SCHISANDRA/schisandra-cloud-album
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add qq oauth2 login

Browse Source
This commit is contained in:
landaiqing
2024-08-19 23:10:15 +08:00
parent 08b2790bee
commit 1094957ea4
16 changed files with 884 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
api/oauth_api/gitee_api.go
View File

@@ -50,6 +50,12 @@ type GiteeUser struct {
}
// GetGiteeRedirectUrl 获取Gitee登录地址
// @Summary 获取Gitee登录地址
// @Description 获取Gitee登录地址
// @Tags OAuth
// @Produce json
// @Success 200 {string} string "登录地址"
// @Router /api/oauth/gitee/get_url [get]
func (OAuthAPI) GetGiteeRedirectUrl(c *gin.Context) {
clientID := global.CONFIG.OAuth.Gitee.ClientID
redirectURI := global.CONFIG.OAuth.Gitee.RedirectURI
@@ -123,6 +129,11 @@ func GetGiteeUserInfo(token *Token) (map[string]interface{}, error) {
}
// GiteeCallback 处理Gitee回调
// @Summary 处理Gitee回调
// @Description 处理Gitee回调
// @Tags OAuth
// @Produce json
// @Router /api/oauth/gitee/callback [get]
func (OAuthAPI) GiteeCallback(c *gin.Context) {
var err error
// 获取 code

19
api/oauth_api/github_api.go
View File

@@ -16,9 +16,6 @@ import (
"strconv"
)
type Token struct {
AccessToken string `json:"access_token"`
}
type GitHubUser struct {
AvatarURL string `json:"avatar_url"`
Bio interface{} `json:"bio"`
@@ -56,10 +53,17 @@ type GitHubUser struct {
}
// GetRedirectUrl 获取github登录url
// @Summary 获取github登录url
// @Description 获取github登录url
// @Tags OAuth
// @Produce json
// @Success 200 {string} string "登录url"
// @Router /api/oauth/github/get_url [get]
func (OAuthAPI) GetRedirectUrl(c *gin.Context) {
state := c.Query("state")
clientId := global.CONFIG.OAuth.Github.ClientID
redirectUrl := global.CONFIG.OAuth.Github.RedirectURI
url := "https://github.com/login/oauth/authorize?client_id=" + clientId + "&redirect_uri=" + redirectUrl
url := "https://github.com/login/oauth/authorize?client_id=" + clientId + "&redirect_uri=" + redirectUrl + "&state=" + state
result.OkWithData(url, c)
return
}
@@ -129,6 +133,13 @@ func GetUserInfo(token *Token) (map[string]interface{}, error) {
}
// Callback 登录回调函数
// @Summary 登录回调函数
// @Description 登录回调函数
// @Tags OAuth
// @Produce json
// @Param code query string true "code"
// @Success 200 {string} string "登录成功"
// @Router /api/oauth/github/callback [get]
func (OAuthAPI) Callback(c *gin.Context) {
var err error
// 获取 code

11
api/oauth_api/oauth.go
View File

@@ -20,6 +20,10 @@ var rolePermissionService = service.Service.RolePermissionService
var permissionServiceService = service.Service.PermissionService
var roleService = service.Service.RoleService
type Token struct {
AccessToken string `json:"access_token"`
}
var script = `
<script>
window.opener.postMessage('%s', '%s');
@@ -58,8 +62,11 @@ func HandelUserLogin(user model.ScaAuthUser) (bool, map[string]interface{}) {
if er != nil {
return false, nil
}
accessToken, refreshToken, expiresAt := utils.GenerateAccessTokenAndRefreshToken(utils.JWTPayload{UserID: user.UID, RoleID: ids})
accessToken, err := utils.GenerateAccessToken(utils.AccessJWTPayload{UserID: user.UID, RoleID: ids})
if err != nil {
return false, nil
}
refreshToken, expiresAt := utils.GenerateRefreshToken(utils.RefreshJWTPayload{UserID: user.UID, RoleID: ids}, time.Hour*24*7)
data := dto.ResponseData{
AccessToken: accessToken,
RefreshToken: refreshToken,

