryTHJPurchaseTransfer)
-		ferroalloyR.Use(token.Auth()).GET("QueryTHJPurchaseTransferDetail", ferroalloy.QueryTHJPurchaseTransferDetail)
-		ferroalloyR.Use(token.Auth()).GET("QueryTHJPurchaseTransferOrder", ferroalloy.QueryTHJPurchaseTransferOrder)
-		ferroalloyR.Use(token.Auth()).GET("QueryTHJPromotionIncome", ferroalloy.QueryTHJPromotionIncome)
-		ferroalloyR.Use(token.Auth()).GET("QueryTHJPromotionIncomeDetail", ferroalloy.QueryTHJPromotionIncomeDetail)
-		ferroalloyR.Use(token.Auth()).GET("QueryTHJPurchaseTransferOrderDetail", ferroalloy.QueryTHJPurchaseTransferOrderDetail)
-		ferroalloyR.Use(token.Auth()).GET("QueryUserLevelInfo", ferroalloy.QueryUserLevelInfo)
-		ferroalloyR.Use(token.Auth()).GET("QuerySpotgoodsPrice", ferroalloy.QuerySpotgoodsPrice)
-		ferroalloyR.Use(token.Auth()).GET("QueryInvestorLevelGroup", ferroalloy.QueryInvestorLevelGroup)
-		ferroalloyR.Use(token.Auth()).GET("QueryTHJFriends", ferroalloy.QueryTHJFriends)
-		ferroalloyR.Use(token.Auth()).GET("QueryTHJProfits", ferroalloy.QueryTHJProfits)
-		ferroalloyR.Use(token.Auth()).GET("QueryTHJinvesotrdeposit", ferroalloy.QueryTHJinvesotrdeposit)
-		ferroalloyR.Use(token.Auth()).GET("QueryMyDeposit", ferroalloy.QueryMyDeposit)
-		ferroalloyR.Use(token.Auth()).GET("QueryTHJInvesotrDepositLog", ferroalloy.QueryTHJInvesotrDepositLog)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).GET("GetSpotGoodsPrice", ferroalloy.GetSpotGoodsPrice)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).POST("Signin", ferroalloy.Signin)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryMyRefer", ferroalloy.QueryMyRefer)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryUserScoreLog", ferroalloy.QueryUserScoreLog)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryTHJWrstandard", ferroalloy.QueryTHJWrstandard)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryTHJListing", ferroalloy.QueryTHJListing)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryTHJWrstandardDetail", ferroalloy.QueryTHJWrstandardDetail)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryTHJPurchaseTradeDetail", ferroalloy.QueryTHJPurchaseTradeDetail)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryTHJScoreConfig", ferroalloy.QueryTHJScoreConfig)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryTHJProduct", ferroalloy.QueryTHJProduct)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryTHJTradeData", ferroalloy.QueryTHJTradeData)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryTHJGoodsDetail", ferroalloy.QueryTHJGoodsDetail)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryTHJPurchaseTransfer", ferroalloy.QueryTHJPurchaseTransfer)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryTHJPurchaseTransferDetail", ferroalloy.QueryTHJPurchaseTransferDetail)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryTHJPurchaseTransferOrder", ferroalloy.QueryTHJPurchaseTransferOrder)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryTHJPromotionIncome", ferroalloy.QueryTHJPromotionIncome)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryTHJPromotionIncomeDetail", ferroalloy.QueryTHJPromotionIncomeDetail)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryTHJPurchaseTransferOrderDetail", ferroalloy.QueryTHJPurchaseTransferOrderDetail)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryUserLevelInfo", ferroalloy.QueryUserLevelInfo)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QuerySpotgoodsPrice", ferroalloy.QuerySpotgoodsPrice)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryInvestorLevelGroup", ferroalloy.QueryInvestorLevelGroup)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryTHJFriends", ferroalloy.QueryTHJFriends)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryTHJProfits", ferroalloy.QueryTHJProfits)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryTHJinvesotrdeposit", ferroalloy.QueryTHJinvesotrdeposit)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryMyDeposit", ferroalloy.QueryMyDeposit)
+		ferroalloyR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryTHJInvesotrDepositLog", ferroalloy.QueryTHJInvesotrDepositLog)
 	}
 
