feat: Implement Oauth2 login log service and repository

- Added Oauth2LogLoginService for managing user authorization logs.
- Implemented methods for inserting logs, cleaning logs, and exporting log data.
- Created a new file for Oauth2 login log service.

refactor: Remove unused open_api module

- Deleted the open_api.go file as it was not utilized in the project.

fix: Update error codes in SysProfileController

- Changed error codes for binding errors and user authentication errors to more descriptive values.

fix: Update cache handling in SysConfig and SysDictType services

- Modified Redis set operations to include expiration time for cached values.

refactor: Update middleware authorization checks

- Replaced PreAuthorize middleware with AuthorizeUser across multiple routes in system and tool modules for consistency.

chore: Clean up trace and ws modules

- Updated middleware authorization in trace and ws modules to use AuthorizeUser.

src/modules/auth/controller/account.go

@@ -2,7 +2,7 @@ package controller
 
 import (
 	"fmt"
-	"strings"
+	"time"
 
 	"be.ems/src/framework/config"
 	"be.ems/src/framework/constants"
@@ -10,6 +10,7 @@ import (
 	"be.ems/src/framework/reqctx"
 	"be.ems/src/framework/resp"
 	"be.ems/src/framework/token"
+	"be.ems/src/framework/utils/parse"
 	"be.ems/src/modules/auth/model"
 	"be.ems/src/modules/auth/service"
 	systemModelVO "be.ems/src/modules/system/model/vo"
@@ -34,7 +35,7 @@ type AccountController struct {
 
 // Login 系统登录
 //
-// POST /login
+// POST /auth/login
 //
 //	@Tags			common/authorization
 //	@Accept			json
@@ -43,13 +44,13 @@ type AccountController struct {
 //	@Success		200		{object}	object	"Response Results"
 //	@Summary		System Login
 //	@Description	System Login
-//	@Router			/login [post]
+//	@Router			/auth/login [post]
 func (s AccountController) Login(c *gin.Context) {
 	language := reqctx.AcceptLanguage(c)
 	var body model.LoginBody
 	if err := c.ShouldBindJSON(&body); err != nil {
 		errMsgs := fmt.Sprintf("bind err: %s", resp.FormatBindError(err))
-		c.JSON(422, resp.CodeMsg(40422, errMsgs))
+		c.JSON(422, resp.CodeMsg(422001, errMsgs))
 		return
 	}
 
@@ -59,27 +60,31 @@ func (s AccountController) Login(c *gin.Context) {
 
 	// 校验验证码 根据错误信息，创建系统访问记录
 	if err := s.accountService.ValidateCaptcha(body.Code, body.UUID); err != nil {
-		msg := fmt.Sprintf("%s code: %s", err.Error(), body.Code)
+		msg := fmt.Sprintf("%s code %s", err.Error(), body.Code)
 		s.sysLogLoginService.Insert(
 			body.Username, constants.STATUS_NO, msg,
 			[4]string{ipaddr, location, os, browser},
 		)
-		c.JSON(400, resp.CodeMsg(40012, i18n.TKey(language, err.Error())))
+		c.JSON(200, resp.ErrMsg(i18n.TKey(language, err.Error())))
 		return
 	}
 
 	// 登录用户信息
-	loginUser, err := s.accountService.ByUsername(body.Username, body.Password)
+	info, err := s.accountService.ByUsername(body.Username, body.Password)
 	if err != nil {
+		s.sysLogLoginService.Insert(
+			body.Username, constants.STATUS_NO, err.Error(),
+			[4]string{ipaddr, location, os, browser},
+		)
 		c.JSON(200, resp.ErrMsg(i18n.TKey(language, err.Error())))
 		return
 	}
 
 	data := map[string]any{}
 
-	if !config.IsSystemUser(loginUser.UserId) {
+	if !config.IsSystemUser(info.UserId) {
 		// 强制改密码
-		forcePasswdChange, err := s.accountService.PasswordCountOrExpireTime(loginUser.User.LoginCount, loginUser.User.PasswordUpdateTime)
+		forcePasswdChange, err := s.accountService.PasswordCountOrExpireTime(info.User.LoginCount, info.User.PasswordUpdateTime)
 		if err != nil {
 			c.JSON(200, resp.ErrMsg(i18n.TKey(language, err.Error())))
 			return
@@ -89,25 +94,132 @@ func (s AccountController) Login(c *gin.Context) {
 		}
 	}
 
