Inicio Explorar Ayuda
Registro Iniciar sesión
zhangbj
/
sso
Seguir 1
Destacar 0
Fork 0
Código Incidencias 0 Peticiones pull 0 Lanzamientos 0 Wiki Activity
sso
32 Commits
2 Ramas
Árbol: 385774dc49
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde '385774dc49'
${ noResults }
sso/controllers/verify_token_controller.go

verify_token_controller.go 15KB
Histórico Original

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453 
  1. package controllers

  2. 

  3. import (

  4. 	"encoding/json"

  5. 	"fmt"

  6. 	"strconv"

  7. 	"time"

  8. 

  9. 	"SSO/enums"

  10. 	"SSO/models"

  11. 	"SSO/service"

  12. 	"SSO/utils"

  13. )

  14. 

  15. type VerifyTokenController struct {

  16. 	BaseController

  17. }

  18. 

  19. func (this *VerifyTokenController) Prepare() {

  20. 	this.EnableXSRF = false

  21. }

  22. 

  23. // /verifytoken [post]

  24. // @param token:string

  25. // @param app_type:int

  26. // @param ip:string

  27. // @param session_id:string 客户端(浏览器)sessionID

  28. // return 说明:所有数值型的 key 和 value 都转换为了 string 类型

  29. func (this *VerifyTokenController) VerifyToken() {

  30. 	token := this.GetString("token")

  31. 	clientSessionId := this.GetString("session_id")

  32. 	app_type, _ := this.GetInt("app_type", 0)

  33. 	// if app_type != 1 && app_type != 3 && app_type != 5 {

  34. 	// 	this.Data["json"] = enums.MakeFailResponseJSONWithSGJErrorCode(enums.ErrorCodeParamWrong)

  35. 	// 	this.ServeJSON()

  36. 	// 	return

  37. 	// }

  38. 	if url := service.GetAppURLWithAppType(app_type); len(url) == 0 {

  39. 		this.Data["json"] = enums.MakeFailResponseJSONWithSGJErrorCode(enums.ErrorCodeParamWrong)

  40. 		this.ServeJSON()

  41. 		return

  42. 	}

  43. 	utils.TraceLog("clientSessionId: %v", clientSessionId)

  44. 	if len(clientSessionId) == 0 {

  45. 		this.Data["json"] = enums.MakeFailResponseJSONWithSGJErrorCode(enums.ErrorCodeParamWrong)

  46. 		this.ServeJSON()

  47. 		return

  48. 	}

  49. 

  50. 	if len(token) <= 24 {

  51. 		this.Data["json"] = enums.MakeFailResponseJSONWithSGJErrorCode(enums.ErrorCodeInvalidToken)

  52. 		this.ServeJSON()

  53. 		return

  54. 	}

  55. 	redisClient := service.RedisClient()

  56. 	defer redisClient.Close()

  57. 	mobile := token[24:]

  58. 	// locToken, _ := redisClient.Get(fmt.Sprintf("sso_token_%v", mobile)).Result()

  59. 	locToken, _ := redisClient.Get(fmt.Sprintf("sso_token_%v", clientSessionId)).Result()

  60. 	utils.TraceLog("request token: %v \t server cached token: %v", token, locToken)

  61. 	var isUserInfoFromRedis bool = false

  62. 	if token == locToken {

  63. 		infoStr, getCachedInfoErr := redisClient.Get("sso_admin_user_info_" + mobile).Result()

  64. 		if getCachedInfoErr != nil {

  65. 			utils.WarningLog("redis 获取管理员用户信息失败:%v", getCachedInfoErr)

  66. 			infoStr = ""

  67. 		}

  68. 		infoStr = ""

  69. 		var userInfo map[string]interface{}

  70. 		if len(infoStr) == 0 {

  71. 			utils.TraceLog("%v data is from operation", "sso_admin_user_info_"+mobile)

  72. 			isUserInfoFromRedis = false

  73. 			info, getInfoErr := this.GetAdminUserAllInfo(mobile)

  74. 			if getInfoErr != nil {

  75. 				this.Data["json"] = enums.MakeFailResponseJSONWithSGJError(getInfoErr)

  76. 				this.ServeJSON()

  77. 				return

  78. 			}

  79. 			userInfo = info

  80. 			infoStr_b, _ := json.Marshal(userInfo)

  81. 			redisClient.Set("sso_admin_user_info_"+mobile, string(infoStr_b), time.Duration(2)*time.Minute)

  82. 