 	// **************************华南石化*************************
 	// hnshR := apiR.Group("Hnsh")
 	// hnshR.Use()
 	// {
-	// 	hnshR.Use(token.Auth()).GET("QueryPresaleGoods", hnsh.QueryPresaleGoods)
+	// 	hnshR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryPresaleGoods", hnsh.QueryPresaleGoods)
 	// }
 
 	// ************************** 预售 *************************
 	presaleR := apiR.Group("Presale")
 	presaleR.Use()
 	{
-		presaleR.Use(token.Auth()).GET("QueryPresaleAuctions", presale.QueryPresaleAuctions)
-		presaleR.Use(token.Auth()).GET("QueryPresaleDefault", presale.QueryPresaleDefault)
+		presaleR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryPresaleAuctions", presale.QueryPresaleAuctions)
+		presaleR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryPresaleDefault", presale.QueryPresaleDefault)
 	}
 
 	mineR := apiR.Group("Mine")
 	mineR.Use()
 	{
-		mineR.Use(token.Auth()).GET("QueryMineCpTradePreSaleResults", mine.QueryMineCpTradePreSaleResults)
-		mineR.Use(token.Auth()).GET("QueryMineTradePositionExs", mine.QueryMineTradePositionExs)
-		mineR.Use(token.Auth()).GET("QueryMineTradeOrderDetails", mine.QueryMineTradeOrderDetails)
-		mineR.Use(token.Auth()).GET("QueryMineTradeOrders", mine.QueryMineTradeOrders)
-		mineR.Use(token.Auth()).GET("QueryMineTradeTradeDetails", mine.QueryMineTradeTradeDetails)
-		mineR.Use(token.Auth()).GET("QueryMineTradeGoodsDeliveryOfflines", mine.QueryMineTradeGoodsDeliveryOfflines)
+		mineR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryMineCpTradePreSaleResults", mine.QueryMineCpTradePreSaleResults)
+		mineR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryMineTradePositionExs", mine.QueryMineTradePositionExs)
+		mineR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryMineTradeOrderDetails", mine.QueryMineTradeOrderDetails)
+		mineR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryMineTradeOrders", mine.QueryMineTradeOrders)
+		mineR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryMineTradeTradeDetails", mine.QueryMineTradeTradeDetails)
+		mineR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryMineTradeGoodsDeliveryOfflines", mine.QueryMineTradeGoodsDeliveryOfflines)
 	}
 
 	// ************************* 水贝亿爵 *************************
@@ -798,24 +799,24 @@ func InitRouter() *gin.Engine {
 	sbyjR.Use()
 	{
 		sbyjR.Use().GET("GetTouristGoods", sbyj.GetTouristGoods)
-		sbyjR.Use(token.Auth()).GET("GetMyOrders", sbyj.GetMyOrders)
-		sbyjR.Use(token.Auth()).GET("QueryMyTradegoodsdeliveryoffline", sbyj.QueryMyTradegoodsdeliveryoffline)
-		sbyjR.Use(token.Auth()).GET("QueryMyDeliveryofflinedetail", sbyj.QueryMyDeliveryofflinedetail)
-		sbyjR.Use(token.Auth()).GET("QueryMyDeliveryofflineoperatelog", sbyj.QueryMyDeliveryofflineoperatelog)
-		sbyjR.Use(token.Auth()).GET("QueryTradeHolderDetailEx", sbyj.QueryTradeHolderDetailEx)
-		sbyjR.Use(token.Auth()).GET("QueryTradeCloseDetails", sbyj.QueryTradeCloseDetails)
+		sbyjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("GetMyOrders", sbyj.GetMyOrders)
+		sbyjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryMyTradegoodsdeliveryoffline", sbyj.QueryMyTradegoodsdeliveryoffline)
+		sbyjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryMyDeliveryofflinedetail", sbyj.QueryMyDeliveryofflinedetail)
+		sbyjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryMyDeliveryofflineoperatelog", sbyj.QueryMyDeliveryofflineoperatelog)
+		sbyjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryTradeHolderDetailEx", sbyj.QueryTradeHolderDetailEx)
+		sbyjR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryTradeCloseDetails", sbyj.QueryTradeCloseDetails)
 	}
 
