SCHISANDRA/schisandra-album-cloud-microservices
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add api signature

Browse Source
This commit is contained in:
landaiqing
2024-11-19 01:39:01 +08:00
parent 35d2da35b2
commit df32353c0f
11 changed files with 120 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
.idea/GOHCache.xml generated
View File

@@ -398,6 +398,7 @@
<entry key="RefreshTokenLogic">
<value>
<set>
<option value="file://$PROJECT_DIR$/app/core/api/internal/logic/token/refresh_token_logic.go" />
<option value="file://$PROJECT_DIR$/app/core/api/internal/logic/user/refresh_token_logic.go" />
</set>
</value>
@@ -1255,7 +1256,7 @@
<entry key="file://$PROJECT_DIR$/app/core/api/common/middleware/cors_middleware.go">
<value>
<ScannedPath>
<option name="lastModified" value="1731733481847" />
<option name="lastModified" value="1731945430237" />
</ScannedPath>
</value>
</entry>
@@ -1386,7 +1387,7 @@
<entry key="file://$PROJECT_DIR$/app/core/api/core.go">
<value>
<ScannedPath>
<option name="lastModified" value="1731726797044" />
<option name="lastModified" value="1731946200690" />
</ScannedPath>
</value>
</entry>
@@ -1538,35 +1539,42 @@
<entry key="file://$PROJECT_DIR$/app/core/api/internal/handler/routes.go">
<value>
<ScannedPath>
<option name="lastModified" value="1731724739502" />
<option name="lastModified" value="1731934439935" />
</ScannedPath>
</value>
</entry>
<entry key="file://$PROJECT_DIR$/app/core/api/internal/handler/sms/send_sms_by_aliyun_handler.go">
<value>
<ScannedPath>
<option name="lastModified" value="1731862584763" />
<option name="lastModified" value="1731864135742" />
</ScannedPath>
</value>
</entry>
<entry key="file://$PROJECT_DIR$/app/core/api/internal/handler/sms/send_sms_by_smsbao_handler.go">
<value>
<ScannedPath>
<option name="lastModified" value="1731862584790" />
<option name="lastModified" value="1731864135737" />
</ScannedPath>
</value>
</entry>
<entry key="file://$PROJECT_DIR$/app/core/api/internal/handler/sms/send_sms_by_test_handler.go">
<value>
<ScannedPath>
<option name="lastModified" value="1731862584754" />
<option name="lastModified" value="1731864122783" />
</ScannedPath>
</value>
</entry>
<entry key="file://$PROJECT_DIR$/app/core/api/internal/handler/token/refresh_token_handler.go">
<value>
<ScannedPath>
<option name="lastModified" value="1731927610027" />
</ScannedPath>
</value>
</entry>
<entry key="file://$PROJECT_DIR$/app/core/api/internal/handler/user/account_login_handler.go">
<value>
<ScannedPath>
<option name="lastModified" value="1731862584722" />
<option name="lastModified" value="1731864135746" />
</ScannedPath>
</value>
</entry>
@@ -1580,21 +1588,21 @@
<entry key="file://$PROJECT_DIR$/app/core/api/internal/handler/user/phone_login_handler.go">
<value>
<ScannedPath>
<option name="lastModified" value="1731862584794" />
<option name="lastModified" value="1731864275388" />
</ScannedPath>
</value>
</entry>
<entry key="file://$PROJECT_DIR$/app/core/api/internal/handler/user/refresh_token_handler.go">
<value>
<ScannedPath>
<option name="lastModified" value="1731862584798" />
<option name="lastModified" value="1731864275394" />
</ScannedPath>
</value>
</entry>
<entry key="file://$PROJECT_DIR$/app/core/api/internal/handler/user/reset_password_handler.go">
<value>
<ScannedPath>
<option name="lastModified" value="1731862584716" />
<option name="lastModified" value="1731864275383" />
</ScannedPath>
</value>
</entry>
@@ -1870,6 +1878,18 @@
</ScannedPath>
</value>
</entry>
<entry key="file://$PROJECT_DIR$/app/core/api/internal/logic/token/refresh_token_logic.go">
<value>
<ScannedPath>
<option name="lastModified" value="1731927642595" />
<option name="schema">
<list>
<option value="RefreshTokenLogic" />
</list>
</option>
</ScannedPath>
</value>
</entry>
<entry key="file://$PROJECT_DIR$/app/core/api/internal/logic/user/account_login_logic.go">
<value>
<ScannedPath>
@@ -1959,7 +1979,7 @@
<entry key="file://$PROJECT_DIR$/app/core/api/internal/middleware/casbinverify_middleware.go">
<value>
<ScannedPath>
<option name="lastModified" value="1731692954271" />
<option name="lastModified" value="1731933523737" />
<option name="schema">
<list>
<option value="CasbinVerifyMiddleware" />
@@ -1983,7 +2003,7 @@
<entry key="file://$PROJECT_DIR$/app/core/api/internal/svc/service_context.go">
<value>
<ScannedPath>
<option name="lastModified" value="1731845823841" />
<option name="lastModified" value="1731933535953" />
<option name="schema">
<list>
<option value="ServiceContext" />
@@ -2019,7 +2039,7 @@
<entry key="file://$PROJECT_DIR$/app/core/api/internal/types/types.go">
<value>
<ScannedPath>
<option name="lastModified" value="1731724739499" />
<option name="lastModified" value="1731934439933" />
<option name="schema">
<list>
<option value="AccountLoginRequest" />
@@ -2957,6 +2977,6 @@
<entry key="wechat_callback_logic" value="WechatCallbackLogic" />
</map>
</option>
<option name="lastTimeChecked" value="1731827465216" />
<option name="lastTimeChecked" value="1731920886467" />
</component>
</project>

