🐛 fix the casbin invalidation bug/adjust routing strategy

api/api.go

@@ -2,6 +2,7 @@ package api
 
 import (
 	"schisandra-cloud-album/api/captcha_api"
+	"schisandra-cloud-album/api/client_api"
 	"schisandra-cloud-album/api/oauth_api"
 	"schisandra-cloud-album/api/permission_api"
 	"schisandra-cloud-album/api/role_api"
@@ -19,6 +20,7 @@ type Apis struct {
 	WebsocketApi  websocket_api.WebsocketAPI
 	RoleApi       role_api.RoleAPI
 	PermissionApi permission_api.PermissionAPI
+	ClientApi     client_api.ClientAPI
 }
 
 // Api new函数实例化，实例化完成后会返回结构体地指针类型

api/client_api/client.go

@@ -0,0 +1,7 @@
+package client_api
+
+import "sync"
+
+type ClientAPI struct{}
+
+var mu sync.Mutex

api/client_api/client_api.go

@@ -0,0 +1,42 @@
+package client_api
+
+import (
+	"github.com/gin-gonic/gin"
+	uuid "github.com/satori/go.uuid"
+	"schisandra-cloud-album/common/constant"
+	"schisandra-cloud-album/common/redis"
+	"schisandra-cloud-album/common/result"
+	"schisandra-cloud-album/global"
+	"schisandra-cloud-album/utils"
+)
+
+// GenerateClientId 生成客户端ID
+// @Summary 生成客户端ID
+// @Description 生成客户端ID
+// @Tags 微信公众号
+// @Produce json
+// @Router /api/oauth/generate_client_id [get]
+func (ClientAPI) GenerateClientId(c *gin.Context) {
+	// 获取客户端IP
+	ip := utils.GetClientIP(c)
+	// 加锁
+	mu.Lock()
+	defer mu.Unlock()
+
+	// 从Redis获取客户端ID
+	clientId := redis.Get(constant.UserLoginClientRedisKey + ip).Val()
+	if clientId != "" {
+		result.OkWithData(clientId, c)
+		return
+	}
+
+	// 生成新的客户端ID
+	v1 := uuid.NewV1()
+	err := redis.Set(constant.UserLoginClientRedisKey+ip, v1.String(), 0).Err()
+	if err != nil {
+		global.LOG.Error(err)
+		return
+	}
+	result.OkWithData(v1.String(), c)
+	return
+}

api/oauth_api/oauth.go

@@ -150,7 +150,6 @@ func (OAuthAPI) GetUserLoginDevice(c *gin.Context) {
 	os := ua.OS()
 	mobile := ua.Mobile()
 	mozilla := ua.Mozilla()
-	m := ua.Model()
 	platform := ua.Platform()
 	engine, engineVersion := ua.Engine()
 	device := model.ScaAuthUserDevice{
@@ -164,7 +163,6 @@ func (OAuthAPI) GetUserLoginDevice(c *gin.Context) {
 		Mobile:          &mobile,
 		Bot:             &isBot,
 		Mozilla:         &mozilla,
-		Model:           &m,
 		Platform:        &platform,
 		EngineName:      &engine,
 		EngineVersion:   &engineVersion,

api/oauth_api/wechat_api.go

@@ -12,7 +12,6 @@ import (
 	"github.com/ArtisanCloud/PowerWeChat/v3/src/officialAccount/server/handlers/models"
 	ginI18n "github.com/gin-contrib/i18n"
 	"github.com/gin-gonic/gin"
-	uuid "github.com/satori/go.uuid"
 	"github.com/yitter/idgenerator-go/idgen"
 	"gorm.io/gorm"
 	"schisandra-cloud-album/api/user_api/dto"
@@ -29,36 +28,6 @@ import (
 	"time"
 )
 
