gin_handler.go 7.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356
  1. package zllauth_gin
  2. import (
  3. "git.swzry.com/zry/zllauth1/zllauth1"
  4. "github.com/gin-gonic/gin"
  5. "time"
  6. )
  7. const API_VER = "0.0.1"
  8. type ZLLAuthGinHandler struct {
  9. gingrp *gin.RouterGroup
  10. zllhdl *zllauth1.ZLLAuthHandler
  11. elh EventLogHandler
  12. }
  13. func NewZLLAuthGinHandler(gingrp *gin.RouterGroup, config zllauth1.ZLLAuthConfig) *ZLLAuthGinHandler {
  14. o := &ZLLAuthGinHandler{
  15. gingrp: gingrp,
  16. zllhdl: zllauth1.NewZLLAuthHandler(config),
  17. }
  18. o.gingrp.GET("/", o.wh_Home)
  19. o.gingrp.GET("/get_encrypt_info.maki", o.wh_GetEncryptInfo)
  20. o.gingrp.POST("/login.maki", o.wh_Login)
  21. o.gingrp.POST("/renew_jwt.maki", o.wh_RenewJWT)
  22. return o
  23. }
  24. func (h *ZLLAuthGinHandler) InitSecure() error {
  25. return h.zllhdl.InitSecure()
  26. }
  27. func (h *ZLLAuthGinHandler) SetEventLogHandler(elh EventLogHandler) {
  28. h.elh = elh
  29. }
  30. func (h *ZLLAuthGinHandler) wh_Home(ctx *gin.Context) {
  31. ctx.JSON(200, gin.H{
  32. "suc": true,
  33. "api_name": "zllauth1_gin_api",
  34. "zllauth_ver": "1.0.0",
  35. "api_ver": API_VER,
  36. "time": time.Now(),
  37. "api_url": gin.H{
  38. "get_encrypt_info": gin.H{
  39. "rel_url": "/get_encrypt_info.maki",
  40. "method": "GET",
  41. },
  42. "login": gin.H{
  43. "rel_url": "/login.maki",
  44. "method": "POST",
  45. "post_data_mime": "application/json",
  46. "usage": gin.H{
  47. "login_data": "<sm2 encrypted data>",
  48. },
  49. },
  50. "renew_jwt": gin.H{
  51. "rel_url": "/renew_jwt.maki",
  52. "method": "POST",
  53. "post_data_mime": "application/json",
  54. "usage": gin.H{
  55. "old_jwt": "<old jwt string>",
  56. },
  57. },
  58. },
  59. })
  60. }
  61. func (h *ZLLAuthGinHandler) wh_GetEncryptInfo(ctx *gin.Context) {
  62. ei, err := h.zllhdl.GetEncryptionInfo()
  63. if err != nil {
  64. if h.elh != nil {
  65. h.elh.InternalError("get_encrypt_info", ctx.Request, err)
  66. }
  67. ctx.JSON(200, gin.H{
  68. "suc": false,
  69. "err_hcode": 502,
  70. "err_ecode": 1,
  71. "err_msg": "internal server error",
  72. })
  73. return
  74. }
  75. ctx.JSON(200, gin.H{
  76. "api_ver": API_VER,
  77. "encrypt_info": ei,
  78. })
  79. }
  80. func (h *ZLLAuthGinHandler) wh_Login(ctx *gin.Context) {
  81. var jdata JsonDef_LoginArugument
  82. err := ctx.BindJSON(&jdata)
  83. if err != nil {
  84. if h.elh != nil {
  85. h.elh.JsonDecodeError("login", ctx.Request, err)
  86. }
  87. ctx.JSON(200, gin.H{
  88. "suc": false,
  89. "err_hcode": 400,
  90. "err_ecode": 2,
  91. "err_msg": "invalid arguments",
  92. })
  93. return
  94. }
  95. sei := map[string]interface{}{
  96. "client_ip": ctx.Request.RemoteAddr,
  97. "X-Real-Ip": ctx.GetHeader("X-Real-Ip"),
  98. "User-Agent": ctx.GetHeader("User-Agent"),
  99. "X-Forwarded-For": ctx.GetHeader("X-Forwarded-For"),
  100. "X-Forwarded-Host": ctx.GetHeader("X-Forwarded-Host"),
  101. "X-Forwarded-Port": ctx.GetHeader("X-Forwarded-Port"),