  83. 		} else {

  84. 			utils.TraceLog("%v data is from redis cache", "sso_admin_user_info_"+mobile)

  85. 			isUserInfoFromRedis = true

  86. 			userInfo = make(map[string]interface{})

  87. 			json.Unmarshal([]byte(infoStr), &userInfo)

  88. 		}

  89. 

  90. 		var adminUser models.AdminUser

  91. 		json.Unmarshal([]byte(userInfo["admin_user"].(string)), &adminUser)

  92. 		// 如果有登录记录,取出最近登录记录中的机构和应用

  93. 		lastLoginLog, getLastLoginLogErr := service.GetAdminUserLastLoginLog(adminUser.Id, app_type)

  94. 		if getLastLoginLogErr != nil {

  95. 			utils.ErrorLog("数据错误:查找mobile = %v的用户最近一次登录记录时错误:%v", mobile, getLastLoginLogErr)

  96. 		}

  97. 		currentOrgId := 0

  98. 		currentAppId := 0

  99. 		if lastLoginLog != nil {

  100. 			currentOrgId = lastLoginLog.OrgId

  101. 			currentAppId = lastLoginLog.AppId

  102. 		} else {

  103. 			if isUserInfoFromRedis {

  104. 				orgIds := userInfo["org_ids"].([]interface{})

  105. 				for _, oid := range orgIds {

  106. 					orgApps := userInfo["org_apps"].(map[string]interface{})[oid.(string)]

  107. 					for _, appMapJSON := range orgApps.(map[string]interface{}) {

  108. 						var appMap map[string]interface{}

  109. 						json.Unmarshal([]byte(appMapJSON.(string)), &appMap)

  110. 

  111. 						a_t := int(appMap["app_type"].(float64))

  112. 						if a_t == app_type {

  113. 							currentOrgId = int(appMap["org_id"].(float64))

  114. 							currentAppId = int(appMap["id"].(float64))

  115. 							break

  116. 						}

  117. 					}

  118. 					if currentOrgId != 0 && currentAppId != 0 {

  119. 						break

  120. 					}

  121. 				}

  122. 

  123. 			} else {

  124. 				orgIds := userInfo["org_ids"].([]string)

  125. 				for _, oid := range orgIds {

  126. 					orgApps := userInfo["org_apps"].(map[string]interface{})[oid]

  127. 					for _, appMapJSON := range orgApps.(map[string]string) {

  128. 						var appMap map[string]interface{}

  129. 						json.Unmarshal([]byte(appMapJSON), &appMap)

  130. 

  131. 						a_t := int(appMap["app_type"].(float64))

  132. 						if a_t == app_type {

  133. 							currentOrgId = int(appMap["org_id"].(float64))

  134. 							currentAppId = int(appMap["id"].(float64))

  135. 							break

  136. 						}

  137. 					}

  138. 					if currentOrgId != 0 && currentAppId != 0 {

  139. 						break

  140. 					}

  141. 				}

  142. 			}

  143. 		}

  144. 		// for key, value := range userInfo {

  145. 		// 	if key == "purviews" || key == "purview_urlfors" {

  146. 		// 		continue

  147. 		// 	}

  148. 		// 	utils.TraceLog("%v: %v", key, value)

  149. 		// }

  150. 		utils.TraceLog("lastLoginLog : %v", lastLoginLog)

  151. 		utils.TraceLog("currentOrgId : %v", currentOrgId)

  152. 		utils.TraceLog("currentAppId : %v", currentAppId)

  153. 

