OMC/be.ems
1
0
Fork 0
Code Issues Releases 3 Activity

feat: Implement Oauth2 login log service and repository

Browse Source 
- Added Oauth2LogLoginService for managing user authorization logs.
- Implemented methods for inserting logs, cleaning logs, and exporting log data.
- Created a new file for Oauth2 login log service.

refactor: Remove unused open_api module

- Deleted the open_api.go file as it was not utilized in the project.

fix: Update error codes in SysProfileController

- Changed error codes for binding errors and user authentication errors to more descriptive values.

fix: Update cache handling in SysConfig and SysDictType services

- Modified Redis set operations to include expiration time for cached values.

refactor: Update middleware authorization checks

- Replaced PreAuthorize middleware with AuthorizeUser across multiple routes in system and tool modules for consistency.

chore: Clean up trace and ws modules

- Updated middleware authorization in trace and ws modules to use AuthorizeUser.
This commit is contained in:
TsMask
2025-04-27 11:07:34 +08:00
parent b29a36e7b5
commit 56991a0b49
72 changed files with 2334 additions and 873 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/framework/token/oauth2_info.go Normal file
View File

@@ -0,0 +1,14 @@
package token
// Oauth2Info 第三方客户端令牌信息对象
type Oauth2Info struct {
DeviceId string `json:"deviceId"` // 用户设备标识
ClientId string `json:"clientId"` // 客户端ID
LoginTime int64 `json:"loginTime"` // 登录时间时间戳
ExpireTime int64 `json:"expireTime"` // 过期时间时间戳
LoginIp string `json:"loginIp"` // 登录IP地址 x.x.x.x
LoginLocation string `json:"loginLocation"` // 登录地点 xx xx
Browser string `json:"browser"` // 浏览器类型
OS string `json:"os"` // 操作系统
Scope []string `json:"scope"` // 权限列表
}