159
api/oauth_api/qq_api.go
View File

@@ -1 +1,160 @@
package oauth_api
import (
"encoding/json"
"fmt"
ginI18n "github.com/gin-contrib/i18n"
"github.com/gin-gonic/gin"
"net/http"
"schisandra-cloud-album/common/result"
"schisandra-cloud-album/global"
)
type AuthQQme struct {
ClientID string `json:"client_id"`
OpenID string `json:"openid"`
}
// GetQQRedirectUrl 获取登录地址
// @Summary 获取QQ登录地址
// @Description 获取QQ登录地址
// @Tags 登录
// @Produce json
// @Success 200 {string} string "登录地址"
// @Router /api/oauth/qq/get_url [get]
func (OAuthAPI) GetQQRedirectUrl(c *gin.Context) {
state := c.Query("state")
clientId := global.CONFIG.OAuth.QQ.ClientID
redirectURI := global.CONFIG.OAuth.QQ.RedirectURI
url := "https://graph.qq.com/oauth2.0/authorize?response_type=code&client_id=" + clientId + "&redirect_uri=" + redirectURI + "&state=" + state
result.OkWithData(url, c)
return
}
// GetQQTokenAuthUrl 通过code获取token认证url
func GetQQTokenAuthUrl(code string) string {
clientId := global.CONFIG.OAuth.QQ.ClientID
clientSecret := global.CONFIG.OAuth.QQ.ClientSecret
redirectURI := global.CONFIG.OAuth.QQ.RedirectURI
return fmt.Sprintf(
"https://graph.qq.com/oauth2.0/token?grant_type=authorization_code&client_id=%s&client_secret=%s&code=%s&redirect_uri=%s",
clientId, clientSecret, code, redirectURI,
)
}
// GetQQToken 获取 token
func GetQQToken(url string) (*Token, error) {
// 形成请求
var req *http.Request
var err error
if req, err = http.NewRequest(http.MethodGet, url, nil); err != nil {
return nil, err
}
req.Header.Set("accept", "application/json")
// 发送请求并获得响应
var httpClient = http.Client{}
var res *http.Response
if res, err = httpClient.Do(req); err != nil {
return nil, err
}
// 将响应体解析为 token并返回
var token Token
if err = json.NewDecoder(res.Body).Decode(&token); err != nil {
return nil, err
}
return &token, nil
}
// GetQQUserOpenID 获取用户 openid
func GetQQUserOpenID(token *Token) (*AuthQQme, error) {
// 形成请求
var userInfoUrl = "https://graph.qq.com/oauth2.0/me" // github用户信息获取接口
var req *http.Request
var err error
if req, err = http.NewRequest(http.MethodGet, userInfoUrl, nil); err != nil {
return nil, err
}
req.Header.Set("accept", "application/json")
req.Header.Set("Authorization", fmt.Sprintf("token %s", token.AccessToken))
// 发送请求并获取响应
var client = http.Client{}
var res *http.Response
if res, err = client.Do(req); err != nil {
return nil, err
}
// 将响应体解析为 AuthQQme并返回
var authQQme AuthQQme
if err = json.NewDecoder(res.Body).Decode(&authQQme); err != nil {
return nil, err
}
return &authQQme, nil
}
// GetQQUserUserInfo 获取用户信息
func GetQQUserUserInfo(token *Token, openId string) (map[string]interface{}, error) {
clientId := global.CONFIG.OAuth.QQ.ClientID
// 形成请求
var userInfoUrl = "https://graph.qq.com/user/get_user_info??access_token=" + token.AccessToken + "&oauth_consumer_key=" + clientId + "&openid=" + openId
var req *http.Request
var err error
if req, err = http.NewRequest(http.MethodGet, userInfoUrl, nil); err != nil {
return nil, err
}
req.Header.Set("accept", "application/json")
//req.Header.Set("Authorization", fmt.Sprintf("token %s", token.AccessToken))
// 发送请求并获取响应
var client = http.Client{}
var res *http.Response
if res, err = client.Do(req); err != nil {
return nil, err
}
// 将响应的数据写入 userInfo 中,并返回
var userInfo = make(map[string]interface{})
if err = json.NewDecoder(res.Body).Decode(&userInfo); err != nil {
return nil, err
}
return userInfo, nil
}
// QQCallback QQ登录回调
// @Summary QQ登录回调
// @Description QQ登录回调
// @Tags 登录
// @Produce json
// @Router /api/oauth/qq/callback [get]
func (OAuthAPI) QQCallback(c *gin.Context) {
var err error
// 获取 code
var code = c.Query("code")
if code == "" {
result.FailWithMessage(ginI18n.MustGetMessage(c, "ParamsError"), c)
return
}
// 通过 code, 获取 token
var tokenAuthUrl = GetQQTokenAuthUrl(code)
var token *Token
if token, err = GetQQToken(tokenAuthUrl); err != nil {
global.LOG.Error(err)
return
}
authQQme, err := GetQQUserOpenID(token)
if err != nil {
return
}
// 通过token获取用户信息
var userInfo map[string]interface{}
if userInfo, err = GetQQUserUserInfo(token, authQQme.OpenID); err != nil {
global.LOG.Error(err)
return
}
result.OkWithData(userInfo, c)
return
}

