feat: 新增客户端授权管理和开放接口
This commit is contained in:
TsMask
@@ -22,3 +22,4 @@ CREATE TABLE "oauth2_client" (
|
||||
-- ----------------------------
|
||||
-- Records of oauth2_client
|
||||
-- ----------------------------
|
||||
INSERT INTO "oauth2_client" VALUES (1, 'omc5y0j15emByauth2', 'omcl28ybn6y4w9y9ntzsv88hyByauth2', 'Local', '127.0.0.1', '0', '', 0, 'system', 1745919659089, 'system', 1745920239962, '');
|
||||
|
||||
@@ -24,4 +24,9 @@ CREATE TABLE `oauth2_client` (
|
||||
|
||||
SET FOREIGN_KEY_CHECKS = 1;
|
||||
|
||||
--
|
||||
-- Dumping data for table `oauth2_client`
|
||||
--
|
||||
INSERT INTO `oauth2_client` VALUES (1, 'omc5y0j15emByauth2', 'omcl28ybn6y4w9y9ntzsv88hyByauth2', 'Local', '127.0.0.1', '0', '', 0, 'system', 1745919659089, 'system', 1745920239962, '');
|
||||
|
||||
-- Dump completed on 2025-04-25 15:26:56
|
||||
|
||||
@@ -51,7 +51,7 @@ func (s Oauth2Controller) Authorize(c *gin.Context) {
|
||||
|
||||
// 判断IP白名单
|
||||
if !strings.Contains(info.IPWhite, c.ClientIP()) {
|
||||
c.JSON(200, resp.ErrMsg("IP whitelist mismatch"))
|
||||
c.JSON(200, resp.ErrMsg("ip whitelist mismatch"))
|
||||
return
|
||||
}
|
||||
|
||||
@@ -93,7 +93,7 @@ func (s Oauth2Controller) Token(c *gin.Context) {
|
||||
}
|
||||
|
||||
// 登录客户端信息
|
||||
info, err := s.oauth2Service.ByClient(body.ClientId, body.ClientSecret)
|
||||
info, err := s.oauth2Service.ByClient(body.ClientId, body.ClientSecret, ipaddr)
|
||||
if err != nil {
|
||||
s.oauth2LogLoginService.Insert(
|
||||
body.ClientId, constants.STATUS_NO, err.Error(),
|
||||
@@ -153,8 +153,12 @@ func (s Oauth2Controller) RefreshToken(c *gin.Context) {
|
||||
}
|
||||
clientId := fmt.Sprint(claims[constants.JWT_CLIENT_ID])
|
||||
|
||||
// 当前请求信息
|
||||
ipaddr, location := reqctx.IPAddrLocation(c)
|
||||
os, browser := reqctx.UaOsBrowser(c)
|
||||
|
||||
// 客户端信息
|
||||
info, err := s.oauth2Service.ByClient(body.ClientId, body.ClientSecret)
|
||||
info, err := s.oauth2Service.ByClient(body.ClientId, body.ClientSecret, ipaddr)
|
||||
if err != nil {
|
||||
c.JSON(200, resp.ErrMsg(err.Error()))
|
||||
return
|
||||
@@ -192,9 +196,6 @@ func (s Oauth2Controller) RefreshToken(c *gin.Context) {
|
||||
refreshToken, refreshExpiresIn = token.Oauth2TokenCreate(clientId, deviceFingerprint, "refresh")
|
||||
}
|
||||
|
||||
// 当前请求信息
|
||||
ipaddr, location := reqctx.IPAddrLocation(c)
|
||||
os, browser := reqctx.UaOsBrowser(c)
|
||||
// 记录令牌,创建系统访问记录
|
||||
token.Oauth2InfoCreate(&info, deviceFingerprint, [4]string{ipaddr, location, os, browser})
|
||||
s.oauth2Service.UpdateLoginDateAndIP(info)
|
||||
|
||||
@@ -46,11 +46,11 @@ func (s Oauth2ClientController) Info(c *gin.Context) {
|
||||
}
|
||||
|
||||
info := s.oauth2ClientService.FindByClientId(clientId)
|
||||
if info.ClientId == "" || info.ClientId != clientId {
|
||||
c.JSON(200, resp.ErrMsg("clientId does not exist"))
|
||||
if info.ClientId == clientId {
|
||||
c.JSON(200, resp.OkData(info))
|
||||
return
|
||||
}
|
||||
c.JSON(200, resp.OkData(info))
|
||||
c.JSON(200, resp.ErrMsg("clientId does not exist"))
|
||||
}
|
||||
|
||||
// Add 新增
|
||||
@@ -68,8 +68,16 @@ func (s Oauth2ClientController) Add(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
localHost := strings.Contains(body.IPWhite, "127.0.0.1") || strings.Contains(body.IPWhite, "localhost") || strings.Contains(body.IPWhite, "::1")
|
||||
if localHost || strings.Contains(body.IPWhite, "::ffff:") {
|
||||
// 本地IP地址不支持
|
||||
localHosts := []string{"127.0.0.1", "localhost", "::ffff:", "::1"}
|