-// GenerateClientId 生成客户端ID
-// @Summary 生成客户端ID
-// @Description 生成客户端ID
-// @Tags 微信公众号
-// @Produce json
-// @Router /api/oauth/generate_client_id [get]
-func (OAuthAPI) GenerateClientId(c *gin.Context) {
-	// 获取客户端IP
-	ip := utils.GetClientIP(c)
-	// 加锁
-	mu.Lock()
-	defer mu.Unlock()
-
-	// 从Redis获取客户端ID
-	clientId := redis.Get(constant.UserLoginClientRedisKey + ip).Val()
-	if clientId != "" {
-		result.OkWithData(clientId, c)
-		return
-	}
-
-	// 生成新的客户端ID
-	v1 := uuid.NewV1()
-	err := redis.Set(constant.UserLoginClientRedisKey+ip, v1.String(), 0).Err()
-	if err != nil {
-		global.LOG.Error(err)
-		return
-	}
-	result.OkWithData(v1.String(), c)
-}
-
 // CallbackNotify 微信回调
 // @Summary 微信回调
 // @Tags 微信公众号

api/permission_api/permission_api.go

@@ -68,3 +68,18 @@ func (PermissionAPI) AssignPermissionsToRole(c *gin.Context) {
 	result.OkWithMessage(ginI18n.MustGetMessage(c, "AssignSuccess"), c)
 	return
 }
+
+// GetUserPermissions 获取服用权限
+func (PermissionAPI) GetUserPermissions(c *gin.Context) {
+	userId := c.Query("user_id")
+	if userId == "" {
+		result.FailWithMessage(ginI18n.MustGetMessage(c, "GetUserFailed"), c)
+		return
+	}
+	data, err := global.Casbin.GetImplicitRolesForUser(userId)
+	if err != nil {
+		return
+	}
+	result.OkWithData(data, c)
+	return
+}

api/user_api/user_api.go

@@ -154,13 +154,14 @@ func (UserAPI) AccountLogin(c *gin.Context) {
 // @Router /api/user/phone_login [post]
 func (UserAPI) PhoneLogin(c *gin.Context) {
 	request := dto.PhoneLoginRequest{}
-	err := c.ShouldBindJSON(&request)
+	err := c.ShouldBind(&request)
 	if err != nil {
 		result.FailWithMessage(ginI18n.MustGetMessage(c, "ParamsError"), c)
 		return
 	}
 	phone := request.Phone
 	captcha := request.Captcha
+	autoLogin := request.AutoLogin
 	if phone == "" || captcha == "" {
 		result.FailWithMessage(ginI18n.MustGetMessage(c, "PhoneAndCaptchaNotEmpty"), c)
 		return
@@ -213,7 +214,7 @@ func (UserAPI) PhoneLogin(c *gin.Context) {
 				if err != nil {
 					return err
 				}
-				handelUserLogin(addUser, request.AutoLogin, c)
+				handelUserLogin(addUser, autoLogin, c)
 				return nil
 			})
 			errChan <- err
@@ -227,24 +228,24 @@ func (UserAPI) PhoneLogin(c *gin.Context) {
 			return
 		}
 	} else {
-		codeChan := make(chan *string)
+		codeChan := make(chan string)
 		go func() {
 			code := redis.Get(constant.UserLoginSmsRedisKey + phone).Val()
-			codeChan <- &code
+			codeChan <- code
 		}()
 
 		code := <-codeChan
 		close(codeChan)
 
-		if code == nil {
+		if code == "" {
 			result.FailWithMessage(ginI18n.MustGetMessage(c, "CaptchaExpired"), c)
 			return
 		}
-		if &captcha != code {
+		if captcha != code {
 			result.FailWithMessage(ginI18n.MustGetMessage(c, "CaptchaError"), c)
 			return
 		}
-		handelUserLogin(user, request.AutoLogin, c)
+		handelUserLogin(user, autoLogin, c)
 	}
 }
 