-	// 生成令牌，创建系统访问记录
-	tokenStr := token.Create(&loginUser, [4]string{ipaddr, location, os, browser})
-	if tokenStr == "" {
-		c.JSON(200, resp.Err(nil))
+	deviceFingerprint := reqctx.DeviceFingerprint(c, info.UserId)
+
+	// 生成访问令牌
+	accessToken, expiresIn := token.UserTokenCreate(info.UserId, deviceFingerprint, "access")
+	if accessToken == "" || expiresIn == 0 {
+		c.JSON(200, resp.ErrMsg("token generation failed"))
+		return
+	}
+	// 生成刷新令牌
+	refreshToken, refreshExpiresIn := token.UserTokenCreate(info.UserId, deviceFingerprint, "refresh")
+
+	// 记录令牌，创建系统访问记录
+	token.UserInfoCreate(&info, deviceFingerprint, [4]string{ipaddr, location, os, browser})
+	s.accountService.UpdateLoginDateAndIP(info)
+	s.sysLogLoginService.Insert(
+		body.Username, constants.STATUS_YES, "app.common.loginSuccess",
+		[4]string{ipaddr, location, os, browser},
+	)
+
+	data["tokenType"] = constants.HEADER_PREFIX
+	data["accessToken"] = accessToken
+	data["expiresIn"] = expiresIn
+	data["refreshToken"] = refreshToken
+	data["refreshExpiresIn"] = refreshExpiresIn
+	data["userId"] = info.UserId
+	c.JSON(200, resp.OkData(data))
+}
+
+// Logout 系统登出
+//
+// POST /auth/logout
+func (s AccountController) Logout(c *gin.Context) {
+	language := reqctx.AcceptLanguage(c)
+	tokenStr := reqctx.Authorization(c)
+	if tokenStr != "" {
+		// 存在token时记录退出信息
+		userName, err := token.UserInfoRemove(tokenStr)
+		if err != nil {
+			// 当前请求信息
+			ipaddr, location := reqctx.IPAddrLocation(c)
+			os, browser := reqctx.UaOsBrowser(c)
+			// 创建系统访问记录
+			s.sysLogLoginService.Insert(
+				userName, constants.STATUS_YES, "app.common.logoutSuccess",
+				[4]string{ipaddr, location, os, browser},
+			)
+		}
+	}
+	c.JSON(200, resp.OkMsg(i18n.TKey(language, "app.common.logoutSuccess")))
+}
+
+// RefreshToken 刷新Token
+//
+// POST /auth/refresh-token
+func (s AccountController) RefreshToken(c *gin.Context) {
+	var body struct {
+		RefreshToken string `json:"refreshToken" binding:"required"` // 刷新令牌
+	}
+	if err := c.ShouldBindJSON(&body); err != nil {
+		errMsgs := fmt.Sprintf("bind err: %s", resp.FormatBindError(err))
+		c.JSON(422, resp.CodeMsg(422001, errMsgs))
 		return
-	} else {
-		s.accountService.UpdateLoginDateAndIP(loginUser)
-		// 登录成功
-		s.sysLogLoginService.Insert(
-			body.Username, constants.STATUS_YES, "app.common.loginSuccess",
-			[4]string{ipaddr, location, os, browser},
-		)
 	}
 
