Home Explore Help
Register Sign In
zhangbj
/
sso
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
sso
1 Commits
2 Branches
Tree: 42b2640702
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '42b2640702'
${ noResults }
sso/controllers/login_controller.go

login_controller.go 11KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332 
  1. package controllers

  2. 

  3. import (

  4. 	"fmt"

  5. 	"net/url"

  6. 	"time"

  7. 

  8. 	"SSO/enums"

  9. 	"SSO/models"

  10. 	"SSO/service"

  11. 	"SSO/utils"

  12. 

  13. 	"github.com/astaxie/beego"

  14. )

  15. 

  16. type LoginController struct {

  17. 	BaseController

  18. }

  19. 

  20. // /login [get]

  21. // @param app_type:int

  22. // @param returnurl?:string

  23. // @param relogin?:bool 是否强制重新登录

  24. func (this *LoginController) PwdLogin() {

  25. 	token := this.Ctx.GetCookie("sso_token_cookie")

  26. 	returnURL := this.GetString("returnurl")

  27. 	appType, _ := this.GetInt("app_type")

  28. 	relogin, _ := this.GetBool("relogin", false)

  29. 	if relogin {

  30. 		token = ""

  31. 	}

  32. 

  33. 	if url := service.GetAppURLWithAppType(appType); len(url) == 0 {

  34. 		appType = 1

  35. 		returnURL = ""

  36. 	}

  37. 	utils.TraceLog("login token: %v", token)

  38. 

  39. 	if len(token) == 0 {

  40. 		this.Data["app_type"] = appType

  41. 		this.Data["return_url"] = returnURL

  42. 		this.TplName = "new_main/login.html"

  43. 	} else {

  44. 		if len(returnURL) == 0 {

  45. 			this.Data["app_type"] = appType

  46. 			this.Data["return_url"] = returnURL

  47. 			this.TplName = "new_main/login.html"

  48. 		} else {

  49. 			utils.TraceLog("跳过登录直接验证token")

  50. 			url := this.appendTokenParamToReturnURL(returnURL, token)

  51. 			this.Redirect(url, 302)

  52. 		}

  53. 	}

  54. }

  55. 

  56. // /login/code [get]

  57. // @param app_type:int

  58. // @param returnurl?:string

  59. func (this *LoginController) CodeLogin() {

  60. 	token := this.Ctx.GetCookie("sso_token_cookie")

  61. 	returnURL := this.GetString("returnurl")

  62. 	appType, _ := this.GetInt("app_type")

  63. 

  64. 	if url := service.GetAppURLWithAppType(appType); len(url) == 0 {

  65. 		appType = 1

  66. 		returnURL = ""

  67. 	}

  68. 	utils.TraceLog("login token: %v", token)

  69. 

  70. 	if len(token) != 0 && len(returnURL) != 0 {

  71. 		utils.TraceLog("跳过登录直接验证token")

  72. 		url := this.appendTokenParamToReturnURL(returnURL, token)

  73. 		this.Redirect(url, 302)

  74. 

  75. 	} else {

  76. 		redisClient := service.RedisClient()

  77. 		defer redisClient.Close()

  78. 		req := this.Ctx.Request

  79. 		addr := utils.GetIP(req)

  80. 		cur_time := time.Now().Format("2006-01-02")

  81. 		_, err := redisClient.Get("ip:host_" + cur_time + "_" + addr).Result()

  82. 		if err != nil {

  83. 			redisClient.Set("ip:host_"+cur_time+"_"+addr, 0, time.Second*24*60*60)

  84. 		}

  85. 

  86. 		//将客户端的ip加密传给前端,作为短信验证的密钥,来验证短信发送的IP地址

  87. 		aespass := utils.AESEncrypt(addr)

  88. 		this.Data["aespass"] = aespass

  89. 

  90. 		this.Data["app_type"] = appType

  91. 		this.Data["return_url"] = returnURL

  92. 		this.TplName = "new_main/login_by_code.html"

  93. 	}

  94. }

  95. 

  96. // /login/submit [post]

  97. // @param app_type:int

  98. // @param mobile:string

  99. // @param password:string

  100. // @param returnurl?:string

  101. // 登录成功时,返回下一步跳转的链接:data.url

  102. func (this *LoginController) PwdLoginSubmit() {

  103. 	appType, _ := this.GetInt("app_type")

  104. 