49
api/oauth_api/wechat_api.go
View File

@@ -33,10 +33,19 @@ import (
// @Summary 生成客户端ID
// @Description 生成客户端ID
// @Produce json
// @Success 200 {object} result.Result{data=string} "客户端ID"
// @Router /api/oauth/generate_client_id [get]
func (OAuthAPI) GenerateClientId(c *gin.Context) {
ip := c.ClientIP()
// 尝试从 X-Real-IP 头部获取真实 IP
ip := c.GetHeader("X-Real-IP")
// 如果 X-Real-IP 头部不存在,则尝试从 X-Forwarded-For 头部获取
if ip == "" {
ip = c.GetHeader("X-Forwarded-For")
}
// 如果两者都不存在,则使用默认的 ClientIP 方法获取 IP
if ip == "" {
ip = c.ClientIP()
}
clientId := redis.Get(constant.UserLoginClientRedisKey + ip).Val()
if clientId != "" {
result.OkWithData(clientId, c)
@@ -52,7 +61,6 @@ func (OAuthAPI) GenerateClientId(c *gin.Context) {
// @Summary 微信回调验证
// @Description 微信回调验证
// @Produce json
// @Success 200 {object} result.Result{data=string} "验证结果"
// @Router /api/oauth/callback_notify [POST]
func (OAuthAPI) CallbackNotify(c *gin.Context) {
rs, err := global.Wechat.Server.Notify(c.Request, func(event contract.EventInterface) interface{} {
@@ -126,7 +134,6 @@ func (OAuthAPI) CallbackNotify(c *gin.Context) {
// @Summary 微信回调验证
// @Description 微信回调验证
// @Produce json
// @Success 200 {object} result.Result{data=string} "验证结果"
// @Router /api/oauth/callback_verify [get]
func (OAuthAPI) CallbackVerify(c *gin.Context) {
rs, err := global.Wechat.Server.VerifyURL(c.Request)
@@ -141,11 +148,20 @@ func (OAuthAPI) CallbackVerify(c *gin.Context) {
// @Description 获取临时二维码
// @Produce json
// @Param client_id query string true "客户端ID"
// @Success 200 {object} result.Result{data=string} "临时二维码"
// @Router /api/oauth/get_temp_qrcode [get]
func (OAuthAPI) GetTempQrCode(c *gin.Context) {
clientId := c.Query("client_id")
ip := c.ClientIP()
// 尝试从 X-Real-IP 头部获取真实 IP
ip := c.GetHeader("X-Real-IP")
// 如果 X-Real-IP 头部不存在,则尝试从 X-Forwarded-For 头部获取
if ip == "" {
ip = c.GetHeader("X-Forwarded-For")
}
// 如果两者都不存在,则使用默认的 ClientIP 方法获取 IP
if ip == "" {
ip = c.ClientIP()
}
if clientId == "" {
result.FailWithMessage(ginI18n.MustGetMessage(c, "ParamsError"), c)
return
@@ -264,8 +280,11 @@ func handelUserLogin(user model.ScaAuthUser, clientId string) bool {
if er != nil {
return false
}
accessToken, refreshToken, expiresAt := utils.GenerateAccessTokenAndRefreshToken(utils.JWTPayload{UserID: user.UID, RoleID: ids})
accessToken, err := utils.GenerateAccessToken(utils.AccessJWTPayload{UserID: user.UID, RoleID: ids})
if err != nil {
return false
}
refreshToken, expiresAt := utils.GenerateRefreshToken(utils.RefreshJWTPayload{UserID: user.UID, RoleID: ids}, time.Hour*24*7)
data := dto.ResponseData{
AccessToken: accessToken,
RefreshToken: refreshToken,
@@ -282,9 +301,19 @@ func handelUserLogin(user model.ScaAuthUser, clientId string) bool {
"data": data,
"success": true,
}
res := websocket_api.SendMessageData(clientId, responseData)
if !res {
tokenData, err := json.Marshal(responseData)
if err != nil {
return false
}
// gws方式发送消息
err = websocket_api.Handler.SendMessageToClient(clientId, tokenData)
if err != nil {
return false
}
// gorilla websocket方式发送消息
//res := websocket_api.SendMessageData(clientId, responseData)
//if !res {
// return false
//}
return true
}

10
api/user_api/dto/request_dto.go
View File

@@ -9,14 +9,16 @@ type RefreshTokenRequest struct {
// PhoneLoginRequest 手机号登录请求
type PhoneLoginRequest struct {
Phone string `json:"phone"`
Captcha string `json:"captcha"`
Phone string `json:"phone"`
Captcha string `json:"captcha"`
AutoLogin bool `json:"auto_login"`
}
// AccountLoginRequest 账号登录请求
type AccountLoginRequest struct {
Account string `json:"account"`
Password string `json:"password"`
Account string `json:"account"`
Password string `json:"password"`
AutoLogin bool `json:"auto_login"`
}
// AddUserRequest 新增用户请求

