diff --git a/api/api.go b/api/api.go index 1ea784e..e05a44c 100644 --- a/api/api.go +++ b/api/api.go @@ -2,6 +2,7 @@ package api import ( "schisandra-cloud-album/api/captcha_api" + "schisandra-cloud-album/api/client_api" "schisandra-cloud-album/api/oauth_api" "schisandra-cloud-album/api/permission_api" "schisandra-cloud-album/api/role_api" @@ -19,6 +20,7 @@ type Apis struct { WebsocketApi websocket_api.WebsocketAPI RoleApi role_api.RoleAPI PermissionApi permission_api.PermissionAPI + ClientApi client_api.ClientAPI } // Api new函数实例化,实例化完成后会返回结构体地指针类型 diff --git a/api/client_api/client.go b/api/client_api/client.go new file mode 100644 index 0000000..9495648 --- /dev/null +++ b/api/client_api/client.go @@ -0,0 +1,7 @@ +package client_api + +import "sync" + +type ClientAPI struct{} + +var mu sync.Mutex diff --git a/api/client_api/client_api.go b/api/client_api/client_api.go new file mode 100644 index 0000000..01de11e --- /dev/null +++ b/api/client_api/client_api.go @@ -0,0 +1,42 @@ +package client_api + +import ( + "github.com/gin-gonic/gin" + uuid "github.com/satori/go.uuid" + "schisandra-cloud-album/common/constant" + "schisandra-cloud-album/common/redis" + "schisandra-cloud-album/common/result" + "schisandra-cloud-album/global" + "schisandra-cloud-album/utils" +) + +// GenerateClientId 生成客户端ID +// @Summary 生成客户端ID +// @Description 生成客户端ID +// @Tags 微信公众号 +// @Produce json +// @Router /api/oauth/generate_client_id [get] +func (ClientAPI) GenerateClientId(c *gin.Context) { + // 获取客户端IP + ip := utils.GetClientIP(c) + // 加锁 + mu.Lock() + defer mu.Unlock() + + // 从Redis获取客户端ID + clientId := redis.Get(constant.UserLoginClientRedisKey + ip).Val() + if clientId != "" { + result.OkWithData(clientId, c) + return + } + + // 生成新的客户端ID + v1 := uuid.NewV1() + err := redis.Set(constant.UserLoginClientRedisKey+ip, v1.String(), 0).Err() + if err != nil { + global.LOG.Error(err) + return + } + result.OkWithData(v1.String(), c) + return +} diff --git a/api/oauth_api/oauth.go b/api/oauth_api/oauth.go index ce86bf8..796c156 100644 --- a/api/oauth_api/oauth.go +++ b/api/oauth_api/oauth.go @@ -150,7 +150,6 @@ func (OAuthAPI) GetUserLoginDevice(c *gin.Context) { os := ua.OS() mobile := ua.Mobile() mozilla := ua.Mozilla() - m := ua.Model() platform := ua.Platform() engine, engineVersion := ua.Engine() device := model.ScaAuthUserDevice{ @@ -164,7 +163,6 @@ func (OAuthAPI) GetUserLoginDevice(c *gin.Context) { Mobile: &mobile, Bot: &isBot, Mozilla: &mozilla, - Model: &m, Platform: &platform, EngineName: &engine, EngineVersion: &engineVersion, diff --git a/api/oauth_api/wechat_api.go b/api/oauth_api/wechat_api.go index 2f08bc0..514522d 100644 --- a/api/oauth_api/wechat_api.go +++ b/api/oauth_api/wechat_api.go @@ -12,7 +12,6 @@ import ( "github.com/ArtisanCloud/PowerWeChat/v3/src/officialAccount/server/handlers/models" ginI18n "github.com/gin-contrib/i18n" "github.com/gin-gonic/gin" - uuid "github.com/satori/go.uuid" "github.com/yitter/idgenerator-go/idgen" "gorm.io/gorm" "schisandra-cloud-album/api/user_api/dto" @@ -29,36 +28,6 @@ import ( "time" ) -// GenerateClientId 生成客户端ID -// @Summary 生成客户端ID -// @Description 生成客户端ID -// @Tags 微信公众号 -// @Produce json -// @Router /api/oauth/generate_client_id [get] -func (OAuthAPI) GenerateClientId(c *gin.Context) { - // 获取客户端IP - ip := utils.GetClientIP(c) - // 加锁 - mu.Lock() - defer mu.Unlock() - - // 从Redis获取客户端ID - clientId := redis.Get(constant.UserLoginClientRedisKey + ip).Val() - if clientId != "" { - result.OkWithData(clientId, c) - return - } - - // 生成新的客户端ID - v1 := uuid.NewV1() - err := redis.Set(constant.UserLoginClientRedisKey+ip, v1.String(), 0).Err() - if err != nil { - global.LOG.Error(err) - return - } - result.OkWithData(v1.String(), c) -} - // CallbackNotify 微信回调 // @Summary 微信回调 // @Tags 微信公众号 diff --git a/api/permission_api/permission_api.go b/api/permission_api/permission_api.go index 714422f..1a5e5a2 100644 --- a/api/permission_api/permission_api.go +++ b/api/permission_api/permission_api.go @@ -68,3 +68,18 @@ func (PermissionAPI) AssignPermissionsToRole(c *gin.Context) { result.OkWithMessage(ginI18n.MustGetMessage(c, "AssignSuccess"), c) return } + +// GetUserPermissions 获取服用权限 +func (PermissionAPI) GetUserPermissions(c *gin.Context) { + userId := c.Query("user_id") + if userId == "" { + result.FailWithMessage(ginI18n.MustGetMessage(c, "GetUserFailed"), c) + return + } + data, err := global.Casbin.GetImplicitRolesForUser(userId) + if err != nil { + return + } + result.OkWithData(data, c) + return +} diff --git a/api/user_api/user_api.go b/api/user_api/user_api.go index c3ae0b2..bfff5e0 100644 --- a/api/user_api/user_api.go +++ b/api/user_api/user_api.go @@ -154,13 +154,14 @@ func (UserAPI) AccountLogin(c *gin.Context) { // @Router /api/user/phone_login [post] func (UserAPI) PhoneLogin(c *gin.Context) { request := dto.PhoneLoginRequest{} - err := c.ShouldBindJSON(&request) + err := c.ShouldBind(&request) if err != nil { result.FailWithMessage(ginI18n.MustGetMessage(c, "ParamsError"), c) return } phone := request.Phone captcha := request.Captcha + autoLogin := request.AutoLogin if phone == "" || captcha == "" { result.FailWithMessage(ginI18n.MustGetMessage(c, "PhoneAndCaptchaNotEmpty"), c) return @@ -213,7 +214,7 @@ func (UserAPI) PhoneLogin(c *gin.Context) { if err != nil { return err } - handelUserLogin(addUser, request.AutoLogin, c) + handelUserLogin(addUser, autoLogin, c) return nil }) errChan <- err @@ -227,24 +228,24 @@ func (UserAPI) PhoneLogin(c *gin.Context) { return } } else { - codeChan := make(chan *string) + codeChan := make(chan string) go func() { code := redis.Get(constant.UserLoginSmsRedisKey + phone).Val() - codeChan <- &code + codeChan <- code }() code := <-codeChan close(codeChan) - if code == nil { + if code == "" { result.FailWithMessage(ginI18n.MustGetMessage(c, "CaptchaExpired"), c) return } - if &captcha != code { + if captcha != code { result.FailWithMessage(ginI18n.MustGetMessage(c, "CaptchaError"), c) return } - handelUserLogin(user, request.AutoLogin, c) + handelUserLogin(user, autoLogin, c) } } @@ -316,7 +317,7 @@ func handelUserLogin(user model.ScaAuthUser, autoLogin bool, c *gin.Context) { if autoLogin { days = 7 * 24 * time.Hour } else { - days = 24 * time.Hour + days = time.Minute * 30 } refreshToken, expiresAt := utils.GenerateRefreshToken(utils.RefreshJWTPayload{UserID: user.UID}, days) @@ -455,7 +456,6 @@ func