-	data["accessToken"] = tokenStr
-	data["tokenType"] = strings.TrimRight(constants.HEADER_PREFIX, " ")
-	data["expiresIn"] = (loginUser.ExpireTime - loginUser.LoginTime) / 1000
-	data["userId"] = loginUser.UserId
-	c.JSON(200, resp.OkData(data))
+	// 验证刷新令牌是否有效
+	claims, err := token.UserTokenVerify(body.RefreshToken, "refresh")
+	if err != nil {
+		c.JSON(401, resp.CodeMsg(401001, err.Error()))
+		return
+	}
+	userId := parse.Number(claims[constants.JWT_USER_ID])
+
+	// 登录用户信息
+	info, err := s.accountService.ByUserId(userId)
+	if err != nil {
+		c.JSON(200, resp.ErrMsg(err.Error()))
+		return
+	}
+
+	// 设备指纹信息是否一致
+	deviceId := fmt.Sprint(claims[constants.JWT_DEVICE_ID])
+	deviceFingerprint := reqctx.DeviceFingerprint(c, userId)
+	if deviceId != deviceFingerprint {
+		c.JSON(200, resp.ErrMsg("device fingerprint mismatch"))
+		return
+	}
+
+	// 生成访问令牌
+	accessToken, expiresIn := token.UserTokenCreate(userId, deviceFingerprint, "access")
+	if accessToken == "" || expiresIn == 0 {
+		c.JSON(200, resp.ErrMsg("token generation failed"))
+		return
+	}
+	// 生成刷新令牌
+	now := time.Now()
+	exp, _ := claims.GetExpirationTime()
+	iat, _ := claims.GetIssuedAt()
+	refreshExpiresIn := int64(exp.Sub(now).Seconds())
+	refreshToken := body.RefreshToken
+
+	// 如果当前时间大于过期时间的一半，则生成新令牌
+	halfExp := exp.Add(-(exp.Sub(iat.Time)) / 2)
+	if now.After(halfExp) {
+		refreshToken, refreshExpiresIn = token.UserTokenCreate(userId, deviceFingerprint, "refresh")
+	}
+
+	// 当前请求信息
+	ipaddr, location := reqctx.IPAddrLocation(c)
+	os, browser := reqctx.UaOsBrowser(c)
+	// 记录令牌，创建系统访问记录
+	token.UserInfoCreate(&info, deviceFingerprint, [4]string{ipaddr, location, os, browser})
+	s.accountService.UpdateLoginDateAndIP(info)
+	s.sysLogLoginService.Insert(
+		info.User.UserName, constants.STATUS_YES, "Refresh Access Token Successful",
+		[4]string{ipaddr, location, os, browser},
+	)
+
+	// 返回访问令牌和刷新令牌
+	c.JSON(200, resp.OkData(map[string]any{
+		"tokenType":        constants.HEADER_PREFIX,
+		"accessToken":      accessToken,
+		"expiresIn":        expiresIn,
+		"refreshToken":     refreshToken,
+		"refreshExpiresIn": refreshExpiresIn,
+		"userId":           userId,
+	}))
 }
 
 // Me 登录用户信息
@@ -126,7 +238,7 @@ func (s AccountController) Me(c *gin.Context) {
 	language := reqctx.AcceptLanguage(c)
 	info, err := reqctx.LoginUser(c)
 	if err != nil {
-		c.JSON(401, resp.CodeMsg(40003, err.Error()))
+		c.JSON(401, resp.CodeMsg(401002, err.Error()))
 		return
 	}
 
@@ -146,7 +258,6 @@ func (s AccountController) Me(c *gin.Context) {
 		"roles":       roles,
 		"permissions": perms,
 	}
-
 	if !isSystemUser {
 		// 强制改密码
 		forcePasswdChange, _ := s.accountService.PasswordCountOrExpireTime(info.User.LoginCount, info.User.PasswordUpdateTime)
@@ -170,12 +281,11 @@ func (s AccountController) Me(c *gin.Context) {
 //	@Description	Login User Routing Information
 //	@Router			/router [get]
 func (s AccountController) Router(c *gin.Context) {
-	userId := reqctx.LoginUserToUserID(c)
+	loginUserId := reqctx.LoginUserToUserID(c)
 
 	// 前端路由，系统管理员拥有所有
-	isSystemUser := config.IsSystemUser(userId)
-	buildMenus := s.accountService.RouteMenus(userId, isSystemUser)
-
+	isSystemUser := config.IsSystemUser(loginUserId)
+	buildMenus := s.accountService.RouteMenus(loginUserId, isSystemUser)
 	// 闭包函数处理多语言
 	language := reqctx.AcceptLanguage(c)
 	var converI18n func(language string, arr *[]systemModelVO.Router)
@@ -191,36 +301,3 @@ func (s AccountController) Router(c *gin.Context) {
 