3
app/core/api/common/middleware/cors_middleware.go
View File

@@ -6,7 +6,8 @@ func CORSMiddleware() func(http.Header) {
return func(header http.Header) {
header.Set("Access-Control-Allow-Origin", "*")
header.Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, PATCH")
header.Set("Access-Control-Expose-Headers", "Content-Length, Content-Type,Authorization,Accept-Language,Origin")
header.Set("Access-Control-Expose-Headers", "Content-Length, Content-Type")
header.Set("Access-Control-Allow-Headers", "Content-Type,Authorization,Accept-Language,Origin,X-Content-Security")
header.Set("Access-Control-Allow-Credentials", "true")
}
}

20
app/core/api/core.api
View File

@@ -158,13 +158,25 @@ service core {
@handler resetPassword
post /reset/password (ResetPasswordRequest) returns (Response)
@handler refreshToken
post /token/refresh returns (Response)
@handler getUserDevice
get /device
}
@server (
group: token // 微服务分组
prefix: /api/auth // 微服务前缀
timeout: 10s // 超时时间
maxBytes: 1048576 // 最大请求大小
signature: true // 是否开启签名验证
middleware: SecurityHeadersMiddleware,CasbinVerifyMiddleware // 注册中间件
MaxConns: true // 是否开启最大连接数限制
Recover: true // 是否开启自动恢复
)
service core {
@handler refreshToken
post /token/refresh returns (Response)
}
// 客户端服务
@server (
group: client // 微服务分组
@@ -273,7 +285,7 @@ service core {
prefix: /api/auth/comment // 微服务前缀
timeout: 10s // 超时时间
maxBytes: 1048576 // 最大请求大小
signature: true // 是否开启签名验证
signature: false // 是否开启签名验证
middleware: SecurityHeadersMiddleware,CasbinVerifyMiddleware // 注册中间件
MaxConns: true // 是否开启最大连接数限制
Recover: true // 是否开启自动恢复

5
app/core/api/core.go
View File

@@ -23,7 +23,10 @@ func main() {
var c config.Config
conf.MustLoad(*configFile, &c)
server := rest.MustNewServer(c.RestConf, rest.WithCustomCors(middleware.CORSMiddleware(), nil), rest.WithUnauthorizedCallback(middleware.UnauthorizedCallbackMiddleware()))
server := rest.MustNewServer(
c.RestConf,
rest.WithCustomCors(middleware.CORSMiddleware(), nil),
rest.WithUnauthorizedCallback(middleware.UnauthorizedCallbackMiddleware()))
defer server.Stop()
// i18n middleware
server.Use(middleware.I18nMiddleware)

