123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349 |
- package zllauth_gin
- import (
- "git.swzry.com/zry/zllauth1/zllauth1"
- "github.com/gin-gonic/gin"
- "time"
- )
- const API_VER = "0.0.1"
- type ZLLAuthGinHandler struct {
- gingrp *gin.RouterGroup
- zllhdl *zllauth1.ZLLAuthHandler
- elh EventLogHandler
- }
- func NewZLLAuthGinHandler(gingrp *gin.RouterGroup, config zllauth1.ZLLAuthConfig) *ZLLAuthGinHandler {
- o := &ZLLAuthGinHandler{
- gingrp: gingrp,
- zllhdl: zllauth1.NewZLLAuthHandler(config),
- }
- o.gingrp.GET("/", o.wh_Home)
- o.gingrp.GET("/get_encrypt_info.maki", o.wh_GetEncryptInfo)
- o.gingrp.POST("/login.maki", o.wh_Login)
- o.gingrp.POST("/renew_jwt.maki", o.wh_RenewJWT)
- return o
- }
- func (h *ZLLAuthGinHandler) InitSecure() error {
- return h.zllhdl.InitSecure()
- }
- func (h *ZLLAuthGinHandler) SetEventLogHandler(elh EventLogHandler) {
- h.elh = elh
- }
- func (h *ZLLAuthGinHandler) wh_Home(ctx *gin.Context) {
- ctx.JSON(200, gin.H{
- "suc": true,
- "api_name": "zllauth1_gin_api",
- "zllauth_ver": "1.0.0",
- "api_ver": API_VER,
- "time": time.Now(),
- "api_url": gin.H{
- "get_encrypt_info": gin.H{
- "rel_url": "/get_encrypt_info.maki",
- "method": "GET",
- },
- "login": gin.H{
- "rel_url": "/login.maki",
- "method": "POST",
- "post_data_mime": "application/json",
- "usage": gin.H{
- "login_data": "<sm2 encrypted data>",
- },
- },
- "renew_jwt": gin.H{
- "rel_url": "/renew_jwt.maki",
- "method": "POST",
- "post_data_mime": "application/json",
- "usage": gin.H{
- "old_jwt": "<old jwt string>",
- },
- },
- },
- })
- }
- func (h *ZLLAuthGinHandler) wh_GetEncryptInfo(ctx *gin.Context) {
- ei, err := h.zllhdl.GetEncryptionInfo()
- if err != nil {
- if h.elh != nil {
- h.elh.InternalError("get_encrypt_info", ctx.Request, err)
- }
- ctx.JSON(200, gin.H{
- "suc": false,
- "err_hcode": 502,
- "err_ecode": 1,
- "err_msg": "internal server error",
- })
- return
- }
- ctx.JSON(200, gin.H{
- "api_ver": API_VER,
- "encrypt_info": ei,
- })
- }
- func (h *ZLLAuthGinHandler) wh_Login(ctx *gin.Context) {
- var jdata JsonDef_LoginArugument
- err := ctx.BindJSON(&jdata)
- if err != nil {
- if h.elh != nil {
- h.elh.JsonDecodeError("login", ctx.Request, err)
- }
- ctx.JSON(200, gin.H{
- "suc": false,
- "err_hcode": 400,
- "err_ecode": 2,
- "err_msg": "invalid arguments",
- })
- return
- }
- sei := map[string]interface{}{
- "client_ip": ctx.Request.RemoteAddr,
- }
- se, jwtdata, ve, err := h.zllhdl.HandlingLogin(jdata.LoginData, sei)
- if se {
- ctx.JSON(200, gin.H{
- "suc": true,
- "login_suc": true,
- "jwt": gin.H{
- "token": jwtdata.JwtStr,
- "issue_time": jwtdata.IssueTime,
- "expire_time": jwtdata.ExpireTime,
- "ttl": float64(h.zllhdl.GetJwtTTL()) / 1000_000_000,
- },
- })
- return
- }
- if h.elh != nil {
- h.elh.LoginFailed(ctx.Request, ve, err)
- }
- switch ve {
- case zllauth1.LFT_INVALID_USERNAME_OR_PASSWORD:
- {
- ctx.JSON(200, gin.H{
- "suc": true,
- "login_suc": false,
- "login_ecode": "invalid_username_or_password",
- })
- return
- }
- case zllauth1.LFT_PERMISSION_DENIED:
- {
- ctx.JSON(200, gin.H{
- "suc": true,
- "login_suc": false,
- "login_ecode": "permission_denied",
- })
- return
- }
- case zllauth1.LFT_USER_BANNED:
- {
- ctx.JSON(200, gin.H{
- "suc": true,
- "login_suc": false,
- "login_ecode": "user_banned",
- })
- return
- }
- case zllauth1.LFT_DECODE_HEX_FAIL:
- {
- ctx.JSON(200, gin.H{
- "suc": true,
- "login_suc": false,
- "login_ecode": "argument_transport_error",
- "external_info": "decode hex failed",
- })
- return
- }
- case zllauth1.LFT_DECRYPT_SM2_FAIL:
- {
- ctx.JSON(200, gin.H{
- "suc": true,
- "login_suc": false,