  102. "X-Forwarded-Proto": ctx.GetHeader("X-Forwarded-Proto"),
  103. "X-Forwarded-Server": ctx.GetHeader("X-Forwarded-Server"),
  104. }
  105. se, jwtdata, ve, err := h.zllhdl.HandlingLogin(jdata.LoginData, sei)
  106. if se {
  107. ctx.JSON(200, gin.H{
  108. "suc": true,
  109. "login_suc": true,
  110. "jwt": gin.H{
  111. "token": jwtdata.JwtStr,
  112. "issue_time": jwtdata.IssueTime,
  113. "expire_time": jwtdata.ExpireTime,
  114. "ttl": float64(h.zllhdl.GetJwtTTL()) / 1000_000_000,
  115. },
  116. })
  117. return
  118. }
  119. if h.elh != nil {
  120. h.elh.LoginFailed(ctx.Request, ve, err)
  121. }
  122. switch ve {
  123. case zllauth1.LFT_INVALID_USERNAME_OR_PASSWORD:
  124. {
  125. ctx.JSON(200, gin.H{
  126. "suc": true,
  127. "login_suc": false,
  128. "login_ecode": "invalid_username_or_password",
  129. })
  130. return
  131. }
  132. case zllauth1.LFT_PERMISSION_DENIED:
  133. {
  134. ctx.JSON(200, gin.H{
  135. "suc": true,
  136. "login_suc": false,
  137. "login_ecode": "permission_denied",
  138. })
  139. return
  140. }
  141. case zllauth1.LFT_USER_BANNED:
  142. {
  143. ctx.JSON(200, gin.H{
  144. "suc": true,
  145. "login_suc": false,
  146. "login_ecode": "user_banned",
  147. })
  148. return
  149. }
  150. case zllauth1.LFT_DECODE_HEX_FAIL:
  151. {
  152. ctx.JSON(200, gin.H{
  153. "suc": true,
  154. "login_suc": false,
  155. "login_ecode": "argument_transport_error",
  156. "external_info": "decode hex failed",
  157. })
  158. return
  159. }
  160. case zllauth1.LFT_DECRYPT_SM2_FAIL:
  161. {
  162. ctx.JSON(200, gin.H{
  163. "suc": true,
  164. "login_suc": false,
  165. "login_ecode": "argument_transport_error",
  166. "external_info": "decrypt sm2 failed",
  167. })
  168. return
  169. }
  170. case zllauth1.LFT_LOGIN_INFO_FIELDS_NOT_MATCH:
  171. {
  172. ctx.JSON(200, gin.H{
  173. "suc": true,
  174. "login_suc": false,
  175. "login_ecode": "login_info_fields_not_match",
  176. "external_info": "login info fields not match",
  177. })
  178. return
  179. }
  180. default:
  181. {
  182. ctx.JSON(200, gin.H{
  183. "suc": false,
  184. "err_hcode": 502,
  185. "err_ecode": 3,
  186. "err_msg": "internal server error",
  187. })
  188. return
  189. }
  190. }
  191. }
  192. type HandlingOtherEncryptedRequestNextFunc func(returnData interface{})
  193. func (h *ZLLAuthGinHandler) HandlingOtherEncryptedRequest(ctx *gin.Context, v interface{}) (isOK bool, next HandlingOtherEncryptedRequestNextFunc) {
  194. isOK = false
  195. next = nil
  196. var jdata JsonDef_LoginArugument
  197. err := ctx.BindJSON(&jdata)
  198. if err != nil {
  199. if h.elh != nil {
  200. h.elh.JsonDecodeError("oerutil", ctx.Request, err)
  201. }
  202. ctx.JSON(200, gin.H{
  203. "suc": false,
  204. "err_hcode": 400,
  205. "err_ecode": 2,
  206. "err_msg": "invalid arguments",
  207. })
  208. return
  209. }
  210. ve, ie := h.zllhdl.HandlingOtherEncryptedRequest(jdata.LoginData, v)
  211. if ve == zllauth1.LFT_SUCCESS {
  212. isOK = true
  213. next = func(returnData interface{}) {
  214. ctx.JSON(200, gin.H{
