feat: Implement Oauth2 login log service and repository

- Added Oauth2LogLoginService for managing user authorization logs. - Implemented methods for inserting logs, cleaning logs, and exporting log data. - Created a new file for Oauth2 login log service. refactor: Remove unused open_api module - Deleted the open_api.go file as it was not utilized in the project. fix: Update error codes in SysProfileController - Changed error codes for binding errors and user authentication errors to more descriptive values. fix: Update cache handling in SysConfig and SysDictType services - Modified Redis set operations to include expiration time for cached values. refactor: Update middleware authorization checks - Replaced PreAuthorize middleware with AuthorizeUser across multiple routes in system and tool modules for consistency. chore: Clean up trace and ws modules - Updated middleware authorization in trace and ws modules to use AuthorizeUser.
2025-04-27 11:07:34 +08:00
parent b29a36e7b5
commit 56991a0b49
72 changed files with 2334 additions and 873 deletions
--- a/src/framework/middleware/authorize_oauth2.go
+++ b/src/framework/middleware/authorize_oauth2.go
@@ -0,0 +1,66 @@
+package middleware
+
+import (
+	"fmt"
+
+	"github.com/gin-gonic/gin"
+
+	"be.ems/src/framework/constants"
+	"be.ems/src/framework/reqctx"
+	"be.ems/src/framework/resp"
+	"be.ems/src/framework/token"
+)
+
+// AuthorizeOauth2 客户端授权认证校验
+//
+// scope 客户端授权范围，例如：[]string{"read","write"}
+func AuthorizeOauth2(scope []string) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		// 获取请求头标识信息
+		tokenStr := reqctx.Authorization(c)
+		if tokenStr == "" {
+			c.JSON(401, resp.CodeMsg(401003, "authorization token is empty"))
+			c.Abort() // 停止执行后续的处理函数
+			return
+		}
+
+		// 验证令牌
+		claims, err := token.Oauth2TokenVerify(tokenStr, "access")
+		if err != nil {
+			c.JSON(401, resp.CodeMsg(401001, err.Error()))
+			c.Abort() // 停止执行后续的处理函数
+			return
+		}
+
+		// 获取缓存的用户信息
+		info := token.Oauth2InfoGet(claims)
+		if info.ClientId == "" {
+			c.JSON(401, resp.CodeMsg(401002, "invalid login user information"))
+			c.Abort() // 停止执行后续的处理函数
+			return
+		}
+		c.Set(constants.CTX_LOGIN_OAUTH2, info)
+
+		// 客户端权限校验
+		if scope != nil {
+			var hasScope bool = false
+			for _, item := range info.Scope {
+				for _, v := range scope {
+					if item == v {
+						hasScope = true
+						break
+					}
+				}
+			}
+			if !hasScope {
+				msg := fmt.Sprintf("unauthorized access %s %s", c.Request.Method, c.Request.RequestURI)
+				c.JSON(403, resp.CodeMsg(403001, msg))
+				c.Abort() // 停止执行后续的处理函数
+				return
+			}
+		}
+
+		// 调用下一个处理程序
+		c.Next()
+	}
+}