36
api/user_api/user_api.go
View File

@@ -187,7 +187,7 @@ func (UserAPI) AccountLogin(c *gin.Context) {
} else {
verify := utils.Verify(*user.Password, password)
if verify {
handelUserLogin(user, c)
handelUserLogin(user, accountLoginRequest.AutoLogin, c)
return
} else {
result.FailWithMessage(ginI18n.MustGetMessage(c, "PasswordError"), c)
@@ -204,7 +204,7 @@ func (UserAPI) AccountLogin(c *gin.Context) {
} else {
verify := utils.Verify(*user.Password, password)
if verify {
handelUserLogin(user, c)
handelUserLogin(user, accountLoginRequest.AutoLogin, c)
return
} else {
result.FailWithMessage(ginI18n.MustGetMessage(c, "PasswordError"), c)
@@ -221,7 +221,7 @@ func (UserAPI) AccountLogin(c *gin.Context) {
} else {
verify := utils.Verify(*user.Password, password)
if verify {
handelUserLogin(user, c)
handelUserLogin(user, accountLoginRequest.AutoLogin, c)
return
} else {
result.FailWithMessage(ginI18n.MustGetMessage(c, "PasswordError"), c)
@@ -287,7 +287,7 @@ func (UserAPI) PhoneLogin(c *gin.Context) {
result.FailWithMessage(ginI18n.MustGetMessage(c, "LoginFailed"), c)
return
}
handelUserLogin(addUser, c)
handelUserLogin(addUser, request.AutoLogin, c)
return
}
} else {
@@ -300,7 +300,7 @@ func (UserAPI) PhoneLogin(c *gin.Context) {
result.FailWithMessage(ginI18n.MustGetMessage(c, "CaptchaError"), c)
return
} else {
handelUserLogin(user, c)
handelUserLogin(user, request.AutoLogin, c)
return
}
}
@@ -327,20 +327,20 @@ func (UserAPI) RefreshHandler(c *gin.Context) {
result.FailWithMessage(ginI18n.MustGetMessage(c, "ParamsError"), c)
return
}
parseRefreshToken, isUpd, err := utils.ParseToken(refreshToken)
parseRefreshToken, isUpd, err := utils.ParseRefreshToken(refreshToken)
if err != nil {
global.LOG.Errorln(err)
result.FailWithMessage(ginI18n.MustGetMessage(c, "LoginExpired"), c)
return
}
if isUpd {
accessTokenString, err := utils.GenerateAccessToken(utils.JWTPayload{UserID: parseRefreshToken.UserID, RoleID: parseRefreshToken.RoleID})
accessTokenString, err := utils.GenerateAccessToken(utils.AccessJWTPayload{UserID: parseRefreshToken.UserID, RoleID: parseRefreshToken.RoleID})
if err != nil {
result.FailWithMessage(ginI18n.MustGetMessage(c, "LoginExpired"), c)
return
}
wrong := redis.Get(constant.UserLoginTokenRedisKey + *parseRefreshToken.UserID).Err()
if wrong != nil {
token := redis.Get(constant.UserLoginTokenRedisKey + *parseRefreshToken.UserID).Val()
if token == "" {
result.FailWithMessage(ginI18n.MustGetMessage(c, "LoginExpired"), c)
return
}
@@ -360,7 +360,7 @@ func (UserAPI) RefreshHandler(c *gin.Context) {
}
// handelUserLogin 处理用户登录
func handelUserLogin(user model.ScaAuthUser, c *gin.Context) {
func handelUserLogin(user model.ScaAuthUser, autoLogin bool, c *gin.Context) {
ids, err := userRoleService.GetUserRoleIdsByUserId(user.ID)
if err != nil {
result.FailWithMessage(ginI18n.MustGetMessage(c, "LoginFailed"), c)
@@ -396,15 +396,25 @@ func handelUserLogin(user model.ScaAuthUser, c *gin.Context) {
result.FailWithMessage(ginI18n.MustGetMessage(c, "LoginFailed"), c)
return
}
accessToken, refreshToken, expiresAt := utils.GenerateAccessTokenAndRefreshToken(utils.JWTPayload{UserID: user.UID, RoleID: ids})
accessToken, err := utils.GenerateAccessToken(utils.AccessJWTPayload{UserID: user.UID, RoleID: ids})
if err != nil {
result.FailWithMessage(ginI18n.MustGetMessage(c, "LoginFailed"), c)
return
}
var days time.Duration
if autoLogin {
days = time.Hour * 24 * 7
} else {
days = time.Hour * 24 * 1
}
refreshToken, expiresAt := utils.GenerateRefreshToken(utils.RefreshJWTPayload{UserID: user.UID, RoleID: ids}, days)
data := dto.ResponseData{
AccessToken: accessToken,
RefreshToken: refreshToken,
ExpiresAt: expiresAt,
UID: user.UID,
}
fail := redis.Set(constant.UserLoginTokenRedisKey+*user.UID, data, time.Hour*24*7).Err()
fail := redis.Set(constant.UserLoginTokenRedisKey+*user.UID, data, time.Hour*24*1).Err()
if fail != nil {
result.FailWithMessage(ginI18n.MustGetMessage(c, "LoginFailed"), c)
return

