OMC/be.ems
1
0
Fork 0
Code Issues Releases 3 Activity

feat: 新增客户端授权管理和开放接口

Browse Source
This commit is contained in:
TsMask
2025-04-29 18:17:20 +08:00
parent 4ca7e7981b
commit baa7f1e80a
7 changed files with 77 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
build/database/lite/install/oauth2_client.sql
View File

@@ -22,3 +22,4 @@ CREATE TABLE "oauth2_client" (
-- ---------------------------- -- ----------------------------
-- Records of oauth2_client -- Records of oauth2_client
-- ---------------------------- -- ----------------------------
INSERT INTO "oauth2_client" VALUES (1, 'omc5y0j15emByauth2', 'omcl28ybn6y4w9y9ntzsv88hyByauth2', 'Local', '127.0.0.1', '0', '', 0, 'system', 1745919659089, 'system', 1745920239962, '');

5
build/database/std/install/oauth2_client.sql
View File

@@ -24,4 +24,9 @@ CREATE TABLE `oauth2_client` (
SET FOREIGN_KEY_CHECKS = 1; SET FOREIGN_KEY_CHECKS = 1;
--
-- Dumping data for table `oauth2_client`
--
INSERT INTO `oauth2_client` VALUES (1, 'omc5y0j15emByauth2', 'omcl28ybn6y4w9y9ntzsv88hyByauth2', 'Local', '127.0.0.1', '0', '', 0, 'system', 1745919659089, 'system', 1745920239962, '');
-- Dump completed on 2025-04-25 15:26:56 -- Dump completed on 2025-04-25 15:26:56

13
src/modules/oauth2/controller/oauth2.go
View File

@@ -51,7 +51,7 @@ func (s Oauth2Controller) Authorize(c *gin.Context) {
// 判断IP白名单 // 判断IP白名单
if !strings.Contains(info.IPWhite, c.ClientIP()) { if !strings.Contains(info.IPWhite, c.ClientIP()) {
c.JSON(200, resp.ErrMsg("IP whitelist mismatch")) c.JSON(200, resp.ErrMsg("ip whitelist mismatch"))
return return
} }
@@ -93,7 +93,7 @@ func (s Oauth2Controller) Token(c *gin.Context) {
} }
// 登录客户端信息 // 登录客户端信息
info, err := s.oauth2Service.ByClient(body.ClientId, body.ClientSecret) info, err := s.oauth2Service.ByClient(body.ClientId, body.ClientSecret, ipaddr)
if err != nil { if err != nil {
s.oauth2LogLoginService.Insert( s.oauth2LogLoginService.Insert(
body.ClientId, constants.STATUS_NO, err.Error(), body.ClientId, constants.STATUS_NO, err.Error(),
@@ -153,8 +153,12 @@ func (s Oauth2Controller) RefreshToken(c *gin.Context) {
} }
clientId := fmt.Sprint(claims[constants.JWT_CLIENT_ID]) clientId := fmt.Sprint(claims[constants.JWT_CLIENT_ID])
// 当前请求信息
ipaddr, location := reqctx.IPAddrLocation(c)
os, browser := reqctx.UaOsBrowser(c)
// 客户端信息 // 客户端信息
info, err := s.oauth2Service.ByClient(body.ClientId, body.ClientSecret) info, err := s.oauth2Service.ByClient(body.ClientId, body.ClientSecret, ipaddr)
if err != nil { if err != nil {
c.JSON(200, resp.ErrMsg(err.Error())) c.JSON(200, resp.ErrMsg(err.Error()))
return return
@@ -192,9 +196,6 @@ func (s Oauth2Controller) RefreshToken(c *gin.Context) {
refreshToken, refreshExpiresIn = token.Oauth2TokenCreate(clientId, deviceFingerprint, "refresh") refreshToken, refreshExpiresIn = token.Oauth2TokenCreate(clientId, deviceFingerprint, "refresh")
} }
// 当前请求信息
ipaddr, location := reqctx.IPAddrLocation(c)
os, browser := reqctx.UaOsBrowser(c)
// 记录令牌,创建系统访问记录 // 记录令牌,创建系统访问记录
token.Oauth2InfoCreate(&info, deviceFingerprint, [4]string{ipaddr, location, os, browser}) token.Oauth2InfoCreate(&info, deviceFingerprint, [4]string{ipaddr, location, os, browser})
s.oauth2Service.UpdateLoginDateAndIP(info) s.oauth2Service.UpdateLoginDateAndIP(info)