  154. 		if currentOrgId == 0 || currentAppId == 0 {

  155. 			if adminUser.IsSuperAdmin == true {

  156. 				this.Data["json"] = enums.MakeFailResponseJSONWithSGJErrorCode(enums.ErrorCodeNeverCreateTypeApp)

  157. 				this.ServeJSON()

  158. 			} else {

  159. 				this.Data["json"] = enums.MakeFailResponseJSONWithSGJErrorCode(enums.ErrorCodeContactSuperAdminCreateTypeApp)

  160. 				this.ServeJSON()

  161. 			}

  162. 			return

  163. 		}

  164. 

  165. 		returnJSON := make(map[string]interface{})

  166. 		returnJSON["admin_user"] = userInfo["admin_user"]

  167. 		returnJSON["org_ids"] = userInfo["org_ids"]

  168. 		returnJSON["orgs"] = userInfo["orgs"]

  169. 		returnJSON["org_app_ids"] = userInfo["org_app_ids"]

  170. 		returnJSON["org_apps"] = userInfo["org_apps"]

  171. 		returnJSON["app_to_org_ids"] = userInfo["app_to_org_ids"]

  172. 		returnJSON["current_org_id"] = strconv.Itoa(currentOrgId)

  173. 		returnJSON["current_app_id"] = strconv.Itoa(currentAppId)

  174. 		returnJSON["purviews"] = userInfo["purviews"]

  175. 		returnJSON["purview_urlfors"] = userInfo["purview_urlfors"]

  176. 		returnJSON["app_roles"] = userInfo["app_roles"]

  177. 		returnJSON["org_subscibes"] = userInfo["org_subscibes"]

  178. 		this.Data["json"] = enums.MakeSuccessResponseJSON(returnJSON)

  179. 		this.ServeJSON()

  180. 

  181. 		// 插入一条登录记录

  182. 		ip := this.GetString("ip")

  183. 		loginLog := &models.AdminUserLoginLog{

  184. 			AdminUserId: adminUser.Id,

  185. 			OrgId:       currentOrgId,

  186. 			AppId:       currentAppId,

  187. 			IP:          ip,

  188. 			OperateType: 1,

  189. 			AppType:     int8(app_type),

  190. 			CreateTime:  time.Now().Unix(),

  191. 		}

  192. 		if insertErr := service.InsertLoginLog(loginLog); insertErr != nil {

  193. 			utils.ErrorLog("为手机号为%v的用户插入一条登录记录失败:%v", mobile, insertErr)

  194. 		}

  195. 

  196. 	} else {

  197. 		this.Data["json"] = enums.MakeFailResponseJSONWithSGJErrorCode(enums.ErrorCodeInvalidToken)

  198. 		this.ServeJSON()

  199. 	}

  200. }

  201. 

  202. // 验证 token 之后需要返回的管理员用户的所有信息,包括:基本用户信息,所属的所有机构,机构下的所有应用

  203. // map 的数据格式为

  204. /*

  205. "admin_user": { AdminUser's json },

  206. "org_ids": [1, 2, 3],

  207. "orgs": { (org_id: Org_Obj)

  208. 	1: { Org's json },

  209. 	2: { Org's json },

  210. },

  211. "org_app_ids": { (org_id: org_app_ids)

  212. 	1: [11, 12, 13],

  213. 	2: [21, 22, 23],

  214. },

  215. "org_apps": { (org_id: {app_id: OrgApp_Obj})

  216. 	1: {

  217. 		11: { OrgApp's json },

  218. 		12: { OrgApp's json },

  219. 	},

  220. 	2: {

  221. 		21: { OrgApp's json },

  222. 		22: { OrgApp's json },

  223. 	},

  224. },

  225. "app_to_org_ids": { (app_id: org_id)

  226. 	11: 1,

  227. 	12: 1,

  228. 	21: 2,

  229. 	22: 2,

  230. },

  231. "app_roles": { (app_id: App_Role Obj)

  232. 	11: {App_Role's json},

  233. 	12: {App_Role's json},

  234. 	21: {App_Role's json},

  235. },

  236. "purviews": { (app_id: [processed Purviews' json])