  215. "suc": true,
  216. "data": returnData,
  217. })
  218. }
  219. return
  220. }
  221. if h.elh != nil {
  222. h.elh.HandlingOtherEncryptedRequestFailed(ctx.Request, ve, ie)
  223. }
  224. switch ve {
  225. case zllauth1.LFT_DECODE_HEX_FAIL:
  226. {
  227. ctx.JSON(200, gin.H{
  228. "suc": true,
  229. "login_suc": false,
  230. "login_ecode": "argument_transport_error",
  231. "external_info": "decode hex failed",
  232. })
  233. return
  234. }
  235. case zllauth1.LFT_DECRYPT_SM2_FAIL:
  236. {
  237. ctx.JSON(200, gin.H{
  238. "suc": true,
  239. "login_suc": false,
  240. "login_ecode": "argument_transport_error",
  241. "external_info": "decrypt sm2 failed",
  242. })
  243. return
  244. }
  245. default:
  246. {
  247. ctx.JSON(200, gin.H{
  248. "suc": false,
  249. "err_hcode": 502,
  250. "err_ecode": 3,
  251. "err_msg": "internal server error",
  252. })
  253. return
  254. }
  255. }
  256. }
  257. func (h *ZLLAuthGinHandler) CheckJWT(jwtstr string) (ok bool, extData map[string]interface{}) {
  258. se, exi, _, _ := h.zllhdl.CheckJWT(jwtstr)
  259. if se {
  260. return true, exi
  261. }
  262. return false, nil
  263. }
  264. func (h *ZLLAuthGinHandler) wh_RenewJWT(ctx *gin.Context) {
  265. var jdata JsonDef_RenewJWT
  266. err := ctx.BindJSON(&jdata)
  267. if err != nil {
  268. if h.elh != nil {
  269. h.elh.JsonDecodeError("login", ctx.Request, err)
  270. }
  271. ctx.JSON(200, gin.H{
  272. "suc": false,
  273. "err_hcode": 400,
  274. "err_ecode": 2,
  275. "err_msg": "invalid arguments",
  276. })
  277. return
  278. }
  279. se, njwt, ve, err := h.zllhdl.RenewJWT(jdata.OldJWT)
  280. if se {
  281. ctx.JSON(200, gin.H{
  282. "suc": true,
  283. "renew_suc": true,
  284. "jwt": gin.H{
  285. "token": njwt.JwtStr,
  286. "issue_time": njwt.IssueTime,
  287. "expire_time": njwt.ExpireTime,
  288. "ttl": float64(h.zllhdl.GetJwtTTL()) / 1000_000_000,
  289. },
  290. })
  291. return
  292. }
  293. if h.elh != nil {
  294. h.elh.RenewJWTFailed(ctx.Request, ve, err)
  295. }
  296. switch ve {
  297. case zllauth1.LFT_JWT_CHECK_FAIL:
  298. {
  299. ctx.JSON(200, gin.H{
  300. "suc": true,
  301. "renew_suc": false,
  302. "renew_ecode": "jwt_check_fail",
  303. })
  304. return
  305. }
  306. case zllauth1.LFT_JWT_SUBJECT_NOT_MATCH:
  307. {
  308. ctx.JSON(200, gin.H{
  309. "suc": true,
  310. "renew_suc": false,
  311. "renew_ecode": "jwt_subject_not_match",
  312. })
  313. return
  314. }
  315. case zllauth1.LFT_JWT_ISSUER_NOT_MATCH:
  316. {
  317. ctx.JSON(200, gin.H{
  318. "suc": true,
  319. "renew_suc": false,
  320. "renew_ecode": "jwt_issuer_not_match",
  321. })
  322. return
  323. }
  324. case zllauth1.LFT_JWT_SIGN_ERROR:
  325. {
  326. ctx.JSON(200, gin.H{
  327. "suc": true,
  328. "renew_suc": false,
  329. "renew_ecode": "jwt_sign_fail",
  330. })
  331. return
  332. }
  333. default:
  334. {
  335. ctx.JSON(200, gin.H{
  336. "suc": true,
  337. "renew_suc": false,
  338. "renew_ecode": "internal_error",
  339. })
  340. return
  341. }
  342. }
  343. }