30
src/modules/oauth2/controller/oauth2_client.go
View File

@@ -46,11 +46,11 @@ func (s Oauth2ClientController) Info(c *gin.Context) {
} }
info := s.oauth2ClientService.FindByClientId(clientId) info := s.oauth2ClientService.FindByClientId(clientId)
if info.ClientId == "" || info.ClientId != clientId { if info.ClientId == clientId {
c.JSON(200, resp.ErrMsg("clientId does not exist")) c.JSON(200, resp.OkData(info))
return return
} }
c.JSON(200, resp.OkData(info)) c.JSON(200, resp.ErrMsg("clientId does not exist"))
} }
// Add 新增 // Add 新增
@@ -68,8 +68,16 @@ func (s Oauth2ClientController) Add(c *gin.Context) {
return return
} }
localHost := strings.Contains(body.IPWhite, "127.0.0.1") || strings.Contains(body.IPWhite, "localhost") || strings.Contains(body.IPWhite, "::1") // 本地IP地址不支持
if localHost || strings.Contains(body.IPWhite, "::ffff:") { localHosts := []string{"127.0.0.1", "localhost", "::ffff:", "::1"}
localHost := false
for _, host := range localHosts {
if strings.Contains(body.IPWhite, host) {
localHost = true
break
}
}
if localHost {
c.JSON(200, resp.ErrMsg("no support local host")) c.JSON(200, resp.ErrMsg("no support local host"))
return return
} }
@@ -98,8 +106,16 @@ func (s Oauth2ClientController) Edit(c *gin.Context) {
return return
} }
localHost := strings.Contains(body.IPWhite, "127.0.0.1") || strings.Contains(body.IPWhite, "localhost") || strings.Contains(body.IPWhite, "::1") // 本地IP地址不支持
if localHost || strings.Contains(body.IPWhite, "::ffff:") { localHosts := []string{"127.0.0.1", "localhost", "::ffff:", "::1"}
localHost := false
for _, host := range localHosts {
if strings.Contains(body.IPWhite, host) {
localHost = true
break
}
}
if localHost {
c.JSON(200, resp.ErrMsg("no support local host")) c.JSON(200, resp.ErrMsg("no support local host"))
return return
} }

13
src/modules/oauth2/oauth2.go
View File

@@ -5,7 +5,6 @@ import (
"be.ems/src/framework/logger" "be.ems/src/framework/logger"
"be.ems/src/framework/middleware" "be.ems/src/framework/middleware"
monitorController "be.ems/src/modules/monitor/controller"
"be.ems/src/modules/oauth2/controller" "be.ems/src/modules/oauth2/controller"
) )
@@ -70,14 +69,6 @@ func Setup(router *gin.Engine) {
) )
} }
// ==== 开放接口 ==== // ==== 授权认证的开放接口 ====
openAPI(router)
openApiGroup := router.Group("/open-api")
{
openApiGroup.GET("/monitor/system",
middleware.AuthorizeOauth2(nil),
monitorController.NewSystem.Info,
)
}
} }

33
src/modules/oauth2/open_api.go Normal file
View File

@@ -0,0 +1,33 @@
package oauth2
import (
"github.com/gin-gonic/gin"
"be.ems/src/framework/middleware"
monitorController "be.ems/src/modules/monitor/controller"
neController "be.ems/src/modules/network_element/controller"
)
// openAPI 客户端授权开放接口
func openAPI(router *gin.Engine) {
openApiGroup := router.Group("/open-api")
// 监控
monitorGroup := openApiGroup.Group("/monitor")
{
monitorGroup.GET("/system",
middleware.AuthorizeOauth2(nil),
monitorController.NewSystem.Info,
)
}
// 网元
neGroup := openApiGroup.Group("/ne")
{
neGroup.GET("/state",
middleware.AuthorizeOauth2(nil),
neController.NewNeInfo.State,
)
}
}

8
src/modules/oauth2/service/oauth2.go
View File

@@ -54,7 +54,7 @@ func (s Oauth2Service) ValidateCode(code string) error {
} }
// ByClient 客户端信息 // ByClient 客户端信息
func (s Oauth2Service) ByClient(clientId, clientSecret string) (token.Oauth2Info, error) { func (s Oauth2Service) ByClient(clientId, clientSecret, ipaddr string) (token.Oauth2Info, error) {
info := token.Oauth2Info{} info := token.Oauth2Info{}
// 查询用户登录账号 // 查询用户登录账号
@@ -66,9 +66,13 @@ func (s Oauth2Service) ByClient(clientId, clientSecret string) (token.Oauth2Info
if len(rows) > 0 { if len(rows) > 0 {
item = rows[0] item = rows[0]
} }
if item.ClientId == "" { if item.ClientId == "" || item.ClientSecret == "" {
return info, fmt.Errorf("clientId or clientSecret is not exist") return info, fmt.Errorf("clientId or clientSecret is not exist")
} }
// 判断IP白名单
if !strings.Contains(item.IPWhite, ipaddr) {
return info, fmt.Errorf("ip whitelist mismatch")
}
info.ClientId = clientId info.ClientId = clientId
// 用户权限组标识 // 用户权限组标识