 	bankR := apiR.Group("Bank")
 	bankR.Use()
 	{
-		bankR.Use(token.Auth()).GET("QueryBankCusBankExtendConfigs", bank.QueryBankCusBankExtendConfigs)
-		bankR.Use(token.Auth()).GET("QueryBankBranChnumInfo", bank.QueryBankBranChnumInfo)
+		bankR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryBankCusBankExtendConfigs", bank.QueryBankCusBankExtendConfigs)
+		bankR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryBankBranChnumInfo", bank.QueryBankBranChnumInfo)
 	}
 
 	// ************************* 报表 *************************
 	reportR := apiR.Group("Report")
-	reportR.Use(token.Auth())
+	reportR.Use(token.Auth()).Use(middleware.CheckKey())
 	{
 		reportR.GET("QueryReportReckonDayTaaccount", report.QueryReportReckonDayTaaccount)
 		reportR.GET("QueryReportBankAccountOutInLog", report.QueryReportBankAccountOutInLog)
@@ -826,7 +827,7 @@ func InitRouter() *gin.Engine {
 
 	// ************************* 中融 *************************
 	zhongrongR := apiR.Group("Zhongrong")
-	zhongrongR.Use(token.Auth())
+	zhongrongR.Use(token.Auth()).Use(middleware.CheckKey())
 	{
 		zhongrongR.GET("QueryInTradePositionTransfer", zhongrong.QueryInTradePositionTransfer)
 		zhongrongR.GET("QueryOutTradepositiontransfer", zhongrong.QueryOutTradepositiontransfer)
@@ -838,14 +839,14 @@ func InitRouter() *gin.Engine {
 	tencentR.Use()
 	{
 		tencentR.POST("QianNotice", tencent.QianNotice)
-		tencentR.Use(token.Auth()).GET("QueryUsereSignRecords", tencent.QueryUsereSignRecords)
-		tencentR.Use(token.Auth()).POST("CreateConsoleLoginUrl", tencent.CreateConsoleLoginUrl)
-		tencentR.Use(token.Auth()).POST("CreateFlowByTemplateDirectly", tencent.CreateFlowByTemplateDirectly)
-		tencentR.Use(token.Auth()).GET("GetFlowStatus", tencent.GetFlowStatus)
-		tencentR.Use(token.Auth()).POST("InitTencentESS", tencent.InitTencentESS)
-		tencentR.Use(token.Auth()).POST("InitMdUserSwapProtocol", tencent.InitMdUserSwapProtocol)
+		tencentR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryUsereSignRecords", tencent.QueryUsereSignRecords)
+		tencentR.Use(token.Auth()).Use(middleware.CheckKey()).POST("CreateConsoleLoginUrl", tencent.CreateConsoleLoginUrl)
+		tencentR.Use(token.Auth()).Use(middleware.CheckKey()).POST("CreateFlowByTemplateDirectly", tencent.CreateFlowByTemplateDirectly)
+		tencentR.Use(token.Auth()).Use(middleware.CheckKey()).GET("GetFlowStatus", tencent.GetFlowStatus)
+		tencentR.Use(token.Auth()).Use(middleware.CheckKey()).POST("InitTencentESS", tencent.InitTencentESS)
+		tencentR.Use(token.Auth()).Use(middleware.CheckKey()).POST("InitMdUserSwapProtocol", tencent.InitMdUserSwapProtocol)
 