getUserLoginDevice(user model.ScaAuthUser, c *gin.Context) bool { os := ua.OS() mobile := ua.Mobile() mozilla := ua.Mozilla() - m := ua.Model() platform := ua.Platform() engine, engineVersion := ua.Engine() @@ -470,7 +470,6 @@ func getUserLoginDevice(user model.ScaAuthUser, c *gin.Context) bool { Mobile: &mobile, Bot: &isBot, Mozilla: &mozilla, - Model: &m, Platform: &platform, EngineName: &engine, EngineVersion: &engineVersion, diff --git a/config/rbac_model.pml b/config/rbac_model.conf similarity index 74% rename from config/rbac_model.pml rename to config/rbac_model.conf index a2a985a..71159e3 100644 --- a/config/rbac_model.pml +++ b/config/rbac_model.conf @@ -8,7 +8,7 @@ p = sub, obj, act g = _, _ [policy_effect] -e = some(where (p.eft == allow)) && !some(where (p.eft == deny)) +e = some(where (p.eft == allow)) [matchers] m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act \ No newline at end of file diff --git a/core/casbin.go b/core/casbin.go index ccf053f..09c09d7 100644 --- a/core/casbin.go +++ b/core/casbin.go @@ -5,37 +5,31 @@ import ( "github.com/casbin/casbin/v2/model" gormadapter "github.com/casbin/gorm-adapter/v3" "schisandra-cloud-album/global" - "sync" -) - -var ( - once sync.Once ) func InitCasbin() { - once.Do(func() { - adapter, err := gormadapter.NewAdapterByDBUseTableName(global.DB, global.CONFIG.Casbin.TablePrefix, global.CONFIG.Casbin.TableName) - if err != nil { - global.LOG.Error(err.Error()) - panic(err) - } - m, err := model.NewModelFromFile(global.CONFIG.Casbin.ModelPath) - if err != nil { - global.LOG.Error(err.Error()) - panic(err) - } - e, err := casbin.NewCachedEnforcer(m, adapter) - if err != nil { - global.LOG.Error(err.Error()) - panic(err) - } - e.EnableCache(true) - e.SetExpireTime(60 * 60) - err = e.LoadPolicy() - if err != nil { - global.LOG.Error(err.Error()) - panic(err) - } - global.Casbin = e - }) + adapter, err := gormadapter.NewAdapterByDBUseTableName(global.DB, global.CONFIG.Casbin.TablePrefix, global.CONFIG.Casbin.TableName) + if err != nil { + global.LOG.Error(err.Error()) + panic(err) + } + m, err := model.NewModelFromFile(global.CONFIG.Casbin.ModelPath) + if err != nil { + global.LOG.Error(err.Error()) + panic(err) + } + e, err := casbin.NewCachedEnforcer(m, adapter) + if err != nil { + global.LOG.Error(err.Error()) + panic(err) + } + e.EnableCache(true) + e.SetExpireTime(60 * 60) + err = e.LoadPolicy() + if err != nil { + global.LOG.Error(err.Error()) + panic(err) + } + global.Casbin = e + } diff --git a/i18n/language/en.toml b/i18n/language/en.toml index d288a16..9e3bd51 100644 --- a/i18n/language/en.toml +++ b/i18n/language/en.toml @@ -56,3 +56,5 @@ InternalError = "internal error!" RequestError = "request error!" AssignFailed = "assign failed!" AssignSuccess = "assign successfully!" +DuplicateLogin = "duplicate login!" +PermissionDenied = "permission denied!" diff --git a/i18n/language/zh.toml b/i18n/language/zh.toml index d9c7fd7..2802e42 100644 --- a/i18n/language/zh.toml +++ b/i18n/language/zh.toml @@ -56,4 +56,6 @@ InternalError = "内部错误!" RequestError = "请求错误!" AssignFailed = "分配失败!" AssignSuccess = "分配成功!" +DuplicateLogin = "重复登录!" +PermissionDenied = "权限不足!" diff --git a/middleware/casbin.go