MTP20_IF/token/token.go

package token

import (
	"errors"
	"fmt"
	"mtp2_if/config"
	"mtp2_if/global/e"
	"mtp2_if/rediscli"
	"net/http"
	"runtime"
	"strings"

	"github.com/gin-gonic/gin"
)

// TouristToken 游客Token
var TouristToken string = "c886a057f3d820d4dbc41473686c7c2d"

// CheckToken Token校验
func CheckToken(loginid string, token string, group string) error {
	key := ""
	if len(group) == 0 {
		key = fmt.Sprintf("monitor:online_loginid::%s", loginid)
	} else {
		key = fmt.Sprintf("monitor:online_loginid:%s:%s", loginid, group)
	}

	field := "Token"

	realToken, err := rediscli.GetRedisClient().HGet(key, field).Result()
	if err != nil {
		return err
	}

	if realToken != token {
		return errors.New("token is invalid")
	}

	return nil
}

// Auth Token校验中间件
func Auth() gin.HandlerFunc {
	return func(c *gin.Context) {
		// if config.SerCfg.GetDebugMode() {
		// 	c.Next()
		// 	return
		// }

		// windows下方便开发调试, 不做token校验
		if config.SerCfg.GetDebugMode() &&
			runtime.GOOS == "windows" {
			c.Next()
			return
		}

		var code int
		var data interface{}

		code = e.SUCCESS
		token := c.GetHeader("Authorization")
		if token == "" {
			// Token缺失
			code = e.ERROR_AUTH_CHECK_TOKEN_MISSING
		} else {
			// 获取loginid
			s := strings.Split(token, "_")
			loginid := s[0]
			// 支持分组功能
			group := ""
			if len(s) == 3 {
				group = s[2]
			}
			if err := CheckToken(loginid, token, group); err != nil {
				// Token错误
				code = e.ERROR_AUTH_CHECK_TOKEN_FAIL
			}
		}

		// Token检验失败
		if code != e.SUCCESS {
			c.JSON(http.StatusUnauthorized, gin.H{
				"code": code,
				"msg":  e.GetMsg(code),
				"data": data,
			})

			c.Abort()
			return
		}

		// FIXME: - 针对POST接口，应判断传入TOKEN对应的用户是否正确（比如判断UserID或AccountID是否对得上等），后期处理

		// Token检验成功
		c.Next()
	}
}

// AuthByHsby 游客鉴权
func AuthByHsby() gin.HandlerFunc {
	return func(c *gin.Context) {
		// 包含accountID、accountIDs、userID和userIDs等参数需要走正常鉴权
		accountID := c.Query("accountID")
		accountIDs := c.Query("accountIDs")
		userID := c.Query("userID")
		userIDs := c.Query("userIDs")
		loginID := c.Query("loginID")
		if len(accountID) != 0 || len(accountIDs) != 0 || len(userID) != 0 || len(userIDs) != 0 || len(loginID) != 0 {
			realToken(c)
			return
		}

		var code int
		var data interface{}

		code = e.SUCCESS
		token := c.GetHeader("Authorization")
		if token == "" {
			// Token缺失
			code = e.ERROR_AUTH_CHECK_TOKEN_MISSING
		} else {
			// Token带下划线的走正常鉴权
			if strings.Contains(token, "_") {
				realToken(c)
				return
			}

			if token != TouristToken {
				// Token错误
				code = e.ERROR_AUTH_CHECK_TOKEN_FAIL
			}
		}

		// Token检验失败
		if code != e.SUCCESS {
			c.JSON(http.StatusUnauthorized, gin.H{
				"code": code,
				"msg":  e.GetMsg(code),
				"data": data,
			})

			c.Abort()
			return
		}

		// Token检验成功
		c.Next()
	}
}

func realToken(c *gin.Context) {
	// if config.SerCfg.GetDebugMode() {
	// 	c.Next()
	// 	return
	// }

	var code int
	var data interface{}

	code = e.SUCCESS
	token := c.GetHeader("Authorization")
	if token == "" {
		// Token缺失
		code = e.ERROR_AUTH_CHECK_TOKEN_MISSING
	} else {
		// 获取loginid
		s := strings.Split(token, "_")
		loginid := s[0]
		// 支持分组功能
		group := ""
		if len(s) == 3 {
			group = s[2]
		}
		if err := CheckToken(loginid, token, group); err != nil {
			// Token错误
			code = e.ERROR_AUTH_CHECK_TOKEN_FAIL
		}
	}

	// Token检验失败
	if code != e.SUCCESS {
		c.JSON(http.StatusUnauthorized, gin.H{
			"code": code,
			"msg":  e.GetMsg(code),
			"data": data,
		})

		c.Abort()
		return
	}

	// FIXME: - 针对POST接口，应判断传入TOKEN对应的用户是否正确（比如判断UserID或AccountID是否对得上等），后期处理

	// Token检验成功
	c.Next()
	return
}