  237. 	11: [

  238. 		{Purview's json .childs[

  239. 			{Purview's json},

  240. 			{Purview's json},

  241. 		]},

  242. 		{Purview's json},

  243. 	],

  244. 	12: [

  245. 		{Purview's json},

  246. 		{Purview's json},

  247. 	],

  248. }

  249. "purview_urlfors": { (app_id: [url_for])

  250. 	11: [

  251. 		"Controller1.Action1",

  252. 		"Controller1.Action2",

  253. 		"Controller2.Action1",

  254. 		"Controller2.Action2",

  255. 	],

  256. }

  257. 应当注意的是,屈服于 Golang 令人恶心的类型机制,这里将所有数值型的 key 或 value 全部转成了 string

  258. */

  259. func (this *VerifyTokenController) GetAdminUserAllInfo(mobile string) (map[string]interface{}, *enums.SGJError) {

  260. 	adminUser := service.GetAdminUserWithMobile(mobile)

  261. 	if adminUser == nil {

  262. 		utils.ErrorLog("数据错误:查找不到mobile = %v的用户", mobile)

  263. 		return nil, &enums.SGJError{Code: enums.ErrorCodeDataException}

  264. 	}

  265. 	orgs, getOrgErr := service.GetAdminUserAllOrgWithUID(adminUser.Id, adminUser.IsSuperAdmin)

  266. 	if getOrgErr != nil {

  267. 		utils.ErrorLog("数据错误:查找不到mobile = %v的用户所属的机构:%v", mobile, getOrgErr)

  268. 		return nil, &enums.SGJError{Code: enums.ErrorCodeDataException}

  269. 	}

  270. 	if len(orgs) == 0 {

  271. 		utils.ErrorLog("数据错误:查找不到mobile = %v的用户所属的机构", mobile)

  272. 		return nil, &enums.SGJError{Code: enums.ErrorCodeDataException}

  273. 	}

  274. 	orgIds := make([]string, 0, len(orgs))

  275. 	orgJSONs := make(map[string]string)

  276. 	orgAppIds := make(map[string]interface{})

  277. 	orgApps := make(map[string]interface{})

  278. 	app_to_org_ids := make(map[string]string)

  279. 	app_purviewJSONs := make(map[string]string)

  280. 	app_purview_urls := make(map[string]string)

  281. 	app_roles := make(map[string]string)

  282. 	org_subscibes := make(map[string]string)

  283. 	for _, org := range orgs {

  284. 		apps, getAppsErr := service.GetAdminUserAllOrgApp(adminUser.Id, org.Id)

  285. 		if getAppsErr != nil {

  286. 			utils.ErrorLog("数据错误:查找mobile = %v的用户所属机构ID为%v下的应用时错误:%v", mobile, org.Id, getAppsErr)

  287. 			return nil, &enums.SGJError{Code: enums.ErrorCodeDataException}

  288. 		}

  289. 		if adminUser.IsSuperAdmin {

  290. 			didCreateNewApp, createAppErr := this._createAppIfNeeded(adminUser.Id, org.Id, apps)

  291. 			if createAppErr != nil {

  292. 				return nil, createAppErr

  293. 			}

  294. 			if didCreateNewApp {

  295. 				apps, getAppsErr = service.GetAdminUserAllOrgApp(adminUser.Id, org.Id)

  296. 				if getAppsErr != nil {

  297. 					utils.ErrorLog("数据错误:查找mobile = %v的用户所属机构ID为%v下的应用时错误:%v", mobile, org.Id, getAppsErr)

  298. 					return nil, &enums.SGJError{Code: enums.ErrorCodeDataException}

  299. 				}

  300. 			}

  301. 

  302. 		} else {

  303. 			if len(apps) == 0 {

  304. 				continue

  305. 			}

  306. 		}

  307. 