@@ -316,7 +317,7 @@ func handelUserLogin(user model.ScaAuthUser, autoLogin bool, c *gin.Context) {
 	if autoLogin {
 		days = 7 * 24 * time.Hour
 	} else {
-		days = 24 * time.Hour
+		days = time.Minute * 30
 	}
 
 	refreshToken, expiresAt := utils.GenerateRefreshToken(utils.RefreshJWTPayload{UserID: user.UID}, days)
@@ -455,7 +456,6 @@ func getUserLoginDevice(user model.ScaAuthUser, c *gin.Context) bool {
 	os := ua.OS()
 	mobile := ua.Mobile()
 	mozilla := ua.Mozilla()
-	m := ua.Model()
 	platform := ua.Platform()
 	engine, engineVersion := ua.Engine()
 
@@ -470,7 +470,6 @@ func getUserLoginDevice(user model.ScaAuthUser, c *gin.Context) bool {
 		Mobile:          &mobile,
 		Bot:             &isBot,
 		Mozilla:         &mozilla,
-		Model:           &m,
 		Platform:        &platform,
 		EngineName:      &engine,
 		EngineVersion:   &engineVersion,

config/rbac_model.conf

@@ -8,7 +8,7 @@ p = sub, obj, act
 g = _, _
 
 [policy_effect]
-e = some(where (p.eft == allow)) && !some(where (p.eft == deny))
+e = some(where (p.eft == allow))
 
 [matchers]
 m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act

core/casbin.go

@@ -5,37 +5,31 @@ import (
 	"github.com/casbin/casbin/v2/model"
 	gormadapter "github.com/casbin/gorm-adapter/v3"
 	"schisandra-cloud-album/global"
-	"sync"
-)
-
-var (
-	once sync.Once
 )
 
 func InitCasbin() {
-	once.Do(func() {
+	adapter, err := gormadapter.NewAdapterByDBUseTableName(global.DB, global.CONFIG.Casbin.TablePrefix, global.CONFIG.Casbin.TableName)
-		adapter, err := gormadapter.NewAdapterByDBUseTableName(global.DB, global.CONFIG.Casbin.TablePrefix, global.CONFIG.Casbin.TableName)
+	if err != nil {
-		if err != nil {
+		global.LOG.Error(err.Error())
-			global.LOG.Error(err.Error())
+		panic(err)
-			panic(err)
+	}
-		}
+	m, err := model.NewModelFromFile(global.CONFIG.Casbin.ModelPath)
-		m, err := model.NewModelFromFile(global.CONFIG.Casbin.ModelPath)
+	if err != nil {
-		if err != nil {
+		global.LOG.Error(err.Error())
-			global.LOG.Error(err.Error())
+		panic(err)
-			panic(err)
+	}
-		}
+	e, err := casbin.NewCachedEnforcer(m, adapter)
-		e, err := casbin.NewCachedEnforcer(m, adapter)
+	if err != nil {
-		if err != nil {
+		global.LOG.Error(err.Error())
-			global.LOG.Error(err.Error())
+		panic(err)
-			panic(err)
+	}
-		}
+	e.EnableCache(true)
-		e.EnableCache(true)
+	e.SetExpireTime(60 * 60)
-		e.SetExpireTime(60 * 60)
+	err = e.LoadPolicy()
-		err = e.LoadPolicy()
+	if err != nil {
-		if err != nil {
+		global.LOG.Error(err.Error())
-			global.LOG.Error(err.Error())
+		panic(err)
-			panic(err)
+	}
-		}
+	global.Casbin = e
-		global.Casbin = e
+
-	})
 }

i18n/language/en.toml

@@ -56,3 +56,5 @@ InternalError = "internal error!"
 RequestError = "request error!"
 AssignFailed = "assign failed!"
 AssignSuccess = "assign successfully!"
+DuplicateLogin = "duplicate login!"
+PermissionDenied = "permission denied!"

