-
Notifications
You must be signed in to change notification settings - Fork 0
/
route_token.go
137 lines (119 loc) · 4.07 KB
/
route_token.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
// SPDX-License-Identifier: MIT
package admin
import (
"errors"
"net/http"
"github.com/issue9/web"
"github.com/issue9/cmfx"
"github.com/issue9/cmfx/pkg/passport"
"github.com/issue9/cmfx/pkg/rules"
)
type cert struct {
XMLName struct{} `json:"-" xml:"login"`
Username string `json:"username" xml:"username"`
Password string `json:"password" xml:"password"`
}
func (c *cert) CTXSanitize(ctx *web.Context, v *web.Validation) {
v.AddField(c.Username, "username", rules.Required).
AddField(c.Password, "password", rules.Required)
}
// <api method="POST" summary="管理员登录">
// <path path="/login" />
// <server>admin</server>
// <tag>admin</tag>
// <tag>auth</tag>
// <request type="object" name="login">
//
// <param name="username" type="string" summary="用户名" />
// <param name="password" type="string" summary="密码" />
//
// </request>
// <response status="201" type="object">
//
// <param name="uid" type="number" summary="用户 ID" />
// <param name="expires" type="number" summary="过期时间,单位秒" />
// <param name="access_token" type="string" summary="AccessToken" />
// <param name="refresh_token" type="string" summary="RefreshToken" />
//
// </response>
// </api>
func (m *Admin) postLogin(ctx *web.Context) web.Responser {
data := &cert{}
if resp := ctx.Read(true, data, cmfx.BadRequestInvalidBody); resp != nil {
return resp
}
// 密码错误
uid, err := m.password.Valid(nil, data.Username, data.Password)
switch {
case errors.Is(err, passport.ErrUnauthorized):
return ctx.Problem(cmfx.Unauthorized)
case err != nil:
return ctx.InternalServerError(err)
}
a := &modelAdmin{
ID: uid,
}
found, err := m.dbPrefix.DB(m.db).Select(a)
if err != nil {
return ctx.InternalServerError(err)
}
if !found {
ctx.Server().Logs().Debugf("用户名 %v 不存在\n", data.Username)
return ctx.Problem(cmfx.Unauthorized)
}
if a.State != StateNormal {
return ctx.Problem(cmfx.Unauthorized)
}
if err := m.securitylog.AddWithContext(a.ID, ctx, "登录"); err != nil {
ctx.Server().Logs().Error(err)
}
return m.tokenServer.New(ctx, http.StatusCreated, newClaims(a.ID))
}
// <api method="DELETE" summary="注销当前管理员的登录">
// <path path="/login" />
// <server>admin</server>
// <tag>admin</tag>
// <tag>auth</tag>
// <response status="204" />
// </api>
func (m *Admin) deleteLogin(ctx *web.Context) web.Responser {
if err := m.tokenServer.BlockToken(m.tokenServer.GetToken(ctx)); err != nil {
ctx.Server().Logs().ERROR().Error(err)
}
return web.Status(http.StatusNoContent, "Clear-Site-Data", `"cookies", "storage"`)
}
// <api method="get" summary="续定 token">
//
// <server>admin</server>
// <tag>auth</tag>
// <tag>admin</tag>
// <path path="/token" />
// <request>
// <header name="Authorization" type="string" summary="登录凭证 token" />
// </request>
// <response status="201" type="object">
// <param name="uid" type="number" summary="用户 ID" />
// <param name="expires" type="number" summary="过期时间,单位秒" />
// <param name="access_token" type="string" summary="AccessToken" />
// <param name="refresh_token" type="string" summary="refreshToken" />
// </response>
//
// </api>
func (m *Admin) getToken(ctx *web.Context) web.Responser {
if xx, found := m.tokenServer.GetValue(ctx); found {
if xx.BaseToken() == "" {
return web.Status(http.StatusForbidden)
}
if err := m.tokenServer.BlockToken(m.tokenServer.GetToken(ctx)); err != nil {
return ctx.InternalServerError(err)
}
if err := m.tokenServer.BlockToken(xx.BaseToken()); err != nil {
return ctx.InternalServerError(err)
}
if err := m.securitylog.AddWithContext(xx.UID, ctx, "刷新令牌"); err != nil {
ctx.Server().Logs().Error(err)
}
return m.tokenServer.New(ctx, http.StatusCreated, newClaims(xx.UID))
}
return web.Status(http.StatusUnauthorized)
}