  308. 		subscibe, getSubscibeErr := service.GetOrgServeSubscibe(org.Id)

  309. 		if getSubscibeErr != nil {

  310. 			utils.ErrorLog("获取机构订阅信息失败:%v", getSubscibeErr)

  311. 			return nil, &enums.SGJError{Code: enums.ErrorCodeDataException}

  312. 		} else if subscibe == nil {

  313. 			now := time.Now()

  314. 			nextMonthDate := now.AddDate(0, 0, 30)

  315. 			subscibe = &models.ServeSubscibe{

  316. 				OrgId:       int64(org.Id),

  317. 				PeriodStart: now.Unix(),

  318. 				PeriodEnd:   nextMonthDate.Unix(),

  319. 				Status:      1,

  320. 				CreatedTime: now.Unix(),

  321. 				UpdatedTime: now.Unix(),

  322. 				State:       2,

  323. 			}

  324. 			createErr := service.CreateOrgServeSubscibe(subscibe)

  325. 			if createErr != nil {

  326. 				utils.ErrorLog(" 创建机构订阅信息失败:%v", createErr)

  327. 				return nil, &enums.SGJError{Code: enums.ErrorCodeDataException}

  328. 			}

  329. 		}

  330. 		subscibeJSON_b, _ := json.Marshal(subscibe)

  331. 		subscibeJSON := string(subscibeJSON_b)

  332. 		org_subscibes[strconv.Itoa(org.Id)] = subscibeJSON

  333. 

  334. 		orgJSON_b, _ := json.Marshal(org)

  335. 		orgJSONStr := string(orgJSON_b)

  336. 		orgJSONs[strconv.Itoa(org.Id)] = orgJSONStr

  337. 		orgIds = append(orgIds, strconv.Itoa(org.Id))

  338. 

  339. 		appIds := make([]string, 0, len(apps))

  340. 		appJSONs := make(map[string]string)

  341. 		for _, app := range apps {

  342. 			appJSON_b, _ := json.Marshal(app)

  343. 			appJSONStr := string(appJSON_b)

  344. 			appJSONs[strconv.Itoa(app.Id)] = appJSONStr

  345. 			appIds = append(appIds, strconv.Itoa(app.Id))

  346. 			app_to_org_ids[strconv.Itoa(app.Id)] = strconv.Itoa(org.Id)

  347. 

  348. 			if adminUser.IsSuperAdmin {

  349. 				urlfors, purviews, getPurviewErr := service.GetSuperAdminUsersPurviewTreeAndUrlfors(app.AppType)

  350. 				if getPurviewErr != nil {

  351. 					utils.ErrorLog("数据错误:查找超级管理员的类型为%v的应用的权限时错误:%v", app.AppType, getPurviewErr)

  352. 					return nil, &enums.SGJError{Code: enums.ErrorCodeDataException}

  353. 				} else {

  354. 					purviewJSONs_b, _ := json.Marshal(purviews)

  355. 					app_purviewJSONs[strconv.Itoa(app.Id)] = string(purviewJSONs_b)

  356. 					urlforJSON_b, _ := json.Marshal(urlfors)

  357. 					app_purview_urls[strconv.Itoa(app.Id)] = string(urlforJSON_b)

  358. 				}

  359. 			} else {

  360. 				urlfors, purviews, getPurviewErr := service.GetGeneralAdminUsersPurviewTreeAndUrlfors(adminUser.Id, app.Id)

  361. 				if getPurviewErr != nil {

  362. 					utils.ErrorLog("数据错误:查找id为%v普通管理员的id为%v的应用的权限时错误:%v", adminUser.Id, app.Id, getPurviewErr)

  363. 					return nil, &enums.SGJError{Code: enums.ErrorCodeDataException}

  364. 				} else {

  365. 					purviewJSONs_b, _ := json.Marshal(purviews)

  366. 					app_purviewJSONs[strconv.Itoa(app.Id)] = string(purviewJSONs_b)

  367. 					urlforJSON_b, _ := json.Marshal(urlfors)

  368. 					app_purview_urls[strconv.Itoa(app.Id)] = string(urlforJSON_b)

  369. 				}

  370. 			}

  371. 