  105. 	if url := service.GetAppURLWithAppType(appType); len(url) == 0 {

  106. 		appType = 1

  107. 	}

  108. 	mobile := this.GetString("mobile")

  109. 	password := this.GetString("password")

  110. 	if len(mobile) == 0 || len(password) == 0 {

  111. 		this.Data["json"] = enums.MakeFailResponseJSONWithSGJErrorCode(enums.ErrorCodeAccountOrPasswordWrong)

  112. 		this.ServeJSON()

  113. 		return

  114. 	}

  115. 	if service.IsPasswordRight(mobile, password) {

  116. 		token := utils.GenerateLoginToken(mobile)

  117. 		returnURL := this.GetString("returnurl")

  118. 		utils.TraceLog("login submit return url: %v", returnURL)

  119. 		url, err, admin := this.getRedirectURL(appType, mobile, returnURL, token)

  120. 		if err != nil {

  121. 			this.Data["json"] = enums.MakeFailResponseJSONWithSGJError(err)

  122. 			this.ServeJSON()

  123. 

  124. 		} else {

  125. 			if admin != nil {

  126. 				this.SetSession("admin_user", admin)

  127. 			}

  128. 

  129. 			// 保存登录令牌

  130. 			expiration, _ := beego.AppConfig.Int64("login_token_expiration_second")

  131. 			this.Ctx.SetCookie("sso_token_cookie", token, expiration, "/")

  132. 

  133. 			redisClient := service.RedisClient()

  134. 			defer redisClient.Close()

  135. 			share_session_id := this.Ctx.Input.CruSession.SessionID()

  136. 			utils.TraceLog("share_session_id: %v", share_session_id)

  137. 			this.Ctx.SetCookie("s", share_session_id, expiration, "/", beego.AppConfig.String("cookie_rootdomain"))

  138. 			redisClient.Set(fmt.Sprintf("sso_token_%v", share_session_id), token, time.Duration(expiration)*time.Second)

  139. 

  140. 			this.Data["json"] = enums.MakeSuccessResponseJSON(map[string]interface{}{

  141. 				"url": url,

  142. 			})

  143. 			this.ServeJSON()

  144. 		}

  145. 

  146. 	} else {

  147. 		this.Data["json"] = enums.MakeFailResponseJSONWithSGJErrorCode(enums.ErrorCodeAccountOrPasswordWrong)

  148. 		this.ServeJSON()

  149. 	}

  150. }

  151. 

  152. // /login/code/submit [post]

  153. // @param app_type:int

  154. // @param mobile:string

  155. // @param code:string

  156. // @param returnurl?:string

  157. // 登录成功时,返回下一步跳转的链接:data.url

  158. func (this *LoginController) CodeLoginSubmit() {

  159. 	appType, _ := this.GetInt("app_type")

  160. 	if url := service.GetAppURLWithAppType(appType); len(url) == 0 {

  161. 		appType = 1

  162. 	}

  163. 	mobile := this.GetString("mobile")

  164. 	code := this.GetString("code")

  165. 	if len(mobile) == 0 || len(code) == 0 {

  166. 		this.Data["json"] = enums.MakeFailResponseJSONWithSGJErrorCode(enums.ErrorCodeAccountOrVerCodeWrong)

  167. 		this.ServeJSON()

  168. 		return

  169. 	}

  170. 	if !service.IsMobileRegister(mobile) {

  171. 		this.Data["json"] = enums.MakeFailResponseJSONWithSGJErrorCode(enums.ErrorCodeAccountOrVerCodeWrong)

  172. 		this.ServeJSON()

  173. 		return

  174. 	}

  175. 	redisClient := service.RedisClient()

  176. 	defer redisClient.Close()

  177. 	cachedCode, err := redisClient.Get("code_msg_" + mobile).Result()

  178. 	if err != nil {

  179. 		this.Data["json"] = enums.MakeFailResponseJSONWithSGJErrorCode(enums.ErrorCodeAccountOrVerCodeWrong)

  180. 		this.ServeJSON()

  181. 		return

  182. 

