package zllauth_gin import ( "git.swzry.com/zry/zllauth1/zllauth1" "github.com/gin-gonic/gin" "time" ) const API_VER = "0.0.1" type ZLLAuthGinHandler struct { gingrp *gin.RouterGroup zllhdl *zllauth1.ZLLAuthHandler elh EventLogHandler } func NewZLLAuthGinHandler(gingrp *gin.RouterGroup, config zllauth1.ZLLAuthConfig) *ZLLAuthGinHandler { o := &ZLLAuthGinHandler{ gingrp: gingrp, zllhdl: zllauth1.NewZLLAuthHandler(config), } o.gingrp.GET("/", o.wh_Home) o.gingrp.GET("/get_encrypt_info.maki", o.wh_GetEncryptInfo) o.gingrp.POST("/login.maki", o.wh_Login) o.gingrp.POST("/renew_jwt.maki", o.wh_RenewJWT) return o } func (h *ZLLAuthGinHandler) InitSecure() error { return h.zllhdl.InitSecure() } func (h *ZLLAuthGinHandler) SetEventLogHandler(elh EventLogHandler) { h.elh = elh } func (h *ZLLAuthGinHandler) wh_Home(ctx *gin.Context) { ctx.JSON(200, gin.H{ "suc": true, "api_name": "zllauth1_gin_api", "zllauth_ver": "1.0.0", "api_ver": API_VER, "time": time.Now(), "api_url": gin.H{ "get_encrypt_info": gin.H{ "rel_url": "/get_encrypt_info.maki", "method": "GET", }, "login": gin.H{ "rel_url": "/login.maki", "method": "POST", "post_data_mime": "application/json", "usage": gin.H{ "login_data": "", }, }, "renew_jwt": gin.H{ "rel_url": "/renew_jwt.maki", "method": "POST", "post_data_mime": "application/json", "usage": gin.H{ "old_jwt": "", }, }, }, }) } func (h *ZLLAuthGinHandler) wh_GetEncryptInfo(ctx *gin.Context) { ei, err := h.zllhdl.GetEncryptionInfo() if err != nil { if h.elh != nil { h.elh.InternalError("get_encrypt_info", ctx.Request, err) } ctx.JSON(200, gin.H{ "suc": false, "err_hcode": 502, "err_ecode": 1, "err_msg": "internal server error", }) return } ctx.JSON(200, gin.H{ "api_ver": API_VER, "encrypt_info": ei, }) } func (h *ZLLAuthGinHandler) wh_Login(ctx *gin.Context) { var jdata JsonDef_LoginArugument err := ctx.BindJSON(&jdata) if err != nil { if h.elh != nil { h.elh.JsonDecodeError("login", ctx.Request, err) } ctx.JSON(200, gin.H{ "suc": false, "err_hcode": 400, "err_ecode": 2, "err_msg": "invalid arguments", }) return } sei := map[string]interface{}{ "client_ip": ctx.Request.RemoteAddr, "X-Real-Ip": ctx.GetHeader("X-Real-Ip"), "User-Agent": ctx.GetHeader("User-Agent"), "X-Forwarded-For": ctx.GetHeader("X-Forwarded-For"), "X-Forwarded-Host": ctx.GetHeader("X-Forwarded-Host"), "X-Forwarded-Port": ctx.GetHeader("X-Forwarded-Port"), "X-Forwarded-Proto": ctx.GetHeader("X-Forwarded-Proto"), "X-Forwarded-Server": ctx.GetHeader("X-Forwarded-Server"), } se, jwtdata, ve, err := h.zllhdl.HandlingLogin(jdata.LoginData, sei) if se { ctx.JSON(200, gin.H{ "suc": true, "login_suc": true, "jwt": gin.H{ "token": jwtdata.JwtStr, "issue_time": jwtdata.IssueTime, "expire_time": jwtdata.ExpireTime, "ttl": float64(h.zllhdl.GetJwtTTL()) / 1000_000_000, }, }) return } if h.elh != nil { h.elh.LoginFailed(ctx.Request, ve, err) } switch ve { case zllauth1.LFT_INVALID_USERNAME_OR_PASSWORD: { ctx.JSON(200, gin.H{ "suc": true, "login_suc": false, "login_ecode": "invalid_username_or_password", }) return } case zllauth1.LFT_PERMISSION_DENIED: { ctx.JSON(200, gin.H{ "suc": true, "login_suc": false, "login_ecode": "permission_denied", }) return } case zllauth1.LFT_USER_BANNED: { ctx.JSON(200, gin.H{ "suc": true, "login_suc": false, "login_ecode": "user_banned", }) return } case zllauth1.LFT_DECODE_HEX_FAIL: { ctx.JSON(200, gin.H{ "suc": true, "login_suc": false, "login_ecode": "argument_transport_error", "external_info": "decode