package token import ( "errors" "fmt" "mtp2_if/config" "mtp2_if/global/e" "mtp2_if/rediscli" "net/http" "runtime" "strings" "github.com/gin-gonic/gin" ) // TouristToken 游客Token var TouristToken string = "c886a057f3d820d4dbc41473686c7c2d" // CheckToken Token校验 func CheckToken(loginid string, token string, group string) (string, error) { key := "" if len(group) == 0 { key = fmt.Sprintf("monitor:online_loginid::%s", loginid) } else { key = fmt.Sprintf("monitor:online_loginid:%s:%s", loginid, group) } field := "Token" realToken, err := rediscli.GetRedisClient().HGet(key, field).Result() if err != nil { return "", err } if realToken != token { return "", errors.New("token is invalid") } // 获取UserID userID, err := rediscli.GetRedisClient().HGet(key, "UserID").Result() return userID, err } // CheckNewToken 新接入服务Token校验 func CheckNewToken(loginid string, token string, group string) error { key := fmt.Sprintf("m2a:login:%s:%s", loginid, group) field := "token" realToken, err := rediscli.GetRedisClient().HGet(key, field).Result() if err != nil { return err } if realToken != token { return errors.New("token is invalid") } return nil } // Auth Token校验中间件 func Auth() gin.HandlerFunc { return func(c *gin.Context) { // if config.SerCfg.GetDebugMode() { // c.Next() // return // } // windows下方便开发调试, 不做token校验 if config.SerCfg.GetDebugMode() && runtime.GOOS == "windows" { c.Next() return } var code int var data interface{} userID := "" code = e.SUCCESS token := c.GetHeader("Authorization") if token == "" { // Token缺失 code = e.ERROR_AUTH_CHECK_TOKEN_FAIL } else { // 判断是否新接入Token newLoginID := c.GetHeader("LoginID") if newLoginID == "" { // 旧版Token // 获取loginid s := strings.Split(token, "_") loginid := s[0] // 支持分组功能 group := "" if len(s) == 3 { group = s[2] } var err error userID, err = CheckToken(loginid, token, group) if err != nil { // Token错误 code = e.ERROR_AUTH_CHECK_TOKEN_FAIL } } else { // 新版Token group := c.GetHeader("Group") if err := CheckNewToken(newLoginID, token, group); err != nil { // Token错误 code = e.ERROR_AUTH_CHECK_TOKEN_FAIL } } } // Token检验失败 if code != e.SUCCESS { c.JSON(http.StatusUnauthorized, gin.H{ "code": code, "msg": e.GetMsg(code), "data": data, }) c.Abort() return } // FIXME: - 针对POST接口,应判断传入TOKEN对应的用户是否正确(比如判断UserID或AccountID是否对得上等),后期处理 if c.Request.Method == "POST" { c.Set("requserid", userID) } // Token检验成功 c.Next() } } // AuthByHsby 游客鉴权 func AuthByHsby() gin.HandlerFunc { return func(c *gin.Context) { // 包含accountID、accountIDs、userID和userIDs等参数需要走正常鉴权 accountID := c.Query("accountID") accountIDs := c.Query("accountIDs") userID := c.Query("userID") userIDs := c.Query("userIDs") loginID := c.Query("loginID") if len(accountID) != 0 || len(accountIDs) != 0 || len(userID) != 0 || len(userIDs) != 0 || len(loginID) != 0 { realToken(c) return } var code int var data interface{} code = e.SUCCESS token := c.GetHeader("Authorization") if token == "" { // Token缺失 code = e.ERROR_AUTH_CHECK_TOKEN_FAIL } else { // Token带下划线的走正常鉴权 if strings.Contains(token, "_") { realToken(c) return } if token != TouristToken { // Token错误 code = e.ERROR_AUTH_CHECK_TOKEN_FAIL } } // Token检验失败 if code != e.SUCCESS { c.JSON(http.StatusUnauthorized, gin.H{ "code": code, "msg": e.GetMsg(code), "data": data, }) c.Abort() return } // Token检验成功 c.Next() } } func realToken(c *gin.Context) { // if config.SerCfg.GetDebugMode() { // c.Next() // return // } var code int var data interface{} code = e.SUCCESS token := c.GetHeader("Authorization") if token == "" { // Token缺失 code = e.ERROR_AUTH_CHECK_TOKEN_FAIL } else { // 获取loginid s := strings.Split(token, "_") loginid := s[0] // 支持分组功能 group := "" if len(s) == 3 { group = s[2] } if _, err := CheckToken(loginid, token, group); err != nil { // Token错误 code = e.ERROR_AUTH_CHECK_TOKEN_FAIL } } // Token检验失败 if code != e.SUCCESS { c.JSON(http.StatusUnauthorized, gin.H{ "code": code, "msg": e.GetMsg(code), "data": data, }) c.Abort() return } // FIXME: - 针对POST接口,应判断传入TOKEN对应的用户是否正确(比如判断UserID或AccountID是否对得上等),后期处理 // Token检验成功 c.Next() return }