167
src/framework/token/oauth2_token.go Normal file
View File

@@ -0,0 +1,167 @@
package token
import (
"encoding/json"
"fmt"
"time"
"github.com/golang-jwt/jwt/v5"
"be.ems/src/framework/config"
"be.ems/src/framework/constants"
"be.ems/src/framework/database/redis"
"be.ems/src/framework/logger"
"be.ems/src/framework/utils/parse"
)
// Oauth2TokenCreate 生成令牌
// clientId 客户端ID
// deviceFingerprint 设备指纹 SHA256
// tokenType 令牌类型 access:访问令牌 refresh:刷新令牌
func Oauth2TokenCreate(clientId, deviceFingerprint, tokenType string) (string, int64) {
// 令牌算法 HS256 HS384 HS512
algorithm := config.Get("jwt.algorithm").(string)
var method *jwt.SigningMethodHMAC
switch algorithm {
case "HS512":
method = jwt.SigningMethodHS512
case "HS384":
method = jwt.SigningMethodHS384
default: // 包含HS256和其他所有情况
method = jwt.SigningMethodHS256
}
// 生成令牌设置密钥
secret := fmt.Sprint(config.Get("jwt.secret"))
// 设置令牌过期时间
now := time.Now()
exp := now
if tokenType == "access" {
expiresIn := time.Duration(parse.Number(config.Get("jwt.expiresIn")))
exp = now.Add(expiresIn * time.Minute)
secret = "Oauth2_Access:" + secret
}
if tokenType == "refresh" {
refreshIn := time.Duration(parse.Number(config.Get("jwt.refreshIn")))
exp = now.Add(refreshIn * time.Minute)
secret = "Oauth2_Refresh:" + secret
}
// 生成令牌负荷绑定uuid标识
jwtToken := jwt.NewWithClaims(method, jwt.MapClaims{
constants.JWT_DEVICE_ID: deviceFingerprint,
constants.JWT_CLIENT_ID: clientId,
"exp": exp.Unix(), // 过期时间
"iat": now.Unix(), // 签发时间
"nbf": now.Unix(), // 生效时间
})
tokenStr, err := jwtToken.SignedString([]byte(secret))
if err != nil {
logger.Infof("jwt sign err : %v", err)
return "", 0
}
expSeconds := int64(exp.Sub(now).Seconds())
return tokenStr, expSeconds
}
// Oauth2TokenVerify 校验令牌是否有效
// tokenType 令牌类型 access:访问令牌 refresh:刷新令牌
func Oauth2TokenVerify(tokenStr, tokenType string) (jwt.MapClaims, error) {
jwtToken, err := jwt.Parse(tokenStr, func(jToken *jwt.Token) (any, error) {
// 判断加密算法是预期的加密算法
if _, ok := jToken.Method.(*jwt.SigningMethodHMAC); ok {
secret := config.Get("jwt.secret").(string)
if tokenType == "access" {
secret = "Oauth2_Access:" + secret
}
if tokenType == "refresh" {
secret = "Oauth2_Refresh:" + secret
}
return []byte(secret), nil
}
return nil, jwt.ErrSignatureInvalid
})
if err != nil {
logger.Errorf("Token Verify Err: %v", err)
return nil, fmt.Errorf("token invalid")
}
// 如果解析负荷成功并通过签名校验
claims, ok := jwtToken.Claims.(jwt.MapClaims)
if ok && jwtToken.Valid {
return claims, nil
}
return nil, fmt.Errorf("token valid error")
}
// Oauth2InfoRemove 清除登录第三方客户端信息
func Oauth2InfoRemove(tokenStr string) (string, error) {
claims, err := Oauth2TokenVerify(tokenStr, "access")
if err != nil {
logger.Errorf("token verify err %v", err)
return "", err
}
deviceId, ok := claims[constants.JWT_DEVICE_ID]
if ok && deviceId != "" {
// 清除缓存KEY
tokenKey := constants.CACHE_OAUTH2_DEVICE + ":" + fmt.Sprint(deviceId)
return fmt.Sprint(claims[constants.JWT_CLIENT_ID]), redis.Del("", tokenKey)
}
return "", fmt.Errorf("token invalid")
}
// Oauth2InfoCreate 生成访问第三方客户端信息缓存
func Oauth2InfoCreate(info *Oauth2Info, deviceFingerprint string, ilobArr [4]string) {
info.DeviceId = deviceFingerprint
// 设置请求登录客户端
info.LoginIp = ilobArr[0]
info.LoginLocation = ilobArr[1]
info.OS = ilobArr[2]
info.Browser = ilobArr[3]
expiresIn := time.Duration(parse.Number(config.Get("jwt.expiresIn")))
now := time.Now()
exp := now.Add(expiresIn * time.Minute)
info.LoginTime = now.UnixMilli()
info.ExpireTime = exp.UnixMilli()
// 登录信息标识缓存
tokenKey := constants.CACHE_OAUTH2_DEVICE + ":" + info.DeviceId
jsonBytes, err := json.Marshal(info)
if err != nil {
return
}
_ = redis.Set("", tokenKey, string(jsonBytes), expiresIn*time.Minute)
}
// Oauth2InfoUpdate 更新访问第三方客户端信息缓存
func Oauth2InfoUpdate(info Oauth2Info) {
// 登录信息标识缓存
tokenKey := constants.CACHE_OAUTH2_DEVICE + ":" + info.DeviceId
jsonBytes, err := json.Marshal(info)
if err != nil {
return
}
expiresIn, _ := redis.GetExpire("", tokenKey)
expiration := time.Duration(expiresIn) * time.Second
_ = redis.Set("", tokenKey, string(jsonBytes), expiration)
}
// Oauth2InfoGet 缓存的登录第三方客户端信息
func Oauth2InfoGet(claims jwt.MapClaims) Oauth2Info {
info := Oauth2Info{}
deviceId := fmt.Sprint(claims[constants.JWT_DEVICE_ID])
tokenKey := constants.CACHE_OAUTH2_DEVICE + ":" + deviceId
hasKey, err := redis.Has("", tokenKey)
if hasKey > 0 && err == nil {
infoStr, err := redis.Get("", tokenKey)
if infoStr == "" || err != nil {
return info
}
if err := json.Unmarshal([]byte(infoStr), &info); err != nil {
logger.Errorf("info json err : %v", err)
return info
}
}
return info
}