6
api/websocket_api/gws_api.go
View File

@@ -14,9 +14,11 @@ const (
HeartbeatWaitTimeout = 10 * time.Second // 心跳等待超时时间
)
var Handler = NewWebSocket()
func (WebsocketAPI) NewGWSServer(c *gin.Context) {
var handler = NewWebSocket()
upgrader := gws.NewUpgrader(handler, &gws.ServerOption{
upgrader := gws.NewUpgrader(Handler, &gws.ServerOption{
HandshakeTimeout: 5 * time.Second, // 握手超时时间
ReadBufferSize: 1024, // 读缓冲区大小
ParallelEnabled: true, // 开启并行消息处理

8
config/conf_oauth.go
View File

@@ -4,6 +4,7 @@ package config
type OAuth struct {
Github Github `yaml:"github"`
Gitee Gitee `yaml:"gitee"`
QQ QQ `yaml:"qq"`
}
// Github and GiteeConfig are the configuration of Github and Gitee OAuth.
@@ -19,3 +20,10 @@ type Gitee struct {
ClientSecret string `yaml:"client-secret"`
RedirectURI string `yaml:"redirect-uri"`
}
// QQ is the configuration of QQ OAuth.
type QQ struct {
ClientID string `yaml:"client-id"`
ClientSecret string `yaml:"client-secret"`
RedirectURI string `yaml:"redirect-uri"`
}

208
docs/docs.go
View File

@@ -324,6 +324,170 @@ const docTemplate = `{
}
}
},
"/api/oauth/callback_notify": {
"post": {
"description": "微信回调验证",
"produces": [
"application/json"
],
"summary": "微信回调验证",
"responses": {}
}
},
"/api/oauth/callback_verify": {
"get": {
"description": "微信回调验证",
"produces": [
"application/json"
],
"summary": "微信回调验证",
"responses": {}
}
},
"/api/oauth/generate_client_id": {
"get": {
"description": "生成客户端ID",
"produces": [
"application/json"
],
"summary": "生成客户端ID",
"responses": {}
}
},
"/api/oauth/get_temp_qrcode": {
"get": {
"description": "获取临时二维码",
"produces": [
"application/json"
],
"summary": "获取临时二维码",
"parameters": [
{
"type": "string",
"description": "客户端ID",
"name": "client_id",
"in": "query",
"required": true
}
],
"responses": {}
}
},
"/api/oauth/gitee/callback": {
"get": {
"description": "处理Gitee回调",
"produces": [
"application/json"
],
"tags": [
"OAuth"
],
"summary": "处理Gitee回调",
"responses": {}
}
},
"/api/oauth/gitee/get_url": {
"get": {
"description": "获取Gitee登录地址",
"produces": [
"application/json"
],
"tags": [
"OAuth"
],
"summary": "获取Gitee登录地址",
"responses": {
"200": {
"description": "登录地址",
"schema": {
"type": "string"
}
}
}
}
},
"/api/oauth/github/callback": {
"get": {
"description": "登录回调函数",
"produces": [
"application/json"
],
"tags": [
"OAuth"
],
"summary": "登录回调函数",
"parameters": [
{
"type": "string",
"description": "code",
"name": "code",
"in": "query",
"required": true
}
],
"responses": {
"200": {
"description": "登录成功",
"schema": {
"type": "string"
}
}
}
}
},
"/api/oauth/github/get_url": {
"get": {
"description": "获取github登录url",
"produces": [
"application/json"
],
"tags": [
"OAuth"
],
"summary": "获取github登录url",
"responses": {
"200": {
"description": "登录url",
"schema": {
"type": "string"
}
}
}
}
},
"/api/oauth/qq/callback": {
"get": {
"description": "QQ登录回调",
"produces": [
"application/json"
],
"tags": [
"登录"
],
"summary": "QQ登录回调",
"responses": {}
}
},
"/api/oauth/qq/get_url": {
"get": {
"description": "获取QQ登录地址",
"produces": [
"application/json"
],
"tags": [
"登录"
],
"summary": "获取QQ登录地址",
"responses": {
"200": {
"description": "登录地址",
"schema": {
"type": "string"
}
}
}
}
},
"/api/sms/ali/send": {
"get": {
"description": "发送短信验证码",
@@ -500,6 +664,33 @@ const docTemplate = `{
}
}
}
},
"/api/user/reset_password": {
"post": {
"tags": [
"鉴权模块"
],
"summary": "重置密码",
"parameters": [
{
"description": "用户信息",
"name": "user",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/dto.ResetPasswordRequest"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"type": "string"
}
}
}
}
}
},
"definitions": {
@@ -527,6 +718,23 @@ const docTemplate = `{
"type": "string"
}
}
},
"dto.ResetPasswordRequest": {
"type": "object",
"properties": {
"captcha": {
"type": "string"
},
"password": {
"type": "string"
},
"phone": {
"type": "string"
},
"repassword": {
"type": "string"
}
}
}
}
}`

