github.com/insionng/yougam@v0.0.0-20170714101924-2bc18d833463/modules/setting/auth.go (about) 1 package setting 2 3 import ( 4 "fmt" 5 "runtime" 6 7 "github.com/insionng/makross" 8 "github.com/insionng/yougam/helper" 9 simplejson "github.com/insionng/yougam/libraries/bitly/go-simplejson" 10 "github.com/insionng/yougam/models" 11 ) 12 13 // AuthWebMiddler 会员或管理员前台权限认证 14 func AuthWebMiddler() makross.Handler { 15 return func(self *makross.Context) error { 16 var user = new(models.User) 17 if sUser, okay := self.Session.Get("SignedUser").(*models.User); okay { 18 user = sUser 19 } 20 if !(user != nil) { 21 if nx := self.Args("next").String(); len(nx) != 0 { 22 self.Abort() 23 return self.Redirect(fmt.Sprintf("/sigin/?next=%v", nx)) 24 } else { 25 self.Abort() 26 return self.Redirect(fmt.Sprintf("/sigin/?next=%v", self.RequestURI())) 27 } 28 } 29 return self.Next() 30 } 31 } 32 33 // RootMiddler 管理员后台后台认证 34 func RootMiddler() makross.Handler { 35 return func(self *makross.Context) error { 36 var IsRoot, IsSignin bool 37 if sUser, okay := self.Session.Get("SignedUser").(*models.User); okay { 38 IsSignin = true 39 IsRoot = (sUser.Role == -1000) 40 } 41 if IsSignin { 42 if !IsRoot { 43 self.Abort() 44 return self.Redirect("/root/signin/") 45 } else { 46 self.Set("remoteproto", self.Scheme()) 47 self.Set("remotehost", self.RealIP()) 48 self.Set("remoteos", runtime.GOOS) 49 self.Set("remotearch", runtime.GOARCH) 50 self.Set("remotecpus", runtime.NumCPU()) 51 return nil 52 } 53 } 54 self.Abort() 55 return self.Redirect("/") 56 } 57 } 58 59 // APISessionMiddler Session级权限认证 60 func APISessionMiddler() makross.Handler { 61 return func(self *makross.Context) error { 62 if _, okay := self.Session.Get("SignedUser").(*models.User); !okay { 63 //返回401未认证状态终止服务 64 return self.NoContent(401) 65 } 66 return self.Next() 67 } 68 } 69 70 // APICryptMiddler AES128COM加密验证+SESSION(客户端须开启COOKIES)权限认证 71 func APICryptMiddler() makross.Handler { 72 return func(self *makross.Context) error { 73 74 //验证加密请求是否以form data的形式提交 75 var datas string 76 if dt := self.FormValue("data"); len(dt) > 0 { 77 datas = dt 78 //fmt.Println("datas:", datas) 79 } else { 80 //如果不是form data 则设为http self.Req.Body 81 b := []byte(nil) 82 self.Write(b) 83 datas = string(b) 84 } 85 86 if len(datas) == 0 { 87 crypted, _ := helper.SetJsonCOMEncrypt(0, "提交的数据为空!", nil) 88 return self.String(crypted) 89 } 90 91 if s, err := helper.Aes128COMDecrypt(datas, helper.AesConstKey); err != nil { 92 crypted, _ := helper.SetJsonCOMEncrypt(0, "无法通过安全校验!", nil) 93 return self.String(crypted) 94 } else { 95 self.Set("decrypts", s) 96 if j, err := simplejson.NewJson([]byte(s)); err != nil { 97 98 crypted, _ := helper.SetJsonCOMEncrypt(0, err.Error(), nil) 99 return self.String(crypted) 100 101 } else { 102 if action, err := j.Get("action").String(); err == nil { 103 isPass := bool(false) 104 //以下请求动作均跳过self.Session.限检查 105 if action == "userSignup" || action == "userSignin" || action == "userSignout" || action == "getHomePostList" || action == "getContent" || action == "getComment" || action == "getUserPostList" { 106 isPass = true 107 } 108 109 //客户端方面除了上面跳过的请求,其他的每个请求都需要附带含self.Session.d的cookies头 110 if /*(self.Session.role == 0) && */ !isPass { //此处即为未在cookies中附带self.Session.d 111 crypted, _ := helper.SetJsonCOMEncrypt(0, "尚未登录认证!", nil) 112 return self.String(crypted) 113 114 } 115 116 } else { 117 crypted, _ := helper.SetJsonCOMEncrypt(0, err.Error(), nil) 118 return self.String(crypted) 119 } 120 121 } 122 } 123 return self.Next() 124 } 125 }