 	c.JSON(200, resp.OkData(buildMenus))
 }
-
-// Logout 系统登出
-//
-// POST /logout
-//
-//	@Tags			common/authorization
-//	@Accept			json
-//	@Produce		json
-//	@Success		200	{object}	object	"Response Results"
-//	@Security		TokenAuth
-//	@Summary		System Logout
-//	@Description	System Logout
-//	@Router			/logout [post]
-func (s AccountController) Logout(c *gin.Context) {
-	language := reqctx.AcceptLanguage(c)
-	tokenStr := reqctx.Authorization(c)
-	if tokenStr != "" {
-		// 存在token时记录退出信息
-		userName := token.Remove(tokenStr)
-		if userName != "" {
-			// 当前请求信息
-			ipaddr, location := reqctx.IPAddrLocation(c)
-			os, browser := reqctx.UaOsBrowser(c)
-			// 创建系统访问记录
-			s.sysLogLoginService.Insert(
-				userName, constants.STATUS_YES, "app.common.logoutSuccess",
-				[4]string{ipaddr, location, os, browser},
-			)
-		}
-	}
-
-	c.JSON(200, resp.OkMsg(i18n.TKey(language, "app.common.logoutSuccess")))
-}

src/modules/auth/controller/bootloader.go

@@ -1,8 +1,6 @@
 package controller
 
 import (
-	"strings"
-
 	"be.ems/src/framework/constants"
 	"be.ems/src/framework/i18n"
 	"be.ems/src/framework/reqctx"
@@ -52,7 +50,7 @@ func (s *BootloaderController) Start(c *gin.Context) {
 	}
 
 	// 登录用户信息
-	loginUser := token.TokenInfo{
+	info := token.UserInfo{
 		UserId:      sysUser.UserId,
 		DeptId:      sysUser.DeptId,
 		User:        sysUser,
@@ -60,23 +58,24 @@ func (s *BootloaderController) Start(c *gin.Context) {
 	}
 
 	// 当前请求信息
-	ipaddr, location := reqctx.IPAddrLocation(c)
-	os, browser := reqctx.UaOsBrowser(c)
+	deviceFingerprint := reqctx.DeviceFingerprint(c, info.UserId)
 
-	// 生成令牌，创建系统访问记录
-	tokenStr := token.Create(&loginUser, [4]string{ipaddr, location, os, browser})
-	if tokenStr == "" {
-		c.JSON(200, resp.Err(nil))
+	// 生成访问令牌
+	accessToken, expiresIn := token.UserTokenCreate(info.UserId, deviceFingerprint, "access")
+	if accessToken == "" || expiresIn == 0 {
+		c.JSON(200, resp.ErrMsg("token generation failed"))
 		return
-	} else {
-		s.accountService.UpdateLoginDateAndIP(loginUser)
 	}
+	// 创建系统访问记录
+	s.accountService.UpdateLoginDateAndIP(info)
 
 	c.JSON(200, resp.OkData(map[string]any{
-		"accessToken": tokenStr,
-		"tokenType":   strings.TrimRight(constants.HEADER_PREFIX, " "),
-		"expiresIn":   (loginUser.ExpireTime - loginUser.LoginTime) / 1000,
-		"userId":      loginUser.UserId,
+		"tokenType":        constants.HEADER_PREFIX,
+		"accessToken":      accessToken,
+		"expiresIn":        expiresIn,
+		"refreshToken":     "",
+		"refreshExpiresIn": 0,
+		"userId":           info.UserId,
 	}))
 }
 
@@ -102,7 +101,7 @@ func (s *BootloaderController) Done(c *gin.Context) {
 	}
 
 	// 清除授权信息
-	token.Remove(reqctx.Authorization(c))
+	token.UserInfoRemove(reqctx.Authorization(c))
 	c.JSON(200, resp.Ok(nil))
 }
 
@@ -127,7 +126,7 @@ func (s *BootloaderController) Reset(c *gin.Context) {
 	}
 
 	// 清除授权信息
-	token.Remove(reqctx.Authorization(c))
+	token.UserInfoRemove(reqctx.Authorization(c))
 	c.JSON(200, resp.Ok(nil))
 }
 