6
app/core/api/etc/core.yaml
View File

@@ -9,6 +9,12 @@ Mysql:
DataSource: root:LDQ20020618xxx@tcp(1.95.0.111:3306)/schisandra-cloud-album?charset=utf8mb4&parseTime=True&loc=Local
Auth:
AccessSecret: uOvKLmVfztaXGpNYd4Z0I1SiT7MweJhl
Signature:
Strict: true
Expiry: 1h
PrivateKeys:
- Fingerprint: idm0jdoau38lwourb4pbjk4dxkat0kcx
KeyFile: etc/rsa_private_key.pem
Redis:
Host: 1.95.0.111:6379
Pass: LDQ20020618xxx

15
app/core/api/etc/rsa_private_key.pem Normal file
View File

@@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCFe70Zi3OF7NuFi2saenJPjADWLn402d142LOLBeN6cuWpItE3
qgFsaMSorQApSM0recmAHMg4M4ly7+NgFPsaTzteMrO/LFCagwLWyyFJeqV4oQWR
NQcFcGev8sTkUbIhhKpNAcmg37q8cmfI2eumycfl2FXuSyoJOa7hJgYNNQIDAQAB
AoGAebmhdE4LBzI77ch53yeSXqAZkzfKt3+Fy9IxyLGSA/QLIvYxPEW4Dphr3jYF
U6CkGOVyr3WP0FCPI1VHUDNR2BP1oDUjw4X7EknUJxys+EamsFKyaJLlafDSGpu/
Is6ReNV+76QzxfQjY1CuSpugLBxJmG0mNiQ1fHOFS4I/n/ECQQDTmDr9QR9IBNK+
6QpCxNN1RODQAMiv0/25RCqJqMoi5sDum2gH/tmDbprQuI+DmDgdC32xWePTU3W6
Y+rIMZjvAkEAoX8JDOQ82XTH7voUbHMOiGxMzDE7btBRNf/ILJFSlLCDfh91TLTS
HwDLlYMs48FzhY9o5PkLo9cNlxoIGivUGwJAccsDpmFYXlXhtLQFRaUuh3mUYaia
RRz/7ZvAOKoikySAC5JeHzaqaamY7rjizYWWX+BnJ3LNOEBBJw1HHYS21wJBAIpi
bwDq+vFjzocLKEEd/pAMLWqzrTfxrgVVntQB2v+qmaKTllIaiAslBU6izu6DMFh8
YOgEOGM2vmCCX/r9H40CQQC0YgVuVtEk1noqwqs8mEH7GJmA+KfzLPbt4Ekvi56m
B9JJ5GAOo4lxmHD4h6GuQJPE6PD0a+tsTJ5n0IOGRj1g
-----END RSA PRIVATE KEY-----

24
app/core/api/internal/handler/routes.go
View File

@@ -12,6 +12,7 @@ import (
comment "schisandra-album-cloud-microservices/app/core/api/internal/handler/comment"
oauth "schisandra-album-cloud-microservices/app/core/api/internal/handler/oauth"
sms "schisandra-album-cloud-microservices/app/core/api/internal/handler/sms"
token "schisandra-album-cloud-microservices/app/core/api/internal/handler/token"
user "schisandra-album-cloud-microservices/app/core/api/internal/handler/user"
websocket "schisandra-album-cloud-microservices/app/core/api/internal/handler/websocket"
"schisandra-album-cloud-microservices/app/core/api/internal/svc"
@@ -99,7 +100,6 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
}...,
),
rest.WithJwt(serverCtx.Config.Auth.AccessSecret),
rest.WithSignature(serverCtx.Config.Signature),
rest.WithPrefix("/api/auth/comment"),
rest.WithTimeout(10000*time.Millisecond),
rest.WithMaxBytes(1048576),
@@ -182,6 +182,23 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
rest.WithMaxBytes(1048576),
)
server.AddRoutes(
rest.WithMiddlewares(
[]rest.Middleware{serverCtx.SecurityHeadersMiddleware, serverCtx.CasbinVerifyMiddleware},
[]rest.Route{
{
Method: http.MethodPost,
Path: "/token/refresh",
Handler: token.RefreshTokenHandler(serverCtx),
},
}...,
),
rest.WithSignature(serverCtx.Config.Signature),
rest.WithPrefix("/api/auth"),
rest.WithTimeout(10000*time.Millisecond),
rest.WithMaxBytes(1048576),
)
server.AddRoutes(
rest.WithMiddlewares(
[]rest.Middleware{serverCtx.SecurityHeadersMiddleware},
@@ -206,11 +223,6 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
Path: "/reset/password",
Handler: user.ResetPasswordHandler(serverCtx),
},
{
Method: http.MethodPost,
Path: "/token/refresh",
Handler: user.RefreshTokenHandler(serverCtx),
},
}...,
),
rest.WithSignature(serverCtx.Config.Signature),