  183. 	} else {

  184. 		if code != cachedCode {

  185. 			this.Data["json"] = enums.MakeFailResponseJSONWithSGJErrorCode(enums.ErrorCodeAccountOrVerCodeWrong)

  186. 			this.ServeJSON()

  187. 			return

  188. 		} else {

  189. 			token := utils.GenerateLoginToken(mobile)

  190. 			returnURL := this.GetString("returnurl")

  191. 			url, err, admin := this.getRedirectURL(appType, mobile, returnURL, token)

  192. 			if err != nil {

  193. 				this.Data["json"] = enums.MakeFailResponseJSONWithSGJError(err)

  194. 				this.ServeJSON()

  195. 

  196. 			} else {

  197. 				if admin != nil {

  198. 					this.SetSession("admin_user", admin)

  199. 				}

  200. 

  201. 				// 保存登录令牌

  202. 				expiration, _ := beego.AppConfig.Int64("login_token_expiration_second")

  203. 				this.Ctx.SetCookie("sso_token_cookie", token, expiration, "/")

  204. 

  205. 				share_session_id := this.Ctx.Input.CruSession.SessionID()

  206. 				utils.TraceLog("share_session_id: %v", share_session_id)

  207. 				this.Ctx.SetCookie("s", share_session_id, expiration, "/", beego.AppConfig.String("cookie_rootdomain"))

  208. 				redisClient.Set(fmt.Sprintf("sso_token_%v", share_session_id), token, time.Duration(expiration)*time.Second)

  209. 

  210. 				// 清除验证码

  211. 				redisClient.Del("code_msg_" + mobile)

  212. 

  213. 				this.Data["json"] = enums.MakeSuccessResponseJSON(map[string]interface{}{

  214. 					"url": url,

  215. 				})

  216. 				this.ServeJSON()

  217. 			}

  218. 		}

  219. 	}

  220. }

  221. 

  222. func (this *LoginController) appendTokenParamToReturnURL(returnURL string, token string) string {

  223. 	urlStr, _ := url.QueryUnescape(returnURL)

  224. 	u, _ := url.Parse(urlStr)

  225. 	query := u.Query()

  226. 	query.Del("token")

  227. 	query.Add("token", token)

  228. 	u.RawQuery = query.Encode()

  229. 	return u.String()

  230. }

  231. 

  232. func (this *LoginController) getRedirectURL(app_type int, mobile string, returnURL string, token string) (string, *enums.SGJError, *models.AdminUser) {

  233. 	utils.TraceLog("returnURL: %v", returnURL)

  234. 	admin := service.GetAdminUserWithMobile(mobile)

  235. 	if admin != nil {

  236. 		if admin.IsSuperAdmin { // 如果是超级管理员用户

  237. 			// 那么需要检查是否创建了机构和应用,如未创建,则前往创建

  238. 			// 如果都创建了,那么和普通管理员用户一样,需要经过其他判断得出下一步跳转的链接

  239. 			if didCreateOrg, findOrgErr := service.DidAdminUserCreateOrg(admin.Id); findOrgErr != nil {

  240. 				utils.ErrorLog("数据错误:查找mobile = %v的用户创建的机构时错误:%v", mobile, findOrgErr)

  241. 				return "", &enums.SGJError{Code: enums.ErrorCodeDataException}, nil

  242. 			} else {

  243. 				if didCreateOrg {

  244. 					if didCreateApp, findAppErr := service.DidAdminUserOrgCreateApp(admin.Id, app_type); findAppErr != nil {

  245. 						utils.ErrorLog("数据错误:查找mobile = %v的用户创建的应用时错误:%v", mobile, findOrgErr)

  246. 						return "", &enums.SGJError{Code: enums.ErrorCodeDataException}, nil

  247. 					} else {

  248. 						if !didCreateApp {

  249. 							url := this.appendTokenParamToReturnURL(beego.URLFor("OrgController.CreateApp"), token)

  250. 							return url, nil, admin

  251. 						}

  252. 					}

  253. 

