zllauth1/zllauth_gin/gin_handler.go

package zllauth_gin

import (
	"git.swzry.com/zry/zllauth1/zllauth1"
	"github.com/gin-gonic/gin"
	"time"
)

const API_VER = "0.0.1"

type ZLLAuthGinHandler struct {
	gingrp *gin.RouterGroup
	zllhdl *zllauth1.ZLLAuthHandler
	elh    EventLogHandler
}

func NewZLLAuthGinHandler(gingrp *gin.RouterGroup, config zllauth1.ZLLAuthConfig) *ZLLAuthGinHandler {
	o := &ZLLAuthGinHandler{
		gingrp: gingrp,
		zllhdl: zllauth1.NewZLLAuthHandler(config),
	}
	o.gingrp.GET("/", o.wh_Home)
	o.gingrp.GET("/get_encrypt_info.maki", o.wh_GetEncryptInfo)
	o.gingrp.POST("/login.maki", o.wh_Login)
	o.gingrp.POST("/renew_jwt.maki", o.wh_RenewJWT)
	return o
}

func (h *ZLLAuthGinHandler) InitSecure() error {
	return h.zllhdl.InitSecure()
}

func (h *ZLLAuthGinHandler) SetEventLogHandler(elh EventLogHandler) {
	h.elh = elh
}

func (h *ZLLAuthGinHandler) wh_Home(ctx *gin.Context) {
	ctx.JSON(200, gin.H{
		"suc":         true,
		"api_name":    "zllauth1_gin_api",
		"zllauth_ver": "1.0.0",
		"api_ver":     API_VER,
		"time":        time.Now(),
		"api_url": gin.H{
			"get_encrypt_info": gin.H{
				"rel_url": "/get_encrypt_info.maki",
				"method":  "GET",
			},
			"login": gin.H{
				"rel_url":        "/login.maki",
				"method":         "POST",
				"post_data_mime": "application/json",
				"usage": gin.H{
					"login_data": "<sm2 encrypted data>",
				},
			},
			"renew_jwt": gin.H{
				"rel_url":        "/renew_jwt.maki",
				"method":         "POST",
				"post_data_mime": "application/json",
				"usage": gin.H{
					"old_jwt": "<old jwt string>",
				},
			},
		},
	})
}

func (h *ZLLAuthGinHandler) wh_GetEncryptInfo(ctx *gin.Context) {
	ei, err := h.zllhdl.GetEncryptionInfo()
	if err != nil {
		if h.elh != nil {
			h.elh.InternalError("get_encrypt_info", ctx.Request, err)
		}
		ctx.JSON(200, gin.H{
			"suc":       false,
			"err_hcode": 502,
			"err_ecode": 1,
			"err_msg":   "internal server error",
		})
		return
	}
	ctx.JSON(200, gin.H{
		"api_ver":      API_VER,
		"encrypt_info": ei,
	})
}

func (h *ZLLAuthGinHandler) wh_Login(ctx *gin.Context) {
	var jdata JsonDef_LoginArugument
	err := ctx.BindJSON(&jdata)
	if err != nil {
		if h.elh != nil {
			h.elh.JsonDecodeError("login", ctx.Request, err)
		}
		ctx.JSON(200, gin.H{
			"suc":       false,
			"err_hcode": 400,
			"err_ecode": 2,
			"err_msg":   "invalid arguments",
		})
		return
	}
	sei := map[string]interface{}{
		"client_ip":          ctx.Request.RemoteAddr,
		"X-Real-Ip":          ctx.GetHeader("X-Real-Ip"),
		"User-Agent":         ctx.GetHeader("User-Agent"),
		"X-Forwarded-For":    ctx.GetHeader("X-Forwarded-For"),
		"X-Forwarded-Host":   ctx.GetHeader("X-Forwarded-Host"),
		"X-Forwarded-Port":   ctx.GetHeader("X-Forwarded-Port"),
		"X-Forwarded-Proto":  ctx.GetHeader("X-Forwarded-Proto"),
		"X-Forwarded-Server": ctx.GetHeader("X-Forwarded-Server"),
	}
	se, jwtdata, ve, err := h.zllhdl.HandlingLogin(jdata.LoginData, sei)
	if se {
		ctx.JSON(200, gin.H{
			"suc":       true,
			"login_suc": true,
			"jwt": gin.H{
				"token":       jwtdata.JwtStr,
				"issue_time":  jwtdata.IssueTime,
				"expire_time": jwtdata.ExpireTime,
				"ttl":         float64(h.zllhdl.GetJwtTTL()) / 1000_000_000,
			},
		})
		return
	}
	if h.elh != nil {
		h.elh.LoginFailed(ctx.Request, ve, err)
	}
	switch ve {
	case zllauth1.LFT_INVALID_USERNAME_OR_PASSWORD:
		{
			ctx.JSON(200, gin.H{
				"suc":         true,
				"login_suc":   false,
				"login_ecode": "invalid_username_or_password",
			})
			return
		}
	case zllauth1.LFT_PERMISSION_DENIED:
		{
			ctx.JSON(200, gin.H{
				"suc":         true,
				"login_suc":   false,
				"login_ecode": "permission_denied",
			})
			return
		}
	case zllauth1.LFT_USER_BANNED:
		{
			ctx.JSON(200, gin.H{
				"suc":         true,
				"login_suc":   false,
				"login_ecode": "user_banned",
			})
			return
		}
	case zllauth1.LFT_DECODE_HEX_FAIL:
		{
			ctx.JSON(200, gin.H{
				"suc":           true,
				"login_suc":     false,
				"login_ecode":   "argument_transport_error",
				"external_info": "decode hex failed",
			})
			return
		}
	case zllauth1.LFT_DECRYPT_SM2_FAIL:
		{
			ctx.JSON(200, gin.H{
				"suc":           true,
				"login_suc":     false,
				"login_ecode":   "argument_transport_error",
				"external_info": "decrypt sm2 failed",
			})
			return
		}
	case zllauth1.LFT_LOGIN_INFO_FIELDS_NOT_MATCH:
		{
			ctx.JSON(200, gin.H{
				"suc":           true,
				"login_suc":     false,
				"login_ecode":   "login_info_fields_not_match",
				"external_info": "login info fields not match",
			})
			return
		}
	default:
		{
			ctx.JSON(200, gin.H{
				"suc":       false,
				"err_hcode": 502,
				"err_ecode": 3,
				"err_msg":   "internal server error",
			})
			return
		}
	}
}