6
app/core/api/internal/handler/user/refresh_token_handler.go → app/core/api/internal/handler/token/refresh_token_handler.go
View File

@@ -1,4 +1,4 @@
package user
package token
import (
"net/http"
@@ -7,13 +7,13 @@ import (
"github.com/zeromicro/go-zero/rest/httpx"
"schisandra-album-cloud-microservices/app/core/api/common/response"
"schisandra-album-cloud-microservices/app/core/api/internal/logic/user"
"schisandra-album-cloud-microservices/app/core/api/internal/logic/token"
"schisandra-album-cloud-microservices/app/core/api/internal/svc"
)
func RefreshTokenHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
l := user.NewRefreshTokenLogic(r.Context(), svcCtx)
l := token.NewRefreshTokenLogic(r.Context(), svcCtx)
resp, err := l.RefreshToken(r)
if err != nil {
logx.Error(err)

2
app/core/api/internal/logic/user/refresh_token_logic.go → app/core/api/internal/logic/token/refresh_token_logic.go
View File

@@ -1,4 +1,4 @@
package user
package token
import (
"context"

22
app/core/api/internal/middleware/casbinverify_middleware.go
View File

@@ -4,21 +4,35 @@ import (
"net/http"
"github.com/casbin/casbin/v2"
"github.com/rbcervilla/redisstore/v9"
"schisandra-album-cloud-microservices/app/core/api/common/constant"
)
type CasbinVerifyMiddleware struct {
casbin *casbin.CachedEnforcer
casbin *casbin.CachedEnforcer
session *redisstore.RedisStore
}
func NewCasbinVerifyMiddleware(casbin *casbin.CachedEnforcer) *CasbinVerifyMiddleware {
func NewCasbinVerifyMiddleware(casbin *casbin.CachedEnforcer, session *redisstore.RedisStore) *CasbinVerifyMiddleware {
return &CasbinVerifyMiddleware{
casbin: casbin,
casbin: casbin,
session: session,
}
}
func (m *CasbinVerifyMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
userId := r.Context().Value("user_id")
session, err := m.session.Get(r, constant.SESSION_KEY)
if err != nil {
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
return
}
userId, ok := session.Values["uid"].(string)
if !ok {
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
return
}
correct, err := m.casbin.Enforce(userId, r.URL.Path, r.Method)
if err != nil || !correct {
http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)

5
app/core/api/internal/svc/service_context.go
View File

@@ -46,14 +46,15 @@ type ServiceContext struct {
func NewServiceContext(c config.Config) *ServiceContext {
casbinEnforcer := casbinx.NewCasbin(c.Mysql.DataSource)
redisClient := redisx.NewRedis(c.Redis.Host, c.Redis.Pass, c.Redis.DB)
session := redis_session.NewRedisSession(redisClient)
return &ServiceContext{
Config: c,
SecurityHeadersMiddleware: middleware.NewSecurityHeadersMiddleware().Handle,
CasbinVerifyMiddleware: middleware.NewCasbinVerifyMiddleware(casbinEnforcer).Handle,
CasbinVerifyMiddleware: middleware.NewCasbinVerifyMiddleware(casbinEnforcer, session).Handle,
MySQLClient: mysql.NewMySQL(c.Mysql.DataSource),
RedisClient: redisClient,
MongoClient: mongodb.NewMongoDB(c.Mongo.Uri, c.Mongo.Username, c.Mongo.Password, c.Mongo.AuthSource, c.Mongo.Database),
Session: redis_session.NewRedisSession(redisClient),
Session: session,
Ip2Region: ip2region.NewIP2Region(),
CasbinEnforcer: casbinEnforcer,
WechatPublic: wechat_public.NewWechatPublic(c.Wechat.AppID, c.Wechat.AppSecret, c.Wechat.Token, c.Wechat.AESKey, c.Redis.Host, c.Redis.Pass, c.Redis.DB),