208
docs/swagger.json
View File

@@ -313,6 +313,170 @@
}
}
},
"/api/oauth/callback_notify": {
"post": {
"description": "微信回调验证",
"produces": [
"application/json"
],
"summary": "微信回调验证",
"responses": {}
}
},
"/api/oauth/callback_verify": {
"get": {
"description": "微信回调验证",
"produces": [
"application/json"
],
"summary": "微信回调验证",
"responses": {}
}
},
"/api/oauth/generate_client_id": {
"get": {
"description": "生成客户端ID",
"produces": [
"application/json"
],
"summary": "生成客户端ID",
"responses": {}
}
},
"/api/oauth/get_temp_qrcode": {
"get": {
"description": "获取临时二维码",
"produces": [
"application/json"
],
"summary": "获取临时二维码",
"parameters": [
{
"type": "string",
"description": "客户端ID",
"name": "client_id",
"in": "query",
"required": true
}
],
"responses": {}
}
},
"/api/oauth/gitee/callback": {
"get": {
"description": "处理Gitee回调",
"produces": [
"application/json"
],
"tags": [
"OAuth"
],
"summary": "处理Gitee回调",
"responses": {}
}
},
"/api/oauth/gitee/get_url": {
"get": {
"description": "获取Gitee登录地址",
"produces": [
"application/json"
],
"tags": [
"OAuth"
],
"summary": "获取Gitee登录地址",
"responses": {
"200": {
"description": "登录地址",
"schema": {
"type": "string"
}
}
}
}
},
"/api/oauth/github/callback": {
"get": {
"description": "登录回调函数",
"produces": [
"application/json"
],
"tags": [
"OAuth"
],
"summary": "登录回调函数",
"parameters": [
{
"type": "string",
"description": "code",
"name": "code",
"in": "query",
"required": true
}
],
"responses": {
"200": {
"description": "登录成功",
"schema": {
"type": "string"
}
}
}
}
},
"/api/oauth/github/get_url": {
"get": {
"description": "获取github登录url",
"produces": [
"application/json"
],
"tags": [
"OAuth"
],
"summary": "获取github登录url",
"responses": {
"200": {
"description": "登录url",
"schema": {
"type": "string"
}
}
}
}
},
"/api/oauth/qq/callback": {
"get": {
"description": "QQ登录回调",
"produces": [
"application/json"
],
"tags": [
"登录"
],
"summary": "QQ登录回调",
"responses": {}
}
},
"/api/oauth/qq/get_url": {
"get": {
"description": "获取QQ登录地址",
"produces": [
"application/json"
],
"tags": [
"登录"
],
"summary": "获取QQ登录地址",
"responses": {
"200": {
"description": "登录地址",
"schema": {
"type": "string"
}
}
}
}
},
"/api/sms/ali/send": {
"get": {
"description": "发送短信验证码",
@@ -489,6 +653,33 @@
}
}
}
},
"/api/user/reset_password": {
"post": {
"tags": [
"鉴权模块"
],
"summary": "重置密码",
"parameters": [
{
"description": "用户信息",
"name": "user",
"in": "body",
"required": true,
"schema": {
"$ref": "#/definitions/dto.ResetPasswordRequest"
}
}
],
"responses": {
"200": {
"description": "OK",
"schema": {
"type": "string"
}
}
}
}
}
},
"definitions": {
@@ -516,6 +707,23 @@
"type": "string"
}
}
},
"dto.ResetPasswordRequest": {
"type": "object",
"properties": {
"captcha": {
"type": "string"
},
"password": {
"type": "string"
},
"phone": {
"type": "string"
},
"repassword": {
"type": "string"
}
}
}
}
}

138
docs/swagger.yaml
View File

@@ -15,6 +15,17 @@ definitions:
username:
type: string
type: object
dto.ResetPasswordRequest:
properties:
captcha:
type: string
password:
type: string
phone:
type: string
repassword:
type: string
type: object
info:
contact: {}
paths:
@@ -219,6 +230,116 @@ paths:
summary: 生成基础文字验证码
tags:
- 基础文字验证码
/api/oauth/callback_notify:
post:
description: 微信回调验证
produces:
- application/json
responses: {}
summary: 微信回调验证
/api/oauth/callback_verify:
get:
description: 微信回调验证
produces:
- application/json
responses: {}
summary: 微信回调验证
/api/oauth/generate_client_id:
get:
description: 生成客户端ID
produces:
- application/json
responses: {}
summary: 生成客户端ID
/api/oauth/get_temp_qrcode:
get:
description: 获取临时二维码
parameters:
- description: 客户端ID
in: query
name: client_id
required: true
type: string
produces:
- application/json
responses: {}
summary: 获取临时二维码
/api/oauth/gitee/callback:
get:
description: 处理Gitee回调
produces:
- application/json
responses: {}
summary: 处理Gitee回调
tags:
- OAuth
/api/oauth/gitee/get_url:
get:
description: 获取Gitee登录地址
produces:
- application/json
responses:
"200":
description: 登录地址
schema:
type: string
summary: 获取Gitee登录地址
tags:
- OAuth
/api/oauth/github/callback:
get:
description: 登录回调函数
parameters:
- description: code
in: query
name: code
required: true
type: string
produces:
- application/json
responses:
"200":
description: 登录成功
schema:
type: string
summary: 登录回调函数
tags:
- OAuth
/api/oauth/github/get_url:
get:
description: 获取github登录url
produces:
- application/json
responses:
"200":
description: 登录url
schema:
type: string
summary: 获取github登录url
tags:
- OAuth
/api/oauth/qq/callback:
get:
description: QQ登录回调
produces:
- application/json
responses: {}
summary: QQ登录回调
tags:
- 登录
/api/oauth/qq/get_url:
get:
description: 获取QQ登录地址
produces:
- application/json
responses:
"200":
description: 登录地址
schema:
type: string
summary: 获取QQ登录地址
tags:
- 登录
/api/sms/ali/send:
get:
description: 发送短信验证码
@@ -335,4 +456,21 @@ paths:
summary: 手机号登录/注册
tags:
- 鉴权模块
/api/user/reset_password:
post:
parameters:
- description: 用户信息
in: body
name: user
required: true
schema:
$ref: '#/definitions/dto.ResetPasswordRequest'
responses:
"200":
description: OK
schema:
type: string
summary: 重置密码
tags:
- 鉴权模块
swagger: "2.0"