152
src/framework/token/token.go
View File

@@ -1,152 +0,0 @@
package token
import (
"encoding/json"
"fmt"
"time"
"github.com/golang-jwt/jwt/v5"
"be.ems/src/framework/config"
"be.ems/src/framework/constants"
"be.ems/src/framework/database/redis"
"be.ems/src/framework/logger"
"be.ems/src/framework/utils/generate"
)
// Remove 清除登录用户信息UUID
func Remove(token string) string {
claims, err := Verify(token)
if err != nil {
logger.Errorf("token verify err %v", err)
return ""
}
// 清除缓存KEY
uuid := claims[constants.JWT_UUID].(string)
tokenKey := constants.CACHE_LOGIN_TOKEN + ":" + uuid
hasKey, err := redis.Has("", tokenKey)
if hasKey > 0 && err == nil {
_ = redis.Del("", tokenKey)
}
return claims[constants.JWT_USER_NAME].(string)
}
// Create 令牌生成
func Create(tokenInfo *TokenInfo, ilobArr [4]string) string {
// 生成用户唯一token 32位
tokenInfo.UUID = generate.Code(32)
tokenInfo.LoginTime = time.Now().UnixMilli()
// 设置请求用户登录客户端
tokenInfo.LoginIp = ilobArr[0]
tokenInfo.LoginLocation = ilobArr[1]
tokenInfo.OS = ilobArr[2]
tokenInfo.Browser = ilobArr[3]
// 设置新登录IP和登录时间
tokenInfo.User.LoginIp = tokenInfo.LoginIp
tokenInfo.User.LoginTime = tokenInfo.LoginTime
// 设置用户令牌有效期并存入缓存
Cache(tokenInfo)
// 令牌算法 HS256 HS384 HS512
algorithm := config.Get("jwt.algorithm").(string)
var method *jwt.SigningMethodHMAC
switch algorithm {
case "HS512":
method = jwt.SigningMethodHS512
case "HS384":
method = jwt.SigningMethodHS384
case "HS256":
default:
method = jwt.SigningMethodHS256
}
// 生成令牌负荷绑定uuid标识
jwtToken := jwt.NewWithClaims(method, jwt.MapClaims{
constants.JWT_UUID: tokenInfo.UUID,
constants.JWT_USER_ID: tokenInfo.UserId,
constants.JWT_USER_NAME: tokenInfo.User.UserName,
"ait": tokenInfo.LoginTime,
})
// 生成令牌设置密钥
secret := config.Get("jwt.secret").(string)
tokenStr, err := jwtToken.SignedString([]byte(secret))
if err != nil {
logger.Infof("jwt sign err : %v", err)
return ""
}
return tokenStr
}
// Cache 缓存登录用户信息
func Cache(tokenInfo *TokenInfo) {
// 计算配置的有效期
expTime := config.Get("jwt.expiresIn").(int)
expTimestamp := time.Duration(expTime) * time.Minute
iatTimestamp := time.Now().UnixMilli()
tokenInfo.LoginTime = iatTimestamp
tokenInfo.ExpireTime = iatTimestamp + expTimestamp.Milliseconds()
tokenInfo.User.Password = ""
// 登录信息标识缓存
tokenKey := constants.CACHE_LOGIN_TOKEN + ":" + tokenInfo.UUID
jsonBytes, err := json.Marshal(tokenInfo)
if err != nil {
return
}
_ = redis.SetByExpire("", tokenKey, string(jsonBytes), expTimestamp)
}
// RefreshIn 验证令牌有效期相差不足xx分钟自动刷新缓存
func RefreshIn(loginUser *TokenInfo) {
// 相差不足xx分钟自动刷新缓存
refreshTime := config.Get("jwt.refreshIn").(int)
refreshTimestamp := time.Duration(refreshTime) * time.Minute
// 过期时间
expireTimestamp := loginUser.ExpireTime
currentTimestamp := time.Now().UnixMilli()
if expireTimestamp-currentTimestamp <= refreshTimestamp.Milliseconds() {
Cache(loginUser)
}
}
// Verify 校验令牌是否有效
func Verify(token string) (jwt.MapClaims, error) {
jwtToken, err := jwt.Parse(token, func(jToken *jwt.Token) (any, error) {
// 判断加密算法是预期的加密算法
if _, ok := jToken.Method.(*jwt.SigningMethodHMAC); ok {
secret := config.Get("jwt.secret").(string)
return []byte(secret), nil
}
return nil, jwt.ErrSignatureInvalid
})
if err != nil {
logger.Errorf("Token Verify Err: %v", err)
return nil, fmt.Errorf("token invalid")
}
// 如果解析负荷成功并通过签名校验
if claims, ok := jwtToken.Claims.(jwt.MapClaims); ok && jwtToken.Valid {
return claims, nil
}
return nil, fmt.Errorf("token valid error")
}
// Info 缓存的登录用户信息
func Info(claims jwt.MapClaims) TokenInfo {
tokenInfo := TokenInfo{}
uuid := claims[constants.JWT_UUID].(string)
tokenKey := constants.CACHE_LOGIN_TOKEN + ":" + uuid
hasKey, err := redis.Has("", tokenKey)
if hasKey > 0 && err == nil {
infoStr, err := redis.Get("", tokenKey)
if infoStr == "" || err != nil {
return tokenInfo
}
if err := json.Unmarshal([]byte(infoStr), &tokenInfo); err != nil {
logger.Errorf("info json err : %v", err)
return tokenInfo
}
}
return tokenInfo
}

