Sākums Izpētīt Palīdzība
Reģistrēties Pierakstīties
zhangbj
/
sso
Vērot 1
Pievienot zvaigznīti 0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 0 Vikivietne Aktivitāte
sso
19 Revīzijas
2 Atzari
Koks: 0d6d83ffc5
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no '0d6d83ffc5'
${ noResults }
sso/controllers/login_controller.go

login_controller.go 11KB
Vēsture Neapstrādāts

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340 
  1. package controllers

  2. 

  3. import (

  4. 	"fmt"

  5. 	"net/url"

  6. 	"time"

  7. 

  8. 	"SSO/enums"

  9. 	"SSO/models"

  10. 	"SSO/service"

  11. 	"SSO/utils"

  12. 

  13. 	"github.com/astaxie/beego"

  14. )

  15. 

  16. type LoginController struct {

  17. 	BaseController

  18. }

  19. 

  20. // /login [get]

  21. // @param app_type:int

  22. // @param returnurl?:string

  23. // @param relogin?:bool 是否强制重新登录

  24. func (this *LoginController) PwdLogin() {

  25. 	token := this.Ctx.GetCookie("sso_token_cookie")

  26. 	returnURL := this.GetString("returnurl")

  27. 	appType, _ := this.GetInt("app_type")

  28. 	relogin, _ := this.GetBool("relogin", false)

  29. 	if relogin {

  30. 		token = ""

  31. 	}

  32. 

  33. 	if url := service.GetAppURLWithAppType(appType); len(url) == 0 {

  34. 		appType = 0

  35. 		returnURL = ""

  36. 	}

  37. 	utils.TraceLog("login token: %v", token)

  38. 

  39. 	if len(token) == 0 {

  40. 		this.Data["app_type"] = appType

  41. 		this.Data["return_url"] = returnURL

  42. 		this.TplName = "new_main/login.html"

  43. 	} else {

  44. 		if len(returnURL) == 0 {

  45. 			this.Data["app_type"] = appType

  46. 			this.Data["return_url"] = returnURL

  47. 			this.TplName = "new_main/login.html"

  48. 		} else {

  49. 			utils.TraceLog("跳过登录直接验证token")

  50. 			url := this.appendTokenParamToReturnURL(returnURL, token)

  51. 			this.Redirect(url, 302)

  52. 		}

  53. 	}

  54. }

  55. 

  56. // /login/code [get]

  57. // @param app_type:int

  58. // @param returnurl?:string

  59. func (this *LoginController) CodeLogin() {

  60. 	token := this.Ctx.GetCookie("sso_token_cookie")

  61. 	returnURL := this.GetString("returnurl")

  62. 	appType, _ := this.GetInt("app_type")

  63. 

  64. 	if url := service.GetAppURLWithAppType(appType); len(url) == 0 {

  65. 		appType = 0

  66. 		returnURL = ""

  67. 	}

  68. 	utils.TraceLog("login token: %v", token)

  69. 

  70. 	if len(token) != 0 && len(returnURL) != 0 {

  71. 		utils.TraceLog("跳过登录直接验证token")

  72. 		url := this.appendTokenParamToReturnURL(returnURL, token)

  73. 		this.Redirect(url, 302)

  74. 

  75. 	} else {

  76. 		redisClient := service.RedisClient()

  77. 		defer redisClient.Close()

  78. 		req := this.Ctx.Request

  79. 		addr := utils.GetIP(req)

  80. 		cur_time := time.Now().Format("2006-01-02")

  81. 		_, err := redisClient.Get("ip:host_" + cur_time + "_" + addr).Result()

  82. 		if err != nil {

  83. 			redisClient.Set("ip:host_"+cur_time+"_"+addr, 0, time.Second*24*60*60)

  84. 		}

  85. 

  86. 		//将客户端的ip加密传给前端,作为短信验证的密钥,来验证短信发送的IP地址

  87. 		aespass := utils.AESEncrypt(addr)

  88. 		this.Data["aespass"] = aespass

  89. 

  90. 		this.Data["app_type"] = appType

  91. 		this.Data["return_url"] = returnURL

  92. 		this.TplName = "new_main/login_by_code.html"

  93. 	}

  94. }

  95. 