  372. 			appRole, getAppRoleErr := service.GetAppRole(adminUser.Id, org.Id, app.Id)

  373. 			if getAppRoleErr != nil {

  374. 				utils.ErrorLog("数据错误:查找id=%v,orgid=%v,appid=%v的用户信息时失败:%v", adminUser.Id, org.Id, app.Id, getAppRoleErr)

  375. 				return nil, &enums.SGJError{Code: enums.ErrorCodeDataException}

  376. 			}

  377. 			appRoleJSON_b, _ := json.Marshal(appRole)

  378. 			app_roles[strconv.Itoa(app.Id)] = string(appRoleJSON_b)

  379. 		}

  380. 		orgAppIds[strconv.Itoa(org.Id)] = appIds

  381. 		orgApps[strconv.Itoa(org.Id)] = appJSONs

  382. 	}

  383. 

  384. 	adminUserJSON_b, _ := json.Marshal(adminUser)

  385. 	info := make(map[string]interface{})

  386. 	info["admin_user"] = string(adminUserJSON_b)

  387. 	info["org_ids"] = orgIds

  388. 	info["orgs"] = orgJSONs

  389. 	info["org_app_ids"] = orgAppIds

  390. 	info["org_apps"] = orgApps

  391. 	info["app_to_org_ids"] = app_to_org_ids

  392. 	info["app_roles"] = app_roles

  393. 	info["purviews"] = app_purviewJSONs

  394. 	info["purview_urlfors"] = app_purview_urls

  395. 	info["org_subscibes"] = org_subscibes

  396. 	return info, nil

  397. }

  398. 

  399. func (this *VerifyTokenController) _createAppIfNeeded(adminUserID int, orgID int, didCreatedApps []*models.OrgApp) (bool, *enums.SGJError) {

  400. 	// 已创建的应用的信息

  401. 	did_patient_manage_create := false

  402. 	did_dialysis_manage_create := false

  403. 	did_cdm_manage_create := false

  404. 	did_mall_manage_create := false

  405. 	for _, app := range didCreatedApps {

  406. 		if app.AppType == 1 {

  407. 			did_patient_manage_create = true

  408. 		} else if app.AppType == 3 {

  409. 			did_dialysis_manage_create = true

  410. 		} else if app.AppType == 4 {

  411. 			did_cdm_manage_create = true

  412. 		} else if app.AppType == 5 {

  413. 			did_mall_manage_create = true

  414. 		}

  415. 	}

  416. 

  417. 	// 自动创建所有应用

  418. 	didCreateNew := false

  419. 	if did_patient_manage_create == false {

  420. 		err := service.CreateOrgApp(adminUserID, orgID, 1, false)

  421. 		if err != nil {

  422. 			utils.ErrorLog("自动创建酷医聚客应用失败:%v", err)

  423. 			return false, &enums.SGJError{Code: enums.ErrorCodeDataException}

  424. 		}

  425. 		didCreateNew = true

  426. 	}

  427. 	if did_dialysis_manage_create == false {

  428. 		err := service.CreateOrgApp(adminUserID, orgID, 3, false)

  429. 		if err != nil {

  430. 			utils.ErrorLog("自动创建透析管理应用失败:%v", err)

  431. 			return false, &enums.SGJError{Code: enums.ErrorCodeDataException}

  432. 		}

  433. 		didCreateNew = true

  434. 	}

  435. 	if did_cdm_manage_create == false {

  436. 		err := service.CreateOrgApp(adminUserID, orgID, 4, false)

  437. 		if err != nil {

  438. 			utils.ErrorLog("自动创建慢病管理应用失败:%v", err)

  439. 			return false, &enums.SGJError{Code: enums.ErrorCodeDataException}

  440. 		}

  441. 		didCreateNew = true

  442. 	}

  443. 	if did_mall_manage_create == false {

  444. 		err := service.CreateOrgApp(adminUserID, orgID, 5, false)

  445. 		if err != nil {

  446. 			utils.ErrorLog("自动创建微商城应用失败:%v", err)

  447. 			return false, &enums.SGJError{Code: enums.ErrorCodeDataException}

  448. 		}

  449. 		didCreateNew = true

  450. 	}

  451. 	return didCreateNew, nil

  452. }