6
src/framework/token/token_info.go → src/framework/token/user_info.go
View File

@@ -2,9 +2,9 @@ package token
import systemModel "be.ems/src/modules/system/model"
// TokenInfo 令牌信息对象
type TokenInfo struct {
UUID string `json:"uuid"` // 用户唯一标识
// UserInfo 系统用户令牌信息对象
type UserInfo struct {
DeviceId string `json:"deviceId"` // 用户设备标识
UserId int64 `json:"userId"` // 用户ID
DeptId int64 `json:"deptId"` // 部门ID
LoginTime int64 `json:"loginTime"` // 登录时间时间戳

173
src/framework/token/user_token.go Normal file
View File

@@ -0,0 +1,173 @@
package token
import (
"encoding/json"
"fmt"
"time"
"github.com/golang-jwt/jwt/v5"
"be.ems/src/framework/config"
"be.ems/src/framework/constants"
"be.ems/src/framework/database/redis"
"be.ems/src/framework/logger"
"be.ems/src/framework/utils/parse"
)
// UserTokenCreate 生成令牌
// userId 用户ID
// deviceFingerprint 设备指纹 SHA256
// tokenType 令牌类型 access:访问令牌 refresh:刷新令牌
func UserTokenCreate(userId int64, deviceFingerprint, tokenType string) (string, int64) {
// 令牌算法 HS256 HS384 HS512
algorithm := config.Get("jwt.algorithm").(string)
var method *jwt.SigningMethodHMAC
switch algorithm {
case "HS512":
method = jwt.SigningMethodHS512
case "HS384":
method = jwt.SigningMethodHS384
default: // 包含HS256和其他所有情况
method = jwt.SigningMethodHS256
}
// 生成令牌设置密钥
secret := fmt.Sprint(config.Get("jwt.secret"))
// 设置令牌过期时间
now := time.Now()
exp := now
if tokenType == "access" {
expiresIn := time.Duration(parse.Number(config.Get("jwt.expiresIn")))
exp = now.Add(expiresIn * time.Minute)
secret = "User_Access:" + secret
}
if tokenType == "refresh" {
refreshIn := time.Duration(parse.Number(config.Get("jwt.refreshIn")))
exp = now.Add(refreshIn * time.Minute)
secret = "User_Refresh:" + secret
}
// 生成令牌负荷绑定uuid标识
jwtToken := jwt.NewWithClaims(method, jwt.MapClaims{
constants.JWT_DEVICE_ID: deviceFingerprint,
constants.JWT_USER_ID: userId,
"exp": exp.Unix(), // 过期时间
"iat": now.Unix(), // 签发时间
"nbf": now.Add(-10 * time.Second).Unix(), // 生效时间
})
tokenStr, err := jwtToken.SignedString([]byte(secret))
if err != nil {
logger.Infof("jwt sign err : %v", err)
return "", 0
}
expSeconds := int64(exp.Sub(now).Seconds())
return tokenStr, expSeconds
}
// UserTokenVerify 校验令牌是否有效
// tokenType 令牌类型 access:访问令牌 refresh:刷新令牌
func UserTokenVerify(tokenStr string, tokenType string) (jwt.MapClaims, error) {
jwtToken, err := jwt.Parse(tokenStr, func(jToken *jwt.Token) (any, error) {
// 判断加密算法是预期的加密算法
if _, ok := jToken.Method.(*jwt.SigningMethodHMAC); ok {
secret := config.Get("jwt.secret").(string)
if tokenType == "access" {
secret = "User_Access:" + secret