2
middleware/jwt.go
View File

@@ -26,7 +26,7 @@ func JWTAuthMiddleware() gin.HandlerFunc {
result.FailWithMessage(ginI18n.MustGetMessage(c, "AuthVerifyFailed"), c)
return
}
parseToken, isUpd, err := utils.ParseToken(accessToken)
parseToken, isUpd, err := utils.ParseAccessToken(accessToken)
if err != nil || !isUpd {
c.Abort()
result.FailWithCodeAndMessage(401, ginI18n.MustGetMessage(c, "AuthVerifyExpired"), c)

2
model/sca_auth_user_device.go
View File

@@ -18,7 +18,7 @@ type ScaAuthUserDevice struct {
CreatedTime *time.Time `gorm:"column:created_time;type:datetime;default:CURRENT_TIMESTAMP;comment:创建时间" json:"created_time"` // 创建时间
UpdateBy *string `gorm:"column:update_by;type:varchar(32);comment:更新人" json:"update_by"` // 更新人
UpdateTime *time.Time `gorm:"column:update_time;type:datetime;default:CURRENT_TIMESTAMP;comment:更新时间" json:"update_time"` // 更新时间
Deleted *int64 `gorm:"column:deleted;type:int(11);comment:是否删除" json:"deleted"` // 是否删除
Deleted *int64 `gorm:"column:deleted;type:int(11);default:0;comment:是否删除" json:"deleted"` // 是否删除
Browser *string `gorm:"column:browser;type:varchar(255);comment:浏览器" json:"browser"` // 浏览器
OperatingSystem *string `gorm:"column:operating_system;type:varchar(255);comment:操作系统" json:"operating_system"` // 操作系统
BrowserVersion *string `gorm:"column:browser_version;type:varchar(255);comment:浏览器版本" json:"browser_version"` // 浏览器版本

17
router/modules/oauth_router.go
View File

@@ -10,11 +10,13 @@ var oauth = api.Api.OAuthApi
func OauthRouter(router *gin.RouterGroup) {
group := router.Group("/oauth")
{
group.GET("/generate_client_id", oauth.GenerateClientId)
group.GET("/get_temp_qrcode", oauth.GetTempQrCode)
//group.GET("/callback", oauth.CallbackVerify)
group.POST("/callback", oauth.CallbackNotify)
wechatRouter := group.Group("/wechat")
{
wechatRouter.GET("/generate_client_id", oauth.GenerateClientId)
wechatRouter.GET("/get_temp_qrcode", oauth.GetTempQrCode)
//wechatRouter.GET("/callback", oauth.CallbackVerify)
wechatRouter.POST("/callback", oauth.CallbackNotify)
}
githubRouter := group.Group("/github")
{
githubRouter.GET("/get_url", oauth.GetRedirectUrl)
@@ -25,6 +27,11 @@ func OauthRouter(router *gin.RouterGroup) {
giteeRouter.GET("/get_url", oauth.GetGiteeRedirectUrl)
giteeRouter.GET("/callback", oauth.GiteeCallback)
}
qqRouter := group.Group("/qq")
{
qqRouter.GET("/get_url", oauth.GetQQRedirectUrl)
qqRouter.GET("/callback", oauth.QQCallback)
}
}
}