b/middleware/casbin.go index 85d7883..aa9f290 100644 --- a/middleware/casbin.go +++ b/middleware/casbin.go @@ -1,27 +1,40 @@ package middleware import ( + ginI18n "github.com/gin-contrib/i18n" "github.com/gin-gonic/gin" + "schisandra-cloud-album/common/result" "schisandra-cloud-album/global" ) func CasbinMiddleware() gin.HandlerFunc { return func(c *gin.Context) { - userId, ok := c.Get("userId") - if !ok { + userIdAny, exists := c.Get("userId") + if !exists { global.LOG.Error("casbin middleware: userId not found") + result.FailWithMessage(ginI18n.MustGetMessage(c, "PermissionDenied"), c) c.Abort() return } + userId, ok := userIdAny.(*string) + if !ok { + result.FailWithMessage(ginI18n.MustGetMessage(c, "PermissionDenied"), c) + global.LOG.Error("casbin middleware: userId is not string") + c.Abort() + return + } + userIdStr := *userId method := c.Request.Method path := c.Request.URL.Path - ok, err := global.Casbin.Enforce(userId.(string), path, method) + correct, err := global.Casbin.Enforce(userIdStr, path, method) if err != nil { + result.FailWithMessage(ginI18n.MustGetMessage(c, "PermissionDenied"), c) global.LOG.Error("casbin middleware: ", err) c.Abort() return } - if !ok { + if !correct { + result.FailWithMessage(ginI18n.MustGetMessage(c, "PermissionDenied"), c) c.Abort() return } diff --git a/middleware/check_client.go b/middleware/check_client.go new file mode 100644 index 0000000..a0afd75 --- /dev/null +++ b/middleware/check_client.go @@ -0,0 +1,31 @@ +package middleware + +import ( + ginI18n "github.com/gin-contrib/i18n" + "github.com/gin-gonic/gin" + "schisandra-cloud-album/common/constant" + "schisandra-cloud-album/common/redis" + "schisandra-cloud-album/common/result" + "schisandra-cloud-album/utils" +) + +// CheckClientMiddleware 检查客户端请求是否合法 +func CheckClientMiddleware() gin.HandlerFunc { + return func(c *gin.Context) { + id := c.GetHeader("X-Request-Id") + if id == "" { + result.FailWithMessage(ginI18n.MustGetMessage(c, "AuthVerifyFailed"), c) + c.Abort() + return + } + + ip := utils.GetClientIP(c) + clientId := redis.Get(constant.UserLoginClientRedisKey + ip).Val() + if clientId == "" || clientId != id { + result.FailWithMessage(ginI18n.MustGetMessage(c, "AuthVerifyFailed"), c) + c.Abort() + return + } + c.Next() + } +} diff --git a/middleware/jwt.go b/middleware/jwt.go index 1da8e1b..05ec5ca 100644 --- a/middleware/jwt.go +++ b/middleware/jwt.go @@ -1,35 +1,60 @@ package middleware import ( + "encoding/json" ginI18n "github.com/gin-contrib/i18n" "github.com/gin-gonic/gin" + "schisandra-cloud-album/common/constant" + "schisandra-cloud-album/common/redis" "schisandra-cloud-album/common/result" "schisandra-cloud-album/global" "schisandra-cloud-album/utils" "strings" ) +type TokenData struct { + AccessToken string `json:"access_token"` + RefreshToken string `json:"refresh_token"` + ExpiresAt int64 `json:"expires_at"` + UID *string `json:"uid"` +} + func JWTAuthMiddleware() gin.HandlerFunc { return func(c *gin.Context) { // 默认双Token放在请求头Authorization的Bearer中,并以空格隔开 authHeader := c.GetHeader(global.CONFIG.JWT.HeaderKey) if authHeader == "" { - c.Abort() + result.FailWithMessage(ginI18n.MustGetMessage(c, "AuthVerifyFailed"), c) + c.Abort() return } headerPrefix := global.CONFIG.JWT.HeaderPrefix accessToken := strings.TrimPrefix(authHeader, headerPrefix+" ") if accessToken == "" { - c.Abort() + result.FailWithMessage(ginI18n.MustGetMessage(c, "AuthVerifyFailed"), c) + c.Abort() return } parseToken, isUpd, err := utils.ParseAccessToken(accessToken) if err != nil || !isUpd { - c.Abort() result.FailWithCodeAndMessage(401, ginI18n.MustGetMessage(c, "AuthVerifyExpired"), c) + c.Abort() + return + } + token := redis.Get(constant.UserLoginTokenRedisKey + *parseToken.UserID).Val() + tokenResult := TokenData{} + err = json.Unmarshal([]byte(token), &tokenResult) + if err != nil { + result.FailWithMessage(ginI18n.MustGetMessage(c, "AuthVerifyExpired"), c) + c.Abort() + return + } + if tokenResult.AccessToken != accessToken { + result.FailWithCodeAndMessage(403, ginI18n.MustGetMessage(c, "DuplicateLogin"), c) + c.Abort() return } c.Set("userId", parseToken.UserID) diff --git a/model/sca_auth_user_device.go b/model/sca_auth_user_device.go index 3939218..ebf544f 100644 --- a/model/sca_auth_user_device.go +++ b/model/sca_auth_user_device.go @@ -22,7 +22,6 @@ type ScaAuthUserDevice struct { Mobile *bool `gorm:"column:mobile;type:int(11);comment:是否为手机" json:"mobile"` // 是否为手机 Bot *bool `gorm:"column:bot;type:int(11);comment:是否为机器人" json:"bot"` // 是否为机器人 Mozilla *string `gorm:"column:mozilla;type:varchar(10);comment:火狐版本" json:"mozilla"` // 火狐版本 - Model *string `gorm:"column:model;type:varchar(20);comment:设备型号" json:"model"` // 设备型号 Platform *string `gorm:"column:platform;type:varchar(20);comment:平台" json:"platform"` // 平台 EngineName *string `gorm:"column:engine_name;type:varchar(20);comment:引擎名称" json:"engine_name"` // 引擎名称 EngineVersion *string `gorm:"column:engine_version;type:varchar(20);comment:引擎版本" json:"engine_version"` // 引擎版本 diff --git a/router/modules/client_router.go b/router/modules/client_router.go new file mode 100644 index 0000000..5825c50 --- /dev/null +++ b/router/modules/client_router.go @@ -0,0 +1,12 @@ +package modules + +import ( + "github.com/gin-gonic/gin" + "schisandra-cloud-album/api" +) + +var clientApi = api.Api.ClientApi + +func ClientRouter(router *gin.RouterGroup) { + router.GET("/client/generate_client_id", clientApi.GenerateClientId) +} diff --git a/router/modules/oauth_router.go b/router/modules/oauth_router.go index ae7d0d0..9d4b852 100644 --- a/router/modules/oauth_router.go +++ b/router/modules/oauth_router.go @@ -12,7 +12,6 @@ func OauthRouter(router *gin.RouterGroup) { { wechatRouter := group.Group("/wechat") { - wechatRouter.GET("/generate_client_id", oauth.GenerateClientId) wechatRouter.GET("/get_temp_qrcode", oauth.GetTempQrCode) //wechatRouter.GET("/callback", oauth.CallbackVerify) wechatRouter.POST("/callback", oauth.CallbackNotify) @@ -34,5 +33,4 @@ func OauthRouter(router *gin.RouterGroup) { } group.GET("/get_device", oauth.GetUserLoginDevice) } - } diff --git a/router/modules/permission_router.go b/router/modules/permission_router.go index 1f84ad1..0638b8e 100644 --- a/router/modules/permission_router.go +++ b/router/modules/permission_router.go @@ -9,6 +9,8 @@ var permissionApi = api.Api.PermissionApi func PermissionRouter(router *gin.RouterGroup) { group := router.Group("/auth/permission") - //group.Use(middleware.JWTAuthMiddleware()) - group.POST("/add", permissionApi.AddPermissions) + { + group.POST("/add", permissionApi.AddPermissions) + group.GET("/get_user_permissions", permissionApi.GetUserPermissions) + } } diff --git a/router/modules/role_router.go b/router/modules/role_router.go index e158b52..cb61ce8 100644 --- a/router/modules/role_router.go +++ b/router/modules/role_router.go @@ -3,14 +3,15 @@ package modules import ( "github.com/gin-gonic/gin" "schisandra-cloud-album/api" - "schisandra-cloud-album/middleware" ) var roleApi = api.Api.RoleApi func RoleRouter(router *gin.RouterGroup) { group := router.Group("/auth") - group.Use(middleware.JWTAuthMiddleware()) - group.POST("/role/create", roleApi.CreateRole) - group.POST("/role/add_role_to_user", roleApi.AddRoleToUser) + { + group.POST("/role/create", roleApi.CreateRole) + group.POST("/role/add_role_to_user", roleApi.AddRoleToUser) + } + } diff --git a/router/modules/swagger_router.go b/router/modules/swagger_router.go index c121b7a..cc97a2b 100644 --- a/router/modules/swagger_router.go +++ b/router/modules/swagger_router.go @@ -8,10 +8,10 @@ import ( "schisandra-cloud-album/global" ) -func SwaggerRouter(router *gin.Engine) { +func SwaggerRouter(router *gin.RouterGroup) { docs.SwaggerInfo.BasePath = "" docs.SwaggerInfo.Description = global.CONFIG.Swagger.Description - router.GET("/api/doc/*any", gin.BasicAuth(gin.Accounts{ + router.GET("/doc/*any", gin.BasicAuth(gin.Accounts{ global.CONFIG.Swagger.User: global.CONFIG.Swagger.Password, }), ginSwagger.WrapHandler(swaggerFiles.Handler, func(config *ginSwagger.Config) { config.Title = global.CONFIG.Swagger.Title diff --git a/router/modules/user_router.go b/router/modules/user_router.go index 44c51bf..79cc40f 100644 --- a/router/modules/user_router.go +++ b/router/modules/user_router.go @@ -3,7 +3,6 @@ package modules import ( "github.com/gin-gonic/gin" "schisandra-cloud-album/api" - "schisandra-cloud-album/middleware" ) var userApi = api.Api.UserApi @@ -16,15 +15,18 @@ func UserRouter(router *gin.RouterGroup) { userGroup.POST("/phone_login", userApi.PhoneLogin) userGroup.POST("/reset_password", userApi.ResetPassword) } - authGroup := router.Group("auth").Use(middleware.JWTAuthMiddleware()).Use(middleware.CasbinMiddleware()) - { - authGroup.GET("/user/list", userApi.GetUserList) - authGroup.GET("/user/query_by_uuid", userApi.QueryUserByUuid) - - } tokenGroup := router.Group("token") { tokenGroup.POST("/refresh", userApi.RefreshHandler) } +} + +// UserRouterAuth 用户相关路由 有auth接口组需要token验证 +func UserRouterAuth(router *gin.RouterGroup) { + authGroup := router.Group("auth") + { + authGroup.GET("/user/list", userApi.GetUserList) + authGroup.GET("/user/query_by_uuid", userApi.QueryUserByUuid) + } } diff --git a/router/router.go b/router/router.go index 48eaa9c..ce63fe8 100644 --- a/router/router.go +++ b/router/router.go @@ -3,12 +3,15 @@ package router import ( "github.com/gin-contrib/cors" "github.com/gin-gonic/gin" + "schisandra-cloud-album/api" "schisandra-cloud-album/global" "schisandra-cloud-album/middleware" "schisandra-cloud-album/router/modules" "time" ) +var oauth = api.Api.OAuthApi + func InitRouter() *gin.Engine { gin.SetMode(global.CONFIG.System.Env) router := gin.Default() @@ -18,25 +21,40 @@ func InitRouter() *gin.Engine { return nil } router.Use(middleware.RateLimitMiddleware(time.Millisecond*100, 20)) // 限流中间件 - publicGroup := router.Group("api") // 跨域设置 - publicGroup.Use(cors.New(cors.Config{ + router.Use(cors.New(cors.Config{ AllowOrigins: []string{global.CONFIG.System.Web}, AllowMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD"}, - AllowHeaders: []string{"Origin", "Content-Length", "Content-Type", "Authorization", "X-CSRF-Token", "Accept-Language"}, + AllowHeaders: []string{"Origin", "Content-Length", "Content-Type", "Authorization", "X-CSRF-Token", "Accept-Language", "X-Request-Id"}, AllowCredentials: true, MaxAge: 12 * time.Hour, })) // 国际化设置 - publicGroup.Use(middleware.I18n()) + router.Use(middleware.I18n()) + + publicGroup := router.Group("api") // 不需要鉴权的路由组 + authGroup := router.Group("api") // 需要鉴权的路由组 + authGroup.Use( + middleware.JWTAuthMiddleware(), + middleware.CasbinMiddleware(), + middleware.CheckClientMiddleware()) + + checkClientGroup := router.Group("api") // 需要检查客户端的路由组 + + checkClientGroup.Use(middleware.CheckClientMiddleware()) + + modules.ClientRouter(publicGroup) // 注册客户端路由 + modules.SwaggerRouter(publicGroup) // 注册swagger路由 + modules.WebsocketRouter(publicGroup) // 注册websocket路由 + + modules.CaptchaRouter(checkClientGroup) // 注册验证码路由 + modules.SmsRouter(checkClientGroup) // 注册短信验证码路由 + modules.OauthRouter(checkClientGroup) // 注册oauth路由 + modules.UserRouter(checkClientGroup) // 注册鉴权路由 + + modules.UserRouterAuth(authGroup) // 注册鉴权路由 + modules.RoleRouter(authGroup) // 注册角色路由 + modules.PermissionRouter(authGroup) // 注册权限路由 - modules.SwaggerRouter(router) // 注册swagger路由 - modules.UserRouter(publicGroup) // 注册鉴权路由 - modules.CaptchaRouter(publicGroup) // 注册验证码路由 - modules.SmsRouter(publicGroup) // 注册短信验证码路由 - modules.OauthRouter(publicGroup) // 注册oauth路由 - modules.WebsocketRouter(publicGroup) // 注册websocket路由 - modules.RoleRouter(publicGroup) // 注册角色路由 - modules.PermissionRouter(publicGroup) // 注册权限路由 return router } diff --git a/service/user_device_service/user_device_service.go b/service/user_device_service/user_device_service.go index 0643a50..471d4a4 100644 --- a/service/user_device_service/user_device_service.go +++ b/service/user_device_service/user_device_service.go @@ -34,7 +34,6 @@ func (UserDeviceService) UpdateUserDevice(id int64, userDevice *model.ScaAuthUse Mobile: userDevice.Mobile, Bot: userDevice.Bot, Mozilla: userDevice.Mozilla, - Model: userDevice.Model, Platform: userDevice.Platform, EngineName: userDevice.EngineName, EngineVersion: userDevice.EngineVersion, diff --git a/utils/jwt.go b/utils/jwt.go index b0607ae..3c94913 100644 --- a/utils/jwt.go +++ b/utils/jwt.go @@ -33,7 +33,7 @@ func GenerateAccessToken(payload AccessJWTPayload) (string, error) { claims := AccessJWTClaims{ AccessJWTPayload: payload, RegisteredClaims: jwt.RegisteredClaims{ - ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour * 2)), + ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Minute * 30)), IssuedAt: jwt.NewNumericDate(time.Now()), NotBefore: jwt.NewNumericDate(time.Now()), },