-		tencentR.Use(token.Auth()).GET("GetTemplateInfo", tencent.GetTemplateInfo)
+		tencentR.Use(token.Auth()).Use(middleware.CheckKey()).GET("GetTemplateInfo", tencent.GetTemplateInfo)
 	}
 
 	// ************************* 爱签 *************************
@@ -868,11 +869,11 @@ func InitRouter() *gin.Engine {
 			asignR.Use().POST("TestAPI", asign.TestAPI)
 		}
 
-		asignR.Use(token.Auth()).POST("BankCard4", asign.BankCard4)
-		asignR.Use(token.Auth()).POST("CaptcaResend", asign.CaptcaResend)
-		asignR.Use(token.Auth()).POST("CaptchaVerify", asign.CaptchaVerify)
-		asignR.Use(token.Auth()).GET("QueryUsereSignRecords", asign.QueryUsereSignRecords)
-		asignR.Use(token.Auth()).POST("CreateContract", asign.CreateContract)
+		asignR.Use(token.Auth()).Use(middleware.CheckKey()).POST("BankCard4", asign.BankCard4)
+		asignR.Use(token.Auth()).Use(middleware.CheckKey()).POST("CaptcaResend", asign.CaptcaResend)
+		asignR.Use(token.Auth()).Use(middleware.CheckKey()).POST("CaptchaVerify", asign.CaptchaVerify)
+		asignR.Use(token.Auth()).Use(middleware.CheckKey()).GET("QueryUsereSignRecords", asign.QueryUsereSignRecords)
+		asignR.Use(token.Auth()).Use(middleware.CheckKey()).POST("CreateContract", asign.CreateContract)
 	}
 
 	return r

token/token.go

@@ -42,24 +42,6 @@ func CheckToken(loginid string, token string, group string) (string, error) {
 	return userID, err
 }
 
-// CheckNewToken 新接入服务Token校验
-func CheckNewToken(loginid string, token string, group string) error {
-	key := fmt.Sprintf("m2a:login:%s:%s", loginid, group)
-
-	field := "token"
-
-	realToken, err := rediscli.GetRedisClient().HGet(key, field).Result()
-	if err != nil {
-		return err
-	}
-
-	if realToken != token {
-		return errors.New("token is invalid")
-	}
-
-	return nil
-}
-
 // Auth Token校验中间件
 func Auth() gin.HandlerFunc {
 	return func(c *gin.Context) {
@@ -85,31 +67,19 @@ func Auth() gin.HandlerFunc {
 			// Token缺失
 			code = e.ERROR_AUTH_CHECK_TOKEN_FAIL
 		} else {
-			// 判断是否新接入Token
-			newLoginID := c.GetHeader("LoginID")
-			if newLoginID == "" {
-				// 旧版Token
-				// 获取loginid
-				s := strings.Split(token, "_")
-				loginid := s[0]
-				// 支持分组功能
-				group := ""
-				if len(s) == 3 {
-					group = s[2]
-				}
-				var err error
-				userID, err = CheckToken(loginid, token, group)
-				if err != nil {
-					// Token错误
-					code = e.ERROR_AUTH_CHECK_TOKEN_FAIL
-				}
-			} else {
-				// 新版Token
-				group := c.GetHeader("Group")
-				if err := CheckNewToken(newLoginID, token, group); err != nil {
-					// Token错误
-					code = e.ERROR_AUTH_CHECK_TOKEN_FAIL
-				}
+			// 获取loginid
+			s := strings.Split(token, "_")
+			loginid := s[0]
+			// 支持分组功能
+			group := ""
+			if len(s) == 3 {
+				group = s[2]
+			}
+			var err error
+			userID, err = CheckToken(loginid, token, group)
+			if err != nil {
+				// Token错误
+				code = e.ERROR_AUTH_CHECK_TOKEN_FAIL
 			}
 		}