}
if tokenType == "refresh" {
secret = "User_Refresh:" + secret
}
return []byte(secret), nil
}
return nil, jwt.ErrSignatureInvalid
})
if err != nil {
logger.Errorf("Token Verify Err: %v", err)
return nil, fmt.Errorf("token invalid")
}
// 如果解析负荷成功并通过签名校验
claims, ok := jwtToken.Claims.(jwt.MapClaims)
if ok && jwtToken.Valid {
return claims, nil
}
return nil, fmt.Errorf("token valid error")
}
// UserInfoRemove 清除访问用户信息缓存
func UserInfoRemove(tokenStr string) (string, error) {
claims, err := UserTokenVerify(tokenStr, "access")
if err != nil {
logger.Errorf("token verify err %v", err)
return "", err
}
info := UserInfoGet(claims)
if info.User.UserName != "" {
// 清除缓存KEY
deviceId := fmt.Sprint(claims[constants.JWT_DEVICE_ID])
tokenKey := constants.CACHE_TOKEN_DEVICE + ":" + deviceId
return info.User.UserName, redis.Del("", tokenKey)
}
return "", fmt.Errorf("token invalid")
}
// UserInfoCreate 生成访问用户信息缓存
func UserInfoCreate(info *UserInfo, deviceFingerprint string, ilobArr [4]string) {
info.DeviceId = deviceFingerprint
// 设置请求用户登录客户端
info.LoginIp = ilobArr[0]
info.LoginLocation = ilobArr[1]
info.OS = ilobArr[2]
info.Browser = ilobArr[3]
expiresIn := time.Duration(parse.Number(config.Get("jwt.expiresIn")))
now := time.Now()
exp := now.Add(expiresIn * time.Minute)
info.LoginTime = now.UnixMilli()
info.ExpireTime = exp.UnixMilli()
// 设置新登录IP和登录时间
info.User.LoginIp = info.LoginIp
info.User.LoginTime = info.LoginTime
info.User.Password = ""
// 登录信息标识缓存
tokenKey := constants.CACHE_TOKEN_DEVICE + ":" + info.DeviceId
jsonBytes, err := json.Marshal(info)
if err != nil {
return
}
_ = redis.Set("", tokenKey, string(jsonBytes), expiresIn*time.Minute)
}
// UserInfoUpdate 更新访问用户信息缓存
func UserInfoUpdate(info UserInfo) {
info.User.Password = ""
// 登录信息标识缓存
tokenKey := constants.CACHE_TOKEN_DEVICE + ":" + info.DeviceId
jsonBytes, err := json.Marshal(info)
if err != nil {
return
}
expiresIn, _ := redis.GetExpire("", tokenKey)
expiration := time.Duration(expiresIn) * time.Second
_ = redis.Set("", tokenKey, string(jsonBytes), expiration)
}
// UserInfoGet 缓存的访问用户信息
func UserInfoGet(claims jwt.MapClaims) UserInfo {
info := UserInfo{}
deviceId := fmt.Sprint(claims[constants.JWT_DEVICE_ID])
tokenKey := constants.CACHE_TOKEN_DEVICE + ":" + deviceId
hasKey, err := redis.Has("", tokenKey)
if hasKey > 0 && err == nil {
infoStr, err := redis.Get("", tokenKey)
if infoStr == "" || err != nil {
return info
}
if err := json.Unmarshal([]byte(infoStr), &info); err != nil {
logger.Errorf("info json err : %v", err)
return info
}
}
return info
}