From 5b7778b09ee25618c3cd9c994cd9e2c4b7427ea5 Mon Sep 17 00:00:00 2001 From: TsMask <340112800@qq.com> Date: Wed, 23 Aug 2023 17:22:22 +0800 Subject: [PATCH] =?UTF-8?q?=E7=99=BB=E5=BD=95=E5=9B=9E=E8=B7=B3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- handle/api/req_cmca_login_alarm.go | 55 +++++++++++++++--- handle/api/req_cmca_login_seq copy.go | 83 --------------------------- handle/api/req_cmca_login_seq.go | 2 +- handle/api/req_login_alarm.go | 7 ++- handle/service/login.go | 50 ++++++++-------- 5 files changed, 74 insertions(+), 123 deletions(-) delete mode 100644 handle/api/req_cmca_login_seq copy.go diff --git a/handle/api/req_cmca_login_alarm.go b/handle/api/req_cmca_login_alarm.go index 34b8103..5f22e5a 100644 --- a/handle/api/req_cmca_login_alarm.go +++ b/handle/api/req_cmca_login_alarm.go @@ -3,7 +3,8 @@ package api import ( "omc/core" "omc/core/manage" - "omc/core/utils" + "omc/core/parse" + "omc/handle/service" "github.com/aceld/zinx/ziface" "github.com/aceld/zinx/zlog" @@ -20,6 +21,16 @@ type ReqCMCALoginAlarm struct { } func (*ReqCMCALoginAlarm) Handle(request ziface.IRequest) { + // 登录消息处理 + body, err := parse.RequestBodyDecode(request, []string{"user", "key", "cert", "type"}) + username := body.Data["user"] + key := body.Data["key"] + tp := body.Data["type"] + if err != nil || username == "" || key == "" || tp == "" { + zlog.Ins().ErrorF("inlaid message body %s", err.Error()) + request.GetConnection().SendMsg(ReqLoginAlarmMsgType, core.ResultError(ReqLoginAlarmMsgName, err.Error(), "")) + return + } // 获取当前请求的通道 m := manage.GetManager(request.GetConnection().GetName()) @@ -34,13 +45,39 @@ func (*ReqCMCALoginAlarm) Handle(request ziface.IRequest) { request.GetConnection().Stop() return } - // seqNo 32位长度 0-9A-Z - seqNo := utils.SeqNo(32) - m.SetSeqNo(uid.(string), seqNo) - - // 发送信息 - msgData := map[string]string{ - "seqNo": seqNo, + // 得到连接实例的随机码 + seqNo := m.GetUserByPID(uid.(string)).SeqNo + content := username + ":" + seqNo + // 检查判断是否对应随机码 + if err := service.CMCALogin(content, key); err != nil { + zlog.Ins().ErrorF("LoginFail %s", err) + request.GetConnection().SendMsg(ReqLoginAlarmMsgType, core.Result(ReqLoginAlarmMsgName, map[string]string{ + "result": "autherror", + "resDesc": err.Error(), + })) + // 已登录的,登录错误超过3次,断开连接 + if uid != nil || uid != "" { + isClose, _ := m.LoginFail(uid.(string)) + if isClose { + request.GetConnection().Stop() + return + } + } + return } - request.GetConnection().SendMsg(ReqCMCALoginAlarmMsgType, core.Result(ReqCMCALoginAlarmMsgName, msgData)) + + // manager 用户登录更新 + err = m.LoginSuccess(uid.(string), username, tp) + if err != nil { + zlog.Ins().ErrorF("manager:%s", err) + request.GetConnection().SendMsg(ReqLoginAlarmMsgType, core.Result(ReqLoginAlarmMsgName, map[string]string{ + "result": "autherror", + "resDesc": err.Error(), + })) + return + } + + zlog.Ins().InfoF("user login loginSuccess,username:%s, type:%s, channel:%s", username, tp, request.GetConnection().GetName()) + request.GetConnection().SendMsg(ReqLoginAlarmMsgType, core.ResultSuccess(ReqLoginAlarmMsgName, "ok", "")) + } diff --git a/handle/api/req_cmca_login_seq copy.go b/handle/api/req_cmca_login_seq copy.go deleted file mode 100644 index e72870a..0000000 --- a/handle/api/req_cmca_login_seq copy.go +++ /dev/null @@ -1,83 +0,0 @@ -package api - -// import ( -// "omc/core" -// "omc/core/manage" -// "omc/core/parse" -// "omc/handle/service" - -// "github.com/aceld/zinx/ziface" -// "github.com/aceld/zinx/zlog" -// "github.com/aceld/zinx/znet" -// ) - -// var ReqCMCALoginSeqMsgID uint32 = 12 -// var ReqCMCALoginSeqMsgType uint32 = 13 -// var ReqCMCALoginSeqMsgName string = "ackCMCALoginSeq" - -// // reqCMCALoginSeq CMCA认证方式登录随机码 -// type ReqCMCALoginSeq struct { -// znet.BaseRouter -// } - -// // reqCMCALoginAlarm;user=omc;key=base64Key;cert=cer;type=msg" -// func (s *ReqCMCALoginSeq) Handle(request ziface.IRequest) { -// // 登录消息处理 -// body, err := parse.RequestBodyDecode(request, []string{"user", "key", "cert", "type"}) -// if err != nil { -// zlog.Ins().ErrorF("inlaid message body %s", err.Error()) -// request.GetConnection().SendMsg(ReqCMCALoginSeqMsgType, core.ResultError(ReqCMCALoginSeqMsgName, err.Error(), "")) -// return -// } - -// // 获取当前请求的通道 -// m := manage.GetManager(request.GetConnection().GetName()) -// if m == nil { -// zlog.Ins().ErrorF("server internal error") -// request.GetConnection().SendMsg(ReqLoginAlarmMsgType, core.ResultError(ReqLoginAlarmMsgName, "server internal error", "")) -// return -// } -// uid, err := request.GetConnection().GetProperty("UID") -// if err != nil { -// zlog.Ins().ErrorF("GetProperty UID error %s", err) -// request.GetConnection().Stop() -// return -// } - -// // 账户和消息类型 -// username := body.Data["key"] -// tp := body.Data["type"] - -// //登录信息check -// seqNo := m.GetUserByPID(uid.(string)).SeqNo -// if ok, err := service.CMCALogin(seqNo, username, body.Data["cert"]); !ok || err != nil { -// zlog.Ins().ErrorF("LoginFail %s", err) -// request.GetConnection().SendMsg(ReqLoginAlarmMsgType, core.Result(ReqLoginAlarmMsgName, map[string]string{ -// "result": "autherror", -// "resDesc": err.Error(), -// })) -// // 已登录的,登录错误超过3次,断开连接 -// if uid != nil || uid != "" { -// isClose, _ := m.LoginFail(uid.(string)) -// if isClose { -// request.GetConnection().Stop() -// return -// } -// } -// return -// } - -// // manager 用户登录更新 -// err = m.LoginSuccess(uid.(string), username, tp) -// if err != nil { -// zlog.Ins().ErrorF("manager:%s", err) -// request.GetConnection().SendMsg(ReqLoginAlarmMsgType, core.Result(ReqLoginAlarmMsgName, map[string]string{ -// "result": "autherror", -// "resDesc": err.Error(), -// })) -// return -// } - -// zlog.Ins().InfoF("user login loginSuccess,username:%s, type:%s, channel:%s", username, tp, request.GetConnection().GetName()) -// request.GetConnection().SendMsg(ReqLoginAlarmMsgType, core.ResultSuccess(ReqLoginAlarmMsgName, "", "")) -// } diff --git a/handle/api/req_cmca_login_seq.go b/handle/api/req_cmca_login_seq.go index 2ea2456..fc7a8bf 100644 --- a/handle/api/req_cmca_login_seq.go +++ b/handle/api/req_cmca_login_seq.go @@ -39,7 +39,7 @@ func (s *ReqCMCALoginSeq) Handle(request ziface.IRequest) { seqNo := utils.SeqNo(32) m.SetSeqNo(uid.