i18n/language/zh.toml

@@ -56,4 +56,6 @@ InternalError = "内部错误!"
 RequestError = "请求错误!"
 AssignFailed = "分配失败!"
 AssignSuccess = "分配成功!"
+DuplicateLogin = "重复登录!"
+PermissionDenied = "权限不足!"
 

middleware/casbin.go

@@ -1,27 +1,40 @@
 package middleware
 
 import (
+	ginI18n "github.com/gin-contrib/i18n"
 	"github.com/gin-gonic/gin"
+	"schisandra-cloud-album/common/result"
 	"schisandra-cloud-album/global"
 )
 
 func CasbinMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		userId, ok := c.Get("userId")
+		userIdAny, exists := c.Get("userId")
-		if !ok {
+		if !exists {
 			global.LOG.Error("casbin middleware: userId not found")
+			result.FailWithMessage(ginI18n.MustGetMessage(c, "PermissionDenied"), c)
 			c.Abort()
 			return
 		}
+		userId, ok := userIdAny.(*string)
+		if !ok {
+			result.FailWithMessage(ginI18n.MustGetMessage(c, "PermissionDenied"), c)
+			global.LOG.Error("casbin middleware: userId is not string")
+			c.Abort()
+			return
+		}
+		userIdStr := *userId
 		method := c.Request.Method
 		path := c.Request.URL.Path
-		ok, err := global.Casbin.Enforce(userId.(string), path, method)
+		correct, err := global.Casbin.Enforce(userIdStr, path, method)
 		if err != nil {
+			result.FailWithMessage(ginI18n.MustGetMessage(c, "PermissionDenied"), c)
 			global.LOG.Error("casbin middleware: ", err)
 			c.Abort()
 			return
 		}
-		if !ok {
+		if !correct {
+			result.FailWithMessage(ginI18n.MustGetMessage(c, "PermissionDenied"), c)
 			c.Abort()
 			return
 		}

middleware/check_client.go

@@ -0,0 +1,31 @@
+package middleware
+
+import (
+	ginI18n "github.com/gin-contrib/i18n"
+	"github.com/gin-gonic/gin"
+	"schisandra-cloud-album/common/constant"
+	"schisandra-cloud-album/common/redis"
+	"schisandra-cloud-album/common/result"
+	"schisandra-cloud-album/utils"
+)
+
+// CheckClientMiddleware 检查客户端请求是否合法
+func CheckClientMiddleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		id := c.GetHeader("X-Request-Id")
+		if id == "" {
+			result.FailWithMessage(ginI18n.MustGetMessage(c, "AuthVerifyFailed"), c)
+			c.Abort()
+			return
+		}
+
+		ip := utils.GetClientIP(c)
+		clientId := redis.Get(constant.UserLoginClientRedisKey + ip).Val()
+		if clientId == "" || clientId != id {
+			result.FailWithMessage(ginI18n.MustGetMessage(c, "AuthVerifyFailed"), c)
+			c.Abort()
+			return
+		}
+		c.Next()
+	}
+}

middleware/jwt.go

@@ -1,35 +1,60 @@
 package middleware
 
 import (
+	"encoding/json"
 	ginI18n "github.com/gin-contrib/i18n"
 	"github.com/gin-gonic/gin"
+	"schisandra-cloud-album/common/constant"
+	"schisandra-cloud-album/common/redis"
 	"schisandra-cloud-album/common/result"
 	"schisandra-cloud-album/global"
 	"schisandra-cloud-album/utils"
 	"strings"
 )
 