  96. // /login/submit [post]

  97. // @param app_type:int

  98. // @param mobile:string

  99. // @param password:string

  100. // @param returnurl?:string

  101. // 登录成功时,返回下一步跳转的链接:data.url

  102. func (this *LoginController) PwdLoginSubmit() {

  103. 	appType, _ := this.GetInt("app_type")

  104. 

  105. 	utils.TraceLog("login app_type=%v", appType)

  106. 	if url := service.GetAppURLWithAppType(appType); len(url) == 0 {

  107. 		utils.TraceLog("login app_type not exist")

  108. 		appType = 0

  109. 	}

  110. 	mobile := this.GetString("mobile")

  111. 	password := this.GetString("password")

  112. 	if len(mobile) == 0 || len(password) == 0 {

  113. 		this.Data["json"] = enums.MakeFailResponseJSONWithSGJErrorCode(enums.ErrorCodeAccountOrPasswordWrong)

  114. 		this.ServeJSON()

  115. 		return

  116. 	}

  117. 	if service.IsPasswordRight(mobile, password) {

  118. 		token := utils.GenerateLoginToken(mobile)

  119. 		returnURL := this.GetString("returnurl")

  120. 		utils.TraceLog("login submit return url: %v", returnURL)

  121. 		url, err, admin := this.getRedirectURL(appType, mobile, returnURL, token)

  122. 		if err != nil {

  123. 			this.Data["json"] = enums.MakeFailResponseJSONWithSGJError(err)

  124. 			this.ServeJSON()

  125. 

  126. 		} else {

  127. 			if admin != nil {

  128. 				this.SetSession("admin_user", admin)

  129. 			}

  130. 

  131. 			// 保存登录令牌

  132. 			expiration, _ := beego.AppConfig.Int64("login_token_expiration_second")

  133. 			this.Ctx.SetCookie("sso_token_cookie", token, expiration, "/")

  134. 

  135. 			redisClient := service.RedisClient()

  136. 			defer redisClient.Close()

  137. 			share_session_id := this.Ctx.Input.CruSession.SessionID()

  138. 			utils.TraceLog("share_session_id: %v", share_session_id)

  139. 			this.Ctx.SetCookie("s", share_session_id, expiration, "/", beego.AppConfig.String("cookie_rootdomain"))

  140. 			redisClient.Set(fmt.Sprintf("sso_token_%v", share_session_id), token, time.Duration(expiration)*time.Second)

  141. 

  142. 			this.Data["json"] = enums.MakeSuccessResponseJSON(map[string]interface{}{

  143. 				"url": url,

  144. 			})

  145. 			this.ServeJSON()

  146. 		}

  147. 

  148. 	} else {

  149. 		this.Data["json"] = enums.MakeFailResponseJSONWithSGJErrorCode(enums.ErrorCodeAccountOrPasswordWrong)

  150. 		this.ServeJSON()

  151. 	}

  152. }

  153. 

  154. // /login/code/submit [post]

  155. // @param app_type:int

  156. // @param mobile:string

  157. // @param code:string

  158. // @param returnurl?:string

  159. // 登录成功时,返回下一步跳转的链接:data.url

  160. func (this *LoginController) CodeLoginSubmit() {

  161. 	appType, _ := this.GetInt("app_type")

  162. 	if url := service.GetAppURLWithAppType(appType); len(url) == 0 {

  163. 		appType = 0

  164. 	}

  165. 	mobile := this.GetString("mobile")

  166. 	code := this.GetString("code")

  167. 	if len(mobile) == 0 || len(code) == 0 {

  168. 		this.Data["json"] = enums.MakeFailResponseJSONWithSGJErrorCode(enums.ErrorCodeAccountOrVerCodeWrong)

  169. 		this.ServeJSON()

  170. 		return

  171. 	}

  172. 	if !service.IsMobileRegister(mobile) {

  173. 		this.Data["json"] = enums.MakeFailResponseJSONWithSGJErrorCode(enums.ErrorCodeAccountOrVerCodeWrong)

  174. 		this.ServeJSON()

  175. 		return

  176. 	}

  177. 	redisClient := service.RedisClient()

  178. 	defer redisClient.Close()

  179. 	cachedCode, err := redisClient.Get("code_msg_" + mobile).Result()

  180. 	if err != nil {

  181. 		this.Data["json"] = enums.MakeFailResponseJSONWithSGJErrorCode(enums.ErrorCodeAccountOrVerCodeWrong)

  182. 		this.ServeJSON()

  183. 		return

  184. 