type HandlingOtherEncryptedRequestNextFunc func(returnData interface{})

func (h *ZLLAuthGinHandler) HandlingOtherEncryptedRequest(ctx *gin.Context, v interface{}) (isOK bool, next HandlingOtherEncryptedRequestNextFunc) {
	isOK = false
	next = nil
	var jdata JsonDef_LoginArugument
	err := ctx.BindJSON(&jdata)
	if err != nil {
		if h.elh != nil {
			h.elh.JsonDecodeError("oerutil", ctx.Request, err)
		}
		ctx.JSON(200, gin.H{
			"suc":       false,
			"err_hcode": 400,
			"err_ecode": 2,
			"err_msg":   "invalid arguments",
		})
		return
	}
	ve, ie := h.zllhdl.HandlingOtherEncryptedRequest(jdata.LoginData, v)
	if ve == zllauth1.LFT_SUCCESS {
		isOK = true
		next = func(returnData interface{}) {
			ctx.JSON(200, gin.H{
				"suc":  true,
				"data": returnData,
			})
		}
		return
	}
	if h.elh != nil {
		h.elh.HandlingOtherEncryptedRequestFailed(ctx.Request, ve, ie)
	}
	switch ve {
	case zllauth1.LFT_DECODE_HEX_FAIL:
		{
			ctx.JSON(200, gin.H{
				"suc":           true,
				"login_suc":     false,
				"login_ecode":   "argument_transport_error",
				"external_info": "decode hex failed",
			})
			return
		}
	case zllauth1.LFT_DECRYPT_SM2_FAIL:
		{
			ctx.JSON(200, gin.H{
				"suc":           true,
				"login_suc":     false,
				"login_ecode":   "argument_transport_error",
				"external_info": "decrypt sm2 failed",
			})
			return
		}
	default:
		{
			ctx.JSON(200, gin.H{
				"suc":       false,
				"err_hcode": 502,
				"err_ecode": 3,
				"err_msg":   "internal server error",
			})
			return
		}
	}
}

func (h *ZLLAuthGinHandler) CheckJWT(jwtstr string) (ok bool, extData map[string]interface{}) {
	se, exi, _, _ := h.zllhdl.CheckJWT(jwtstr)
	if se {
		return true, exi
	}
	return false, nil
}

func (h *ZLLAuthGinHandler) wh_RenewJWT(ctx *gin.Context) {
	var jdata JsonDef_RenewJWT
	err := ctx.BindJSON(&jdata)
	if err != nil {
		if h.elh != nil {
			h.elh.JsonDecodeError("login", ctx.Request, err)
		}
		ctx.JSON(200, gin.H{
			"suc":       false,
			"err_hcode": 400,
			"err_ecode": 2,
			"err_msg":   "invalid arguments",
		})
		return
	}
	se, njwt, ve, err := h.zllhdl.RenewJWT(jdata.OldJWT)
	if se {
		ctx.JSON(200, gin.H{
			"suc":       true,
			"renew_suc": true,
			"jwt": gin.H{
				"token":       njwt.JwtStr,
				"issue_time":  njwt.IssueTime,
				"expire_time": njwt.ExpireTime,
				"ttl":         float64(h.zllhdl.GetJwtTTL()) / 1000_000_000,
			},
		})
		return
	}
	if h.elh != nil {
		h.elh.RenewJWTFailed(ctx.Request, ve, err)
	}
	switch ve {
	case zllauth1.LFT_JWT_CHECK_FAIL:
		{
			ctx.JSON(200, gin.H{
				"suc":         true,
				"renew_suc":   false,
				"renew_ecode": "jwt_check_fail",
			})
			return
		}
	case zllauth1.LFT_JWT_SUBJECT_NOT_MATCH:
		{
			ctx.JSON(200, gin.H{
				"suc":         true,
				"renew_suc":   false,
				"renew_ecode": "jwt_subject_not_match",
			})
			return
		}
	case zllauth1.LFT_JWT_ISSUER_NOT_MATCH:
		{
			ctx.JSON(200, gin.H{
				"suc":         true,
				"renew_suc":   false,
				"renew_ecode": "jwt_issuer_not_match",
			})
			return
		}
	case zllauth1.LFT_JWT_SIGN_ERROR:
		{
			ctx.JSON(200, gin.H{
				"suc":         true,
				"renew_suc":   false,
				"renew_ecode": "jwt_sign_fail",
			})
			return
		}
	default:
		{
			ctx.JSON(200, gin.H{
				"suc":         true,
				"renew_suc":   false,
				"renew_ecode": "internal_error",
			})
			return
		}
	}
}