+type TokenData struct {
+	AccessToken  string  `json:"access_token"`
+	RefreshToken string  `json:"refresh_token"`
+	ExpiresAt    int64   `json:"expires_at"`
+	UID          *string `json:"uid"`
+}
+
 func JWTAuthMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
 		// 默认双Token放在请求头Authorization的Bearer中，并以空格隔开
 		authHeader := c.GetHeader(global.CONFIG.JWT.HeaderKey)
 		if authHeader == "" {
-			c.Abort()
+
 			result.FailWithMessage(ginI18n.MustGetMessage(c, "AuthVerifyFailed"), c)
+			c.Abort()
 			return
 		}
 		headerPrefix := global.CONFIG.JWT.HeaderPrefix
 		accessToken := strings.TrimPrefix(authHeader, headerPrefix+" ")
 
 		if accessToken == "" {
-			c.Abort()
+
 			result.FailWithMessage(ginI18n.MustGetMessage(c, "AuthVerifyFailed"), c)
+			c.Abort()
 			return
 		}
 		parseToken, isUpd, err := utils.ParseAccessToken(accessToken)
 		if err != nil || !isUpd {
-			c.Abort()
 			result.FailWithCodeAndMessage(401, ginI18n.MustGetMessage(c, "AuthVerifyExpired"), c)
+			c.Abort()
+			return
+		}
+		token := redis.Get(constant.UserLoginTokenRedisKey + *parseToken.UserID).Val()
+		tokenResult := TokenData{}
+		err = json.Unmarshal([]byte(token), &tokenResult)
+		if err != nil {
+			result.FailWithMessage(ginI18n.MustGetMessage(c, "AuthVerifyExpired"), c)
+			c.Abort()
+			return
+		}
+		if tokenResult.AccessToken != accessToken {
+			result.FailWithCodeAndMessage(403, ginI18n.MustGetMessage(c, "DuplicateLogin"), c)
+			c.Abort()
 			return
 		}
 		c.Set("userId", parseToken.UserID)

model/sca_auth_user_device.go

@@ -22,7 +22,6 @@ type ScaAuthUserDevice struct {
 	Mobile          *bool      `gorm:"column:mobile;type:int(11);comment:是否为手机" json:"mobile"`                                       // 是否为手机
 	Bot             *bool      `gorm:"column:bot;type:int(11);comment:是否为机器人" json:"bot"`                                            // 是否为机器人
 	Mozilla         *string    `gorm:"column:mozilla;type:varchar(10);comment:火狐版本" json:"mozilla"`                                  // 火狐版本
-	Model           *string    `gorm:"column:model;type:varchar(20);comment:设备型号" json:"model"`                                      // 设备型号
 	Platform        *string    `gorm:"column:platform;type:varchar(20);comment:平台" json:"platform"`                                  // 平台
 	EngineName      *string    `gorm:"column:engine_name;type:varchar(20);comment:引擎名称" json:"engine_name"`                          // 引擎名称
 	EngineVersion   *string    `gorm:"column:engine_version;type:varchar(20);comment:引擎版本" json:"engine_version"`                    // 引擎版本

router/modules/client_router.go

@@ -0,0 +1,12 @@
+package modules
+
+import (
+	"github.com/gin-gonic/gin"
+	"schisandra-cloud-album/api"
+)
+
+var clientApi = api.Api.ClientApi
+
+func ClientRouter(router *gin.RouterGroup) {
+	router.GET("/client/generate_client_id", clientApi.GenerateClientId)
+}

router/modules/oauth_router.go

@@ -12,7 +12,6 @@ func OauthRouter(router *gin.RouterGroup) {
 	{
 		wechatRouter := group.Group("/wechat")
 		{
-			wechatRouter.GET("/generate_client_id", oauth.GenerateClientId)
 			wechatRouter.GET("/get_temp_qrcode", oauth.GetTempQrCode)
 			//wechatRouter.GET("/callback", oauth.CallbackVerify)
 			wechatRouter.POST("/callback", oauth.CallbackNotify)
@@ -34,5 +33,4 @@ func OauthRouter(router *gin.RouterGroup) {
 		}
 		group.GET("/get_device", oauth.GetUserLoginDevice)
 	}
-
 }