  185. 	} else {

  186. 		if code != cachedCode {

  187. 			this.Data["json"] = enums.MakeFailResponseJSONWithSGJErrorCode(enums.ErrorCodeAccountOrVerCodeWrong)

  188. 			this.ServeJSON()

  189. 			return

  190. 		} else {

  191. 			token := utils.GenerateLoginToken(mobile)

  192. 			returnURL := this.GetString("returnurl")

  193. 			url, err, admin := this.getRedirectURL(appType, mobile, returnURL, token)

  194. 			if err != nil {

  195. 				this.Data["json"] = enums.MakeFailResponseJSONWithSGJError(err)

  196. 				this.ServeJSON()

  197. 

  198. 			} else {

  199. 				if admin != nil {

  200. 					this.SetSession("admin_user", admin)

  201. 				}

  202. 

  203. 				// 保存登录令牌

  204. 				expiration, _ := beego.AppConfig.Int64("login_token_expiration_second")

  205. 				this.Ctx.SetCookie("sso_token_cookie", token, expiration, "/")

  206. 

  207. 				share_session_id := this.Ctx.Input.CruSession.SessionID()

  208. 				utils.TraceLog("share_session_id: %v", share_session_id)

  209. 				this.Ctx.SetCookie("s", share_session_id, expiration, "/", beego.AppConfig.String("cookie_rootdomain"))

  210. 				redisClient.Set(fmt.Sprintf("sso_token_%v", share_session_id), token, time.Duration(expiration)*time.Second)

  211. 

  212. 				// 清除验证码

  213. 				redisClient.Del("code_msg_" + mobile)

  214. 

  215. 				this.Data["json"] = enums.MakeSuccessResponseJSON(map[string]interface{}{

  216. 					"url": url,

  217. 				})

  218. 				this.ServeJSON()

  219. 			}

  220. 		}

  221. 	}

  222. }

  223. 

  224. func (this *LoginController) appendTokenParamToReturnURL(returnURL string, token string) string {

  225. 	urlStr, _ := url.QueryUnescape(returnURL)

  226. 	u, _ := url.Parse(urlStr)

  227. 	query := u.Query()

  228. 	query.Del("token")

  229. 	query.Add("token", token)

  230. 	u.RawQuery = query.Encode()

  231. 	return u.String()

  232. }

  233. 

  234. func (this *LoginController) getRedirectURL(app_type int, mobile string, returnURL string, token string) (string, *enums.SGJError, *models.AdminUser) {

  235. 	utils.TraceLog("returnURL: %v", returnURL)

  236. 	admin := service.GetAdminUserWithMobile(mobile)

  237. 	if admin != nil {

  238. 		if admin.IsSuperAdmin { // 如果是超级管理员用户

  239. 			// 那么需要检查是否创建了机构和应用,如未创建,则前往创建

  240. 			// 如果都创建了,那么和普通管理员用户一样,需要经过其他判断得出下一步跳转的链接

  241. 			if didCreateOrg, findOrgErr := service.DidAdminUserCreateOrg(admin.Id); findOrgErr != nil {

  242. 				utils.ErrorLog("数据错误:查找mobile = %v的用户创建的机构时错误:%v", mobile, findOrgErr)

  243. 				return "", &enums.SGJError{Code: enums.ErrorCodeDataException}, nil

  244. 			} else {

  245. 				if didCreateOrg {

  246. 					if didCreateApp, findAppErr := service.DidAdminUserOrgCreateApp(admin.Id, app_type); findAppErr != nil {

  247. 						utils.ErrorLog("数据错误:查找mobile = %v的用户创建的应用时错误:%v", mobile, findOrgErr)

  248. 						return "", &enums.SGJError{Code: enums.ErrorCodeDataException}, nil

  249. 					} else {

  250. 						if !didCreateApp {

  251. 							url := this.appendTokenParamToReturnURL(beego.URLFor("OrgController.CreateApp"), token)

  252. 							return url, nil, admin

  253. 						}

  254. 					}

  255. 