- "login_ecode": "argument_transport_error",
- "external_info": "decrypt sm2 failed",
- })
- return
- }
- case zllauth1.LFT_LOGIN_INFO_FIELDS_NOT_MATCH:
- {
- ctx.JSON(200, gin.H{
- "suc": true,
- "login_suc": false,
- "login_ecode": "login_info_fields_not_match",
- "external_info": "login info fields not match",
- })
- return
- }
- default:
- {
- ctx.JSON(200, gin.H{
- "suc": false,
- "err_hcode": 502,
- "err_ecode": 3,
- "err_msg": "internal server error",
- })
- return
- }
- }
- }
- type HandlingOtherEncryptedRequestNextFunc func(returnData interface{})
- func (h *ZLLAuthGinHandler) HandlingOtherEncryptedRequest(ctx *gin.Context, v interface{}) (isOK bool, next HandlingOtherEncryptedRequestNextFunc) {
- isOK = false
- next = nil
- var jdata JsonDef_LoginArugument
- err := ctx.BindJSON(&jdata)
- if err != nil {
- if h.elh != nil {
- h.elh.JsonDecodeError("oerutil", ctx.Request, err)
- }
- ctx.JSON(200, gin.H{
- "suc": false,
- "err_hcode": 400,
- "err_ecode": 2,
- "err_msg": "invalid arguments",
- })
- return
- }
- ve, ie := h.zllhdl.HandlingOtherEncryptedRequest(jdata.LoginData, v)
- if h.elh != nil {
- h.elh.HandlingOtherEncryptedRequestFailed(ctx.Request, ve, ie)
- }
- if ve == zllauth1.LFT_SUCCESS {
- isOK = true
- next = func(returnData interface{}) {
- ctx.JSON(200, gin.H{
- "suc": true,
- "data": returnData,
- })
- }
- return
- }
- switch ve {
- case zllauth1.LFT_DECODE_HEX_FAIL:
- {
- ctx.JSON(200, gin.H{
- "suc": true,
- "login_suc": false,
- "login_ecode": "argument_transport_error",
- "external_info": "decode hex failed",
- })
- return
- }
- case zllauth1.LFT_DECRYPT_SM2_FAIL:
- {
- ctx.JSON(200, gin.H{
- "suc": true,
- "login_suc": false,
- "login_ecode": "argument_transport_error",
- "external_info": "decrypt sm2 failed",
- })
- return
- }
- default:
- {
- ctx.JSON(200, gin.H{
- "suc": false,
- "err_hcode": 502,
- "err_ecode": 3,
- "err_msg": "internal server error",
- })
- return
- }
- }
- }
- func (h *ZLLAuthGinHandler) CheckJWT(jwtstr string) (ok bool, extData map[string]interface{}) {
- se, exi, _, _ := h.zllhdl.CheckJWT(jwtstr)
- if se {
- return true, exi
- }
- return false, nil
- }
- func (h *ZLLAuthGinHandler) wh_RenewJWT(ctx *gin.Context) {
- var jdata JsonDef_RenewJWT
- err := ctx.BindJSON(&jdata)
- if err != nil {
- if h.elh != nil {
- h.elh.JsonDecodeError("login", ctx.Request, err)
- }
- ctx.JSON(200, gin.H{
- "suc": false,
- "err_hcode": 400,
- "err_ecode": 2,
- "err_msg": "invalid arguments",
- })
- return
- }
- se, njwt, ve, err := h.zllhdl.RenewJWT(jdata.OldJWT)
- if se {
- ctx.JSON(200, gin.H{
- "suc": true,
- "renew_suc": true,
- "jwt": gin.H{
- "token": njwt.JwtStr,
- "issue_time": njwt.IssueTime,
- "expire_time": njwt.ExpireTime,
- "ttl": float64(h.zllhdl.GetJwtTTL()) / 1000_000_000,
- },
- })
- return
- }
- if h.elh != nil {
- h.elh.RenewJWTFailed(ctx.Request, ve, err)
- }
- switch ve {
- case zllauth1.LFT_JWT_CHECK_FAIL:
- {
- ctx.JSON(200, gin.H{
- "suc": true,
- "renew_suc": false,
- "renew_ecode": "jwt_check_fail",
- })
- return
- }
- case zllauth1.LFT_JWT_SUBJECT_NOT_MATCH:
- {
- ctx.JSON(200, gin.H{
- "suc": true,
- "renew_suc": false,
- "renew_ecode": "jwt_subject_not_match",
- })
- return
- }
- case zllauth1.LFT_JWT_ISSUER_NOT_MATCH:
- {
- ctx.JSON(200, gin.H{
- "suc": true,
- "renew_suc": false,
- "renew_ecode": "jwt_issuer_not_match",
- })
- return
- }
- case zllauth1.LFT_JWT_SIGN_ERROR:
- {
- ctx.JSON(200, gin.H{
- "suc": true,
- "renew_suc": false,
- "renew_ecode": "jwt_sign_fail",
- })
- return
- }
- default:
- {
- ctx.JSON(200, gin.H{
- "suc": true,
- "renew_suc": false,
- "renew_ecode": "internal_error",
- })
- return
- }
- }
- }
|