router/modules/permission_router.go

@@ -9,6 +9,8 @@ var permissionApi = api.Api.PermissionApi
 
 func PermissionRouter(router *gin.RouterGroup) {
 	group := router.Group("/auth/permission")
-	//group.Use(middleware.JWTAuthMiddleware())
+	{
-	group.POST("/add", permissionApi.AddPermissions)
+		group.POST("/add", permissionApi.AddPermissions)
+		group.GET("/get_user_permissions", permissionApi.GetUserPermissions)
+	}
 }

router/modules/role_router.go

@@ -3,14 +3,15 @@ package modules
 import (
 	"github.com/gin-gonic/gin"
 	"schisandra-cloud-album/api"
-	"schisandra-cloud-album/middleware"
 )
 
 var roleApi = api.Api.RoleApi
 
 func RoleRouter(router *gin.RouterGroup) {
 	group := router.Group("/auth")
-	group.Use(middleware.JWTAuthMiddleware())
+	{
-	group.POST("/role/create", roleApi.CreateRole)
+		group.POST("/role/create", roleApi.CreateRole)
-	group.POST("/role/add_role_to_user", roleApi.AddRoleToUser)
+		group.POST("/role/add_role_to_user", roleApi.AddRoleToUser)
+	}
+
 }

router/modules/swagger_router.go

@@ -8,10 +8,10 @@ import (
 	"schisandra-cloud-album/global"
 )
 
-func SwaggerRouter(router *gin.Engine) {
+func SwaggerRouter(router *gin.RouterGroup) {
 	docs.SwaggerInfo.BasePath = ""
 	docs.SwaggerInfo.Description = global.CONFIG.Swagger.Description
-	router.GET("/api/doc/*any", gin.BasicAuth(gin.Accounts{
+	router.GET("/doc/*any", gin.BasicAuth(gin.Accounts{
 		global.CONFIG.Swagger.User: global.CONFIG.Swagger.Password,
 	}), ginSwagger.WrapHandler(swaggerFiles.Handler, func(config *ginSwagger.Config) {
 		config.Title = global.CONFIG.Swagger.Title

router/modules/user_router.go

@@ -3,7 +3,6 @@ package modules
 import (
 	"github.com/gin-gonic/gin"
 	"schisandra-cloud-album/api"
-	"schisandra-cloud-album/middleware"
 )
 
 var userApi = api.Api.UserApi
@@ -16,15 +15,18 @@ func UserRouter(router *gin.RouterGroup) {
 		userGroup.POST("/phone_login", userApi.PhoneLogin)
 		userGroup.POST("/reset_password", userApi.ResetPassword)
 	}
-	authGroup := router.Group("auth").Use(middleware.JWTAuthMiddleware()).Use(middleware.CasbinMiddleware())
-	{
-		authGroup.GET("/user/list", userApi.GetUserList)
-		authGroup.GET("/user/query_by_uuid", userApi.QueryUserByUuid)
-
-	}
 	tokenGroup := router.Group("token")
 	{
 		tokenGroup.POST("/refresh", userApi.RefreshHandler)
 	}
+}
+
+// UserRouterAuth 用户相关路由 有auth接口组需要token验证
+func UserRouterAuth(router *gin.RouterGroup) {
+	authGroup := router.Group("auth")
+	{
+		authGroup.GET("/user/list", userApi.GetUserList)
+		authGroup.GET("/user/query_by_uuid", userApi.QueryUserByUuid)
+	}
 
 }

router/router.go

@@ -3,12 +3,15 @@ package router
 import (
 	"github.com/gin-contrib/cors"
 	"github.com/gin-gonic/gin"
+	"schisandra-cloud-album/api"
 	"schisandra-cloud-album/global"
 	"schisandra-cloud-album/middleware"
 	"schisandra-cloud-album/router/modules"
 	"time"
 )
 