||||
localHost := false
|
||||
for _, host := range localHosts {
|
||||
if strings.Contains(body.IPWhite, host) {
|
||||
localHost = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if localHost {
|
||||
c.JSON(200, resp.ErrMsg("no support local host"))
|
||||
return
|
||||
}
|
||||
@@ -98,8 +106,16 @@ func (s Oauth2ClientController) Edit(c *gin.Context) {
|
||||
return
|
||||
}
|
||||
|
||||
localHost := strings.Contains(body.IPWhite, "127.0.0.1") || strings.Contains(body.IPWhite, "localhost") || strings.Contains(body.IPWhite, "::1")
|
||||
if localHost || strings.Contains(body.IPWhite, "::ffff:") {
|
||||
// 本地IP地址不支持
|
||||
localHosts := []string{"127.0.0.1", "localhost", "::ffff:", "::1"}
|
||||
localHost := false
|
||||
for _, host := range localHosts {
|
||||
if strings.Contains(body.IPWhite, host) {
|
||||
localHost = true
|
||||
break
|
||||
}
|
||||
}
|
||||
if localHost {
|
||||
c.JSON(200, resp.ErrMsg("no support local host"))
|
||||
return
|
||||
}
|
||||
|
||||
@@ -5,7 +5,6 @@ import (
|
||||
|
||||
"be.ems/src/framework/logger"
|
||||
"be.ems/src/framework/middleware"
|
||||
monitorController "be.ems/src/modules/monitor/controller"
|
||||
"be.ems/src/modules/oauth2/controller"
|
||||
)
|
||||
|
||||
@@ -70,14 +69,6 @@ func Setup(router *gin.Engine) {
|
||||
)
|
||||
}
|
||||
|
||||
// ==== 开放接口 ====
|
||||
|
||||
openApiGroup := router.Group("/open-api")
|
||||
{
|
||||
openApiGroup.GET("/monitor/system",
|
||||
middleware.AuthorizeOauth2(nil),
|
||||
monitorController.NewSystem.Info,
|
||||
)
|
||||
}
|
||||
|
||||
// ==== 授权认证的开放接口 ====
|
||||
openAPI(router)
|
||||
}
|
||||
|
||||
33
src/modules/oauth2/open_api.go
Normal file
33
src/modules/oauth2/open_api.go
Normal file
@@ -0,0 +1,33 @@
|
||||
package oauth2
|
||||
|
||||
import (
|
||||
"github.com/gin-gonic/gin"
|
||||
|
||||
"be.ems/src/framework/middleware"
|
||||
monitorController "be.ems/src/modules/monitor/controller"
|
||||
neController "be.ems/src/modules/network_element/controller"
|
||||
)
|
||||
|
||||
// openAPI 客户端授权开放接口
|
||||
func openAPI(router *gin.Engine) {
|
||||
openApiGroup := router.Group("/open-api")
|
||||
|
||||
// 监控
|
||||
monitorGroup := openApiGroup.Group("/monitor")
|
||||
{
|
||||
monitorGroup.GET("/system",
|
||||
middleware.AuthorizeOauth2(nil),
|
||||
monitorController.NewSystem.Info,
|
||||
)
|
||||
}
|
||||
|
||||
// 网元
|
||||
neGroup := openApiGroup.Group("/ne")
|
||||
{
|
||||
neGroup.GET("/state",
|
||||
middleware.AuthorizeOauth2(nil),
|
||||
neController.NewNeInfo.State,
|
||||
)
|
||||
}
|
||||
|
||||
}
|
||||
@@ -54,7 +54,7 @@ func (s Oauth2Service) ValidateCode(code string) error {
|
||||
}
|
||||
|
||||
// ByClient 客户端信息
|
||||
func (s Oauth2Service) ByClient(clientId, clientSecret string) (token.Oauth2Info, error) {
|
||||
func (s Oauth2Service) ByClient(clientId, clientSecret, ipaddr string) (token.Oauth2Info, error) {
|
||||
info := token.Oauth2Info{}
|
||||
|
||||
// 查询用户登录账号
|
||||
@@ -66,9 +66,13 @@ func (s Oauth2Service) ByClient(clientId, clientSecret string) (token.Oauth2Info
|
||||
if len(rows) > 0 {
|
||||
item = rows[0]
|
||||
}
|
||||
if item.ClientId == "" {
|
||||
if item.ClientId == "" || item.ClientSecret == "" {
|
||||
return info, fmt.Errorf("clientId or clientSecret is not exist")
|
||||
}
|
||||
// 判断IP白名单
|
||||
if !strings.Contains(item.IPWhite, ipaddr) {
|
||||
return info, fmt.Errorf("ip whitelist mismatch")
|
||||
}
|
||||
|
||||
info.ClientId = clientId
|
||||
// 用户权限组标识
|
||||
|
||||
Reference in New Issue
Block a user