src/modules/auth/controller/captcha.go

@@ -87,7 +87,7 @@ func (s *CaptchaController) Image(c *gin.Context) {
 			data["img"] = item.EncodeB64string()
 			expiration := constants.CAPTCHA_EXPIRATION * time.Second
 			verifyKey = constants.CACHE_CAPTCHA_CODE + ":" + id
-			redis.SetByExpire("", verifyKey, answer, expiration)
+			redis.Set("", verifyKey, answer, expiration)
 		}
 	}
 	if captchaType == constants.CAPTCHA_TYPE_CHAR {
@@ -121,7 +121,7 @@ func (s *CaptchaController) Image(c *gin.Context) {
 			data["img"] = item.EncodeB64string()
 			expiration := constants.CAPTCHA_EXPIRATION * time.Second
 			verifyKey = constants.CACHE_CAPTCHA_CODE + ":" + id
-			redis.SetByExpire("", verifyKey, answer, expiration)
+			redis.Set("", verifyKey, answer, expiration)
 		}
 	}
 

src/modules/auth/controller/register.go

@@ -29,15 +29,32 @@ type RegisterController struct {
 	sysLogLoginService *systemService.SysLogLogin // 系统登录访问服务
 }
 
-// 账号注册
+// Register 账号注册
 //
-// GET /register
-func (s *RegisterController) Register(c *gin.Context) {
+// POST /auth/register
+func (s RegisterController) Register(c *gin.Context) {
 	language := reqctx.AcceptLanguage(c)
 	var body model.RegisterBody
 	if err := c.ShouldBindJSON(&body); err != nil {
 		errMsgs := fmt.Sprintf("bind err: %s", resp.FormatBindError(err))
-		c.JSON(422, resp.CodeMsg(40422, errMsgs))
+		c.JSON(422, resp.CodeMsg(422001, errMsgs))
+		return
+	}
+
+	// 当前请求信息
+	ipaddr, location := reqctx.IPAddrLocation(c)
+	os, browser := reqctx.UaOsBrowser(c)
+
+	// 校验验证码
+	err := s.registerService.ValidateCaptcha(body.Code, body.UUID)
+	// 根据错误信息，创建系统访问记录
+	if err != nil {
+		msg := fmt.Sprintf("%s code %s", err.Error(), body.Code)
+		s.sysLogLoginService.Insert(
+			body.Username, constants.STATUS_NO, msg,
+			[4]string{ipaddr, location, os, browser},
+		)
+		c.JSON(200, resp.ErrMsg(err.Error()))
 		return
 	}
 
@@ -47,15 +64,9 @@ func (s *RegisterController) Register(c *gin.Context) {
 		c.JSON(200, resp.ErrMsg(i18n.TKey(language, "register.errUsername")))
 		return
 	}
-	// if !regular.ValidPassword(body.Password) {
-	// 	// 登录密码至少包含大小写字母、数字、特殊符号，且不少于6位
-	// 	c.JSON(200, resp.ErrMsg(i18n.TKey(language, "register.errPasswd")))
-	// 	return
-	// }
-	// 检查用户密码策略强度
-	ok, errMsg := s.registerService.ValidatePasswordPolicy(body.Password, language)
-	if !ok {
-		c.JSON(200, resp.ErrMsg(errMsg))
+	if !regular.ValidPassword(body.Password) {
+		// 登录密码至少包含大小写字母、数字、特殊符号，且不少于6位
+		c.JSON(200, resp.ErrMsg(i18n.TKey(language, "register.errPasswd")))
 		return
 	}
 	if body.Password != body.ConfirmPassword {
@@ -64,26 +75,7 @@ func (s *RegisterController) Register(c *gin.Context) {
 		return
 	}
 
-	// 当前请求信息
-	ipaddr, location := reqctx.IPAddrLocation(c)
-	os, browser := reqctx.UaOsBrowser(c)
-
-	// 校验验证码
-	err := s.registerService.ValidateCaptcha(
-		body.Code,
-		body.UUID,
-	)
-	// 根据错误信息，创建系统访问记录
-	if err != nil {
-		msg := err.Error() + " code: " + body.Code
-		s.sysLogLoginService.Insert(
-			body.Username, constants.STATUS_NO, msg,
-			[4]string{ipaddr, location, os, browser},
-		)
-		c.JSON(200, resp.ErrMsg(err.Error()))
-		return
-	}
-
+	// 进行注册
 	userId, err := s.registerService.ByUserName(body.Username, body.Password)
 	if err == nil {
 		msg := i18n.TTemplate(language, "register.successMsg", map[string]any{"name": body.Username, "id": userId})