78
utils/jwt.go
View File

@@ -8,23 +8,29 @@ import (
"time"
)
type JWTPayload struct {
type RefreshJWTPayload struct {
UserID *string `json:"user_id"`
RoleID []*int64 `json:"role_id"`
Type *string `json:"type" default:"refresh"`
}
type AccessJWTPayload struct {
UserID *string `json:"user_id"`
RoleID []*int64 `json:"role_id"`
Type *string `json:"type" default:"access"`
}
type JWTClaims struct {
JWTPayload
AccessJWTPayload
RefreshJWTPayload
jwt.RegisteredClaims
}
var MySecret []byte
// GenerateAccessToken generates a JWT token with the given payload
func GenerateAccessToken(payload JWTPayload) (string, error) {
func GenerateAccessToken(payload AccessJWTPayload) (string, error) {
MySecret = []byte(global.CONFIG.JWT.Secret)
claims := JWTClaims{
JWTPayload: payload,
AccessJWTPayload: payload,
RegisteredClaims: jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour * 2)),
IssuedAt: jwt.NewNumericDate(time.Now()),
@@ -44,55 +50,34 @@ func GenerateAccessToken(payload JWTPayload) (string, error) {
return accessToken, nil
}
// GenerateAccessTokenAndRefreshToken generates a JWT token with the given payload, and returns the accessToken and refreshToken
func GenerateAccessTokenAndRefreshToken(payload JWTPayload) (string, string, int64) {
// GenerateRefreshToken generates a JWT token with the given payload, and returns the accessToken and refreshToken
func GenerateRefreshToken(payload RefreshJWTPayload, days time.Duration) (string, int64) {
MySecret = []byte(global.CONFIG.JWT.Secret)
// accessToken 的数据
accessClaims := JWTClaims{
JWTPayload: payload,
RegisteredClaims: jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour * 2)),
IssuedAt: jwt.NewNumericDate(time.Now()),
NotBefore: jwt.NewNumericDate(time.Now()),
Issuer: global.CONFIG.JWT.Issuer,
},
}
refreshClaims := JWTClaims{
JWTPayload: payload,
RefreshJWTPayload: payload,
RegisteredClaims: jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour * 24 * 7)), // 7天
ExpiresAt: jwt.NewNumericDate(time.Now().Add(days)), // 7天
IssuedAt: jwt.NewNumericDate(time.Now()),
NotBefore: jwt.NewNumericDate(time.Now()),
Issuer: global.CONFIG.JWT.Issuer,
},
}
accessToken := jwt.NewWithClaims(jwt.SigningMethodHS256, accessClaims)
refreshToken := jwt.NewWithClaims(jwt.SigningMethodHS256, refreshClaims)
accessTokenString, err := accessToken.SignedString(MySecret)
if err != nil {
global.LOG.Error(err)
return "", "", 0
}
refreshTokenString, err := refreshToken.SignedString(MySecret)
if err != nil {
global.LOG.Error(err)
return "", "", 0
}
accessTokenEncrypted, err := aes.AesCtrEncryptHex([]byte(accessTokenString), []byte(global.CONFIG.Encrypt.Key), []byte(global.CONFIG.Encrypt.IV))
if err != nil {
fmt.Println(err)
return "", "", 0
return "", 0
}
refreshTokenEncrypted, err := aes.AesCtrEncryptHex([]byte(refreshTokenString), []byte(global.CONFIG.Encrypt.Key), []byte(global.CONFIG.Encrypt.IV))
if err != nil {
fmt.Println(err)
return "", "", 0
return "", 0
}
return accessTokenEncrypted, refreshTokenEncrypted, refreshClaims.ExpiresAt.Time.Unix()
return refreshTokenEncrypted, refreshClaims.ExpiresAt.Time.Unix()
}
// ParseToken parses a JWT token and returns the payload
func ParseToken(tokenString string) (*JWTPayload, bool, error) {
// ParseAccessToken parses a JWT token and returns the payload
func ParseAccessToken(tokenString string) (*AccessJWTPayload, bool, error) {
MySecret = []byte(global.CONFIG.JWT.Secret)
plaintext, err := aes.AesCtrDecryptByHex(tokenString, []byte(global.CONFIG.Encrypt.Key), []byte(global.CONFIG.Encrypt.IV))
if err != nil {
@@ -107,7 +92,28 @@ func ParseToken(tokenString string) (*JWTPayload, bool, error) {
return nil, false, err
}
if claims, ok := token.Claims.(*JWTClaims); ok && token.Valid {
return &claims.JWTPayload, true, nil
return &claims.AccessJWTPayload, true, nil
}
return nil, false, err
}
// ParseRefreshToken parses a JWT token and returns the payload
func ParseRefreshToken(tokenString string) (*RefreshJWTPayload, bool, error) {
MySecret = []byte(global.CONFIG.JWT.Secret)
plaintext, err := aes.AesCtrDecryptByHex(tokenString, []byte(global.CONFIG.Encrypt.Key), []byte(global.CONFIG.Encrypt.IV))
if err != nil {
global.LOG.Error(err)
return nil, false, err
}
token, err := jwt.ParseWithClaims(string(plaintext), &JWTClaims{}, func(token *jwt.Token) (interface{}, error) {
return MySecret, nil
})
if err != nil {
global.LOG.Error(err)
return nil, false, err
}
if claims, ok := token.Claims.(*JWTClaims); ok && token.Valid {
return &claims.RefreshJWTPayload, true, nil
}
return nil, false, err
}