  254. 				} else {

  255. 					url := this.appendTokenParamToReturnURL(beego.URLFor("OrgController.Create"), token) // 前往创建机构的 url

  256. 					return url, nil, admin

  257. 				}

  258. 			}

  259. 		}

  260. 		if len(returnURL) != 0 {

  261. 			url := this.appendTokenParamToReturnURL(returnURL, token)

  262. 			return url, nil, admin

  263. 		}

  264. 		// 普通管理员用户

  265. 		// 如果有登录记录,则前往最近登录记录中的应用

  266. 		lastLoginLog, getLastLoginLogErr := service.GetAdminUserLastLoginLog(admin.Id, app_type)

  267. 		if getLastLoginLogErr != nil {

  268. 			utils.ErrorLog("数据错误:查找mobile = %v的用户最近一次登录记录时错误:%v", mobile, getLastLoginLogErr)

  269. 		}

  270. 		if lastLoginLog != nil {

  271. 			utils.TraceLog("%+v", lastLoginLog)

  272. 			url := service.GetAppURLWithAppType(int(lastLoginLog.AppType))

  273. 			if len(url) > 0 {

  274. 				return this.appendTokenParamToReturnURL(url, token), nil, admin

  275. 			}

  276. 		}

  277. 		// 如果没有登录记录,则要前往其有权访问的、最高优先级的应用

  278. 		appType, getAppTypeErr := service.GetAdminUserPrioritizedAppType(admin.Id)

  279. 		if getAppTypeErr != nil {

  280. 			utils.ErrorLog("数据错误:查找mobile = %v的用户有权访问的应用的类型时错误:%v", mobile, getAppTypeErr)

  281. 			return "", &enums.SGJError{Code: enums.ErrorCodeDataException}, nil

  282. 

  283. 		} else {

  284. 			if appType == 0 {

  285. 				utils.ErrorLog("数据错误:查找mobile = %v的用户有权访问的应用的类型时的结果错误:%v", mobile, "在超级管理员已创建应用,并且已分配角色的情况下,不可能存在查找不到相关应用")

  286. 				return "", &enums.SGJError{Code: enums.ErrorCodeDataException}, nil

  287. 			} else {

  288. 				url := this.appendTokenParamToReturnURL(service.GetAppURLWithAppType(int(appType)), token)

  289. 				return url, nil, admin

  290. 			}

  291. 		}

  292. 	} else {

  293. 		utils.ErrorLog("数据错误:查找不到mobile = %v的用户", mobile)

  294. 		return "", &enums.SGJError{Code: enums.ErrorCodeDataException}, nil

  295. 	}

  296. }

  297. 

  298. // /logout [get]

  299. func (this *LoginController) Logout() {

  300. 	// 有 session.AdminUser 的话,销毁掉

  301. 	adminUserObj := this.GetSession("admin_user")

  302. 	redisClient := service.RedisClient()

  303. 	defer redisClient.Close()

  304. 	// 销毁 token

  305. 	this.Ctx.SetCookie("sso_token_cookie", "")

  306. 	redisClient.Del(fmt.Sprintf("sso_token_%v", this.Ctx.GetCookie("s")))

  307. 	if adminUserObj == nil {

  308. 		this.Redirect302(beego.URLFor("LoginController.Index"))

  309. 		return

  310. 	}

  311. 	adminUser := adminUserObj.(*models.AdminUser)

  312. 	this.DelSession("admin_user")

  313. 	redisClient.Del("sso_admin_user_info_" + adminUser.Mobile)

  314. 

  315. 	loginLog := &models.AdminUserLoginLog{

  316. 		AdminUserId: adminUser.Id,

  317. 		OrgId:       0,

  318. 		AppId:       0,

  319. 		IP:          utils.GetIP(this.Ctx.Request),

  320. 		OperateType: 2,

  321. 		AppType:     0,

  322. 		CreateTime:  time.Now().Unix(),

  323. 	}

  324. 	if insertErr := service.InsertLoginLog(loginLog); insertErr != nil {

  325. 		utils.ErrorLog("为手机号为%v的用户插入一条登录记录失败:%v", adminUser.Mobile, insertErr)

  326. 	}

  327. 	// 通知其他子系统退出登录

  328. 

  329. 	// 跳转首页

  330. 	this.Redirect302(beego.URLFor("LoginController.Index"))

  331. }