+var oauth = api.Api.OAuthApi
+
 func InitRouter() *gin.Engine {
 	gin.SetMode(global.CONFIG.System.Env)
 	router := gin.Default()
@@ -18,25 +21,40 @@ func InitRouter() *gin.Engine {
 		return nil
 	}
 	router.Use(middleware.RateLimitMiddleware(time.Millisecond*100, 20)) // 限流中间件
-	publicGroup := router.Group("api")
 	// 跨域设置
-	publicGroup.Use(cors.New(cors.Config{
+	router.Use(cors.New(cors.Config{
 		AllowOrigins:     []string{global.CONFIG.System.Web},
 		AllowMethods:     []string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD"},
-		AllowHeaders:     []string{"Origin", "Content-Length", "Content-Type", "Authorization", "X-CSRF-Token", "Accept-Language"},
+		AllowHeaders:     []string{"Origin", "Content-Length", "Content-Type", "Authorization", "X-CSRF-Token", "Accept-Language", "X-Request-Id"},
 		AllowCredentials: true,
 		MaxAge:           12 * time.Hour,
 	}))
 	// 国际化设置
-	publicGroup.Use(middleware.I18n())
+	router.Use(middleware.I18n())
+
+	publicGroup := router.Group("api") // 不需要鉴权的路由组
+	authGroup := router.Group("api")   // 需要鉴权的路由组
+	authGroup.Use(
+		middleware.JWTAuthMiddleware(),
+		middleware.CasbinMiddleware(),
+		middleware.CheckClientMiddleware())
+
+	checkClientGroup := router.Group("api") // 需要检查客户端的路由组
+
+	checkClientGroup.Use(middleware.CheckClientMiddleware())
+
+	modules.ClientRouter(publicGroup)    // 注册客户端路由
+	modules.SwaggerRouter(publicGroup)   // 注册swagger路由
+	modules.WebsocketRouter(publicGroup) // 注册websocket路由
+
+	modules.CaptchaRouter(checkClientGroup) // 注册验证码路由
+	modules.SmsRouter(checkClientGroup)     // 注册短信验证码路由
+	modules.OauthRouter(checkClientGroup)   // 注册oauth路由
+	modules.UserRouter(checkClientGroup)    // 注册鉴权路由
+
+	modules.UserRouterAuth(authGroup)   // 注册鉴权路由
+	modules.RoleRouter(authGroup)       // 注册角色路由
+	modules.PermissionRouter(authGroup) // 注册权限路由
 
-	modules.SwaggerRouter(router)         // 注册swagger路由
-	modules.UserRouter(publicGroup)       // 注册鉴权路由
-	modules.CaptchaRouter(publicGroup)    // 注册验证码路由
-	modules.SmsRouter(publicGroup)        // 注册短信验证码路由
-	modules.OauthRouter(publicGroup)      // 注册oauth路由
-	modules.WebsocketRouter(publicGroup)  // 注册websocket路由
-	modules.RoleRouter(publicGroup)       // 注册角色路由
-	modules.PermissionRouter(publicGroup) // 注册权限路由
 	return router
 }

service/user_device_service/user_device_service.go

@@ -34,7 +34,6 @@ func (UserDeviceService) UpdateUserDevice(id int64, userDevice *model.ScaAuthUse
 		Mobile:          userDevice.Mobile,
 		Bot:             userDevice.Bot,
 		Mozilla:         userDevice.Mozilla,
-		Model:           userDevice.Model,
 		Platform:        userDevice.Platform,
 		EngineName:      userDevice.EngineName,
 		EngineVersion:   userDevice.EngineVersion,

utils/jwt.go

@@ -33,7 +33,7 @@ func GenerateAccessToken(payload AccessJWTPayload) (string, error) {
 	claims := AccessJWTClaims{
 		AccessJWTPayload: payload,
 		RegisteredClaims: jwt.RegisteredClaims{
-			ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour * 2)),
+			ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Minute * 30)),
 			IssuedAt:  jwt.NewNumericDate(time.Now()),
 			NotBefore: jwt.NewNumericDate(time.Now()),
 		},