(string), seqNo) - // 发送信息 + // 发送随机码去sha256加密 msgData := map[string]string{ "seqNo": seqNo, } diff --git a/handle/api/req_login_alarm.go b/handle/api/req_login_alarm.go index 291ffcc..5f74e9c 100644 --- a/handle/api/req_login_alarm.go +++ b/handle/api/req_login_alarm.go @@ -27,6 +27,7 @@ func (s *ReqLoginAlarm) Handle(request ziface.IRequest) { // 账户密码 username := body.Data["user"] key := body.Data["key"] + tp := body.Data["type"] if err != nil || username == "" || key == "" { zlog.Ins().ErrorF("inlaid message body %s", err.Error()) request.GetConnection().SendMsg(ReqLoginAlarmMsgType, core.ResultError(ReqLoginAlarmMsgName, "inlaid message body", "")) @@ -67,7 +68,7 @@ func (s *ReqLoginAlarm) Handle(request ziface.IRequest) { } // manager 用户登录更新 - err = m.LoginSuccess(uid.(string), username, key) + err = m.LoginSuccess(uid.(string), username, tp) if err != nil { zlog.Ins().ErrorF("manager:%s", err) request.GetConnection().SendMsg(ReqLoginAlarmMsgType, core.Result(ReqLoginAlarmMsgName, map[string]string{ @@ -76,6 +77,6 @@ func (s *ReqLoginAlarm) Handle(request ziface.IRequest) { })) return } - zlog.Ins().InfoF("user login loginSuccess,username:%s, type:%s, channel:%s", username, key, request.GetConnection().GetName()) - request.GetConnection().SendMsg(ReqLoginAlarmMsgType, core.ResultSuccess(ReqLoginAlarmMsgName, "", "")) + zlog.Ins().InfoF("user login loginSuccess,username:%s, type:%s, channel:%s", username, tp, request.GetConnection().GetName()) + request.GetConnection().SendMsg(ReqLoginAlarmMsgType, core.ResultSuccess(ReqLoginAlarmMsgName, "ok", "")) } diff --git a/handle/service/login.go b/handle/service/login.go index 249d63b..dac62ac 100644 --- a/handle/service/login.go +++ b/handle/service/login.go @@ -1,15 +1,14 @@ package service import ( - "crypto/x509" "encoding/base64" - "encoding/pem" "errors" - "omc/ca" + "fmt" "omc/conf" "omc/core/db" "omc/core/utils" "omc/handle/model" + "os" "github.com/aceld/zinx/zlog" ) @@ -30,37 +29,34 @@ func UserLogin(name, passwd string) error { return nil } -func CMCALogin(source, sign, cert string) (login bool, err error) { - defer func() { - if r := recover(); r != nil { - zlog.Ins().ErrorF("CMCALogin panic:%v", r) - } - }() - //base64 解码签名数据 - signBytes, err := base64.StdEncoding.DecodeString(sign) +// CMCALogin 验证随机码 +// content "user:seqNo" 组合的字符 +// signatureBase64 签名数据(base64编码) +func CMCALogin(content, signatureBase64 string) error { + // 读取文件内容 + strByte, err := os.ReadFile(conf.OmcConf.PublicKey) if err != nil { - return false, err + return fmt.Errorf("无法读取文件 %v", err) } - //证书加载 - block, _ := pem.Decode([]byte(cert)) + // 公钥 + publicKeyPEM := fmt.Sprintf("-----BEGIN RSA PUBLIC KEY-----\n %s \n-----END RSA PUBLIC KEY-----", strByte) - //证书解析 - certBody, err := x509.ParseCertificate(block.Bytes) + // 解析公钥 + publicKey, err := utils.ParsePKCS1PublicKey(publicKeyPEM) if err != nil { - return false, err + fmt.Println("解析公钥失败:", err) } - //证书校验 - if conf.OmcConf.CA.Check { - if err := ca.VerifyCert(certBody); err != nil { - return false, err - } + // 解码base64得到签名字节串 + signature, err := base64.StdEncoding.DecodeString(signatureBase64) + if err != nil { + fmt.Println("解码签名数据失败:", err) } - //签名验证 - err = ca.VerifyRSA([]byte(source), signBytes, certBody) - if err != nil { - return false, err + // 验证签名 + valid := utils.VerifySignature(publicKey, []byte(content), signature) + if valid { + return nil } - return true, nil + return errors.New("随机码签名验证失败") }