  256. 				} else {

  257. 					url := this.appendTokenParamToReturnURL(beego.URLFor("OrgController.Create"), token) // 前往创建机构的 url

  258. 					return url, nil, admin

  259. 				}

  260. 			}

  261. 		}

  262. 		if len(returnURL) != 0 {

  263. 			url := this.appendTokenParamToReturnURL(returnURL, token)

  264. 			return url, nil, admin

  265. 		}

  266. 		utils.TraceLog("login redirect url: app_type=%v", app_type)

  267. 		// 普通管理员用户

  268. 		// 如果有登录记录,则前往最近登录记录中的应用

  269. 		lastLoginLog, getLastLoginLogErr := service.GetAdminUserLastLoginLog(admin.Id, app_type)

  270. 		if getLastLoginLogErr != nil {

  271. 			utils.ErrorLog("数据错误:查找mobile = %v的用户最近一次登录记录时错误:%v", mobile, getLastLoginLogErr)

  272. 		}

  273. 		if lastLoginLog != nil {

  274. 			utils.TraceLog("%+v", lastLoginLog)

  275. 			_, getAppRoleErr := service.GetAppRole(admin.Id, lastLoginLog.OrgId, lastLoginLog.AppId)

  276. 			if getAppRoleErr != nil {

  277. 				utils.ErrorLog("数据错误:查找mobile = %v的用户的应用角色时错误:%v", mobile, getAppRoleErr)

  278. 			} else {

  279. 				url := service.GetAppURLWithAppType(int(lastLoginLog.AppType))

  280. 				if len(url) > 0 {

  281. 					return this.appendTokenParamToReturnURL(url, token), nil, admin

  282. 				}

  283. 			}

  284. 		}

  285. 		// 如果没有登录记录,则要前往其有权访问的、最高优先级的应用

  286. 		appType, getAppTypeErr := service.GetAdminUserPrioritizedAppType(admin.Id)

  287. 		if getAppTypeErr != nil {

  288. 			utils.ErrorLog("数据错误:查找mobile = %v的用户有权访问的应用的类型时错误:%v", mobile, getAppTypeErr)

  289. 			return "", &enums.SGJError{Code: enums.ErrorCodeDataException}, nil

  290. 

  291. 		} else {

  292. 			if appType == 0 {

  293. 				utils.ErrorLog("数据错误:查找mobile = %v的用户有权访问的应用的类型时的结果错误:%v", mobile, "在超级管理员已创建应用,并且已分配角色的情况下,不可能存在查找不到相关应用")

  294. 				return "", &enums.SGJError{Code: enums.ErrorCodeDataException}, nil

  295. 			} else {

  296. 				url := this.appendTokenParamToReturnURL(service.GetAppURLWithAppType(int(appType)), token)

  297. 				return url, nil, admin

  298. 			}

  299. 		}

  300. 	} else {

  301. 		utils.ErrorLog("数据错误:查找不到mobile = %v的用户", mobile)

  302. 		return "", &enums.SGJError{Code: enums.ErrorCodeDataException}, nil

  303. 	}

  304. }

  305. 

  306. // /logout [get]

  307. func (this *LoginController) Logout() {

  308. 	// 有 session.AdminUser 的话,销毁掉

  309. 	adminUserObj := this.GetSession("admin_user")

  310. 	redisClient := service.RedisClient()

  311. 	defer redisClient.Close()

  312. 	// 销毁 token

  313. 	this.Ctx.SetCookie("sso_token_cookie", "")

  314. 	redisClient.Del(fmt.Sprintf("sso_token_%v", this.Ctx.GetCookie("s")))

  315. 	if adminUserObj == nil {

  316. 		this.Redirect302(beego.URLFor("LoginController.Index"))

  317. 		return

  318. 	}

  319. 	adminUser := adminUserObj.(*models.AdminUser)

  320. 	this.DelSession("admin_user")

  321. 	redisClient.Del("sso_admin_user_info_" + adminUser.Mobile)

  322. 

  323. 	loginLog := &models.AdminUserLoginLog{

  324. 		AdminUserId: adminUser.Id,

  325. 		OrgId:       0,

  326. 		AppId:       0,

  327. 		IP:          utils.GetIP(this.Ctx.Request),

  328. 		OperateType: 2,

  329. 		AppType:     0,

  330. 		CreateTime:  time.Now().Unix(),

  331. 	}

  332. 	if insertErr := service.InsertLoginLog(loginLog); insertErr != nil {

  333. 		utils.ErrorLog("为手机号为%v的用户插入一条登录记录失败:%v", adminUser.Mobile, insertErr)

  334. 	}

  335. 	// 通知其他子系统退出登录

  336. 

  337. 	// 跳转首页

  338. 	this.Redirect302(beego.URLFor("LoginController.Index"))

  339. }