hex failed", }) return } case zllauth1.LFT_DECRYPT_SM2_FAIL: { ctx.JSON(200, gin.H{ "suc": true, "login_suc": false, "login_ecode": "argument_transport_error", "external_info": "decrypt sm2 failed", }) return } case zllauth1.LFT_LOGIN_INFO_FIELDS_NOT_MATCH: { ctx.JSON(200, gin.H{ "suc": true, "login_suc": false, "login_ecode": "login_info_fields_not_match", "external_info": "login info fields not match", }) return } default: { ctx.JSON(200, gin.H{ "suc": false, "err_hcode": 502, "err_ecode": 3, "err_msg": "internal server error", }) return } } } type HandlingOtherEncryptedRequestNextFunc func(returnData interface{}) func (h *ZLLAuthGinHandler) HandlingOtherEncryptedRequest(ctx *gin.Context, v interface{}) (isOK bool, next HandlingOtherEncryptedRequestNextFunc) { isOK = false next = nil var jdata JsonDef_LoginArugument err := ctx.BindJSON(&jdata) if err != nil { if h.elh != nil { h.elh.JsonDecodeError("oerutil", ctx.Request, err) } ctx.JSON(200, gin.H{ "suc": false, "err_hcode": 400, "err_ecode": 2, "err_msg": "invalid arguments", }) return } ve, ie := h.zllhdl.HandlingOtherEncryptedRequest(jdata.LoginData, v) if ve == zllauth1.LFT_SUCCESS { isOK = true next = func(returnData interface{}) { ctx.JSON(200, gin.H{ "suc": true, "data": returnData, }) } return } if h.elh != nil { h.elh.HandlingOtherEncryptedRequestFailed(ctx.Request, ve, ie) } switch ve { case zllauth1.LFT_DECODE_HEX_FAIL: { ctx.JSON(200, gin.H{ "suc": true, "login_suc": false, "login_ecode": "argument_transport_error", "external_info": "decode hex failed", }) return } case zllauth1.LFT_DECRYPT_SM2_FAIL: { ctx.JSON(200, gin.H{ "suc": true, "login_suc": false, "login_ecode": "argument_transport_error", "external_info": "decrypt sm2 failed", }) return } default: { ctx.JSON(200, gin.H{ "suc": false, "err_hcode": 502, "err_ecode": 3, "err_msg": "internal server error", }) return } } } func (h *ZLLAuthGinHandler) CheckJWT(jwtstr string) (ok bool, extData map[string]interface{}) { se, exi, _, _ := h.zllhdl.CheckJWT(jwtstr) if se { return true, exi } return false, nil } func (h *ZLLAuthGinHandler) wh_RenewJWT(ctx *gin.Context) { var jdata JsonDef_RenewJWT err := ctx.BindJSON(&jdata) if err != nil { if h.elh != nil { h.elh.JsonDecodeError("login", ctx.Request, err) } ctx.JSON(200, gin.H{ "suc": false, "err_hcode": 400, "err_ecode": 2, "err_msg": "invalid arguments", }) return } se, njwt, ve, err := h.zllhdl.RenewJWT(jdata.OldJWT) if se { ctx.JSON(200, gin.H{ "suc": true, "renew_suc": true, "jwt": gin.H{ "token": njwt.JwtStr, "issue_time": njwt.IssueTime, "expire_time": njwt.ExpireTime, "ttl": float64(h.zllhdl.GetJwtTTL()) / 1000_000_000, }, }) return } if h.elh != nil { h.elh.RenewJWTFailed(ctx.Request, ve, err) } switch ve { case zllauth1.LFT_JWT_CHECK_FAIL: { ctx.JSON(200, gin.H{ "suc": true, "renew_suc": false, "renew_ecode": "jwt_check_fail", }) return } case zllauth1.LFT_JWT_SUBJECT_NOT_MATCH: { ctx.JSON(200, gin.H{ "suc": true, "renew_suc": false, "renew_ecode": "jwt_subject_not_match", }) return } case zllauth1.LFT_JWT_ISSUER_NOT_MATCH: { ctx.JSON(200, gin.H{ "suc": true, "renew_suc": false, "renew_ecode": "jwt_issuer_not_match", }) return } case zllauth1.LFT_JWT_SIGN_ERROR: { ctx.JSON(200, gin.H{ "suc": true, "renew_suc": false, "renew_ecode": "jwt_sign_fail", }) return } default: { ctx.JSON(200, gin.H{ "suc": true, "renew_suc": false, "renew_ecode": "internal_error", }) return } } }