add user role middleware auth

cmd/tel.go

@@ -11,6 +11,7 @@ var telCmd = &cobra.Command{
 	Short: "fake ssh server",
 	Long:  ``,
 	Run: func(cmd *cobra.Command, args []string) {
+		fssh.LoadOrCreateKey()
 		fssh.ThisRun()
 	},
 }

cronjob/core.go

@@ -49,7 +49,7 @@ type Job struct {
 	fparams map[string]([]interface{})
 }
 
-// Create a new job with the time interval.
+// CreateUserOfRole a new job with the time interval.
 func NewJob(intervel uint64) *Job {
 	return &Job{
 		intervel,
@@ -367,7 +367,7 @@ func (s *Scheduler) Less(i, j int) bool {
 	return s.jobs[j].nextRun.After(s.jobs[i].nextRun)
 }
 
-// Create a new scheduler
+// CreateUserOfRole a new scheduler
 func NewScheduler() *Scheduler {
 	return &Scheduler{[MAXJOBNUM]*Job{}, 0}
 }

flx/ssh.go

@@ -76,7 +76,7 @@ func publicKeyAuthFunc(kPath string) ssh.AuthMethod {
 	if err != nil {
 		log.Fatal("ssh key file read failed", err)
 	}
-	// Create the Signer for this private key.
+	// CreateUserOfRole the Signer for this private key.
 	signer, err := ssh.ParsePrivateKey(key)
 	if err != nil {
 		log.Fatal("ssh key signer failed", err)

fssh/gossh.go

@@ -28,7 +28,6 @@ func ThisRun()  {
 			return perm, nil
 		},
 		KeyboardInteractiveCallback: func(conn ssh.ConnMetadata, challenge ssh.KeyboardInteractiveChallenge) (*ssh.Permissions, error) {
-
 			return nil, nil
 		},
 		BannerCallback: func(conn ssh.ConnMetadata) string {

fssh/server.go

@@ -16,7 +16,7 @@ import (
 
 var hostKeySigner gossh.Signer
 
-func init() {
+func LoadOrCreateKey() {
 	s, err := createOrLoadKeySigner()
 	if err != nil {
 		log.Fatal(err)
@@ -60,7 +60,7 @@ func helloHandler(s ssh.Session) {
 		log.Fatal("unable to connect: ", err)
 	}
 	defer conn.Close()
-	// Create a fss
+	// CreateUserOfRole a fss
 	fss, err := conn.NewSession()
 	if err != nil {
 		log.Fatal("unable to create fss: ", err)

ginbro/tpl_data.go

@@ -320,12 +320,12 @@ func (m *{{.ModelName}}) Update() (err error) {
 	{{end}}
 	return crudUpdate(m, where)
 }
-//Create
-func (m *{{.ModelName}}) Create() (err error) {
+//CreateUserOfRole
+func (m *{{.ModelName}}) CreateUserOfRole() (err error) {
 	m.Id = 0
     {{if .IsAuthTable }}m.makePassword()
     {{end}}
-	return db.Create(m).Error
+	return db.CreateUserOfRole(m).Error
 }
 //Delete
 func (m *{{.ModelName}}) Delete() (err error) {
@@ -494,7 +494,7 @@ import (
 func init() {
 	groupApi.GET("{{.ResourceName}}",{{if .IsAuthTable}}jwtMiddleware,{{end}} {{.HandlerName}}All)
 	{{if .HasId}}groupApi.GET("{{.ResourceName}}/:id", {{if .IsAuthTable}}jwtMiddleware,{{end}} {{.HandlerName}}One){{end}}
-	groupApi.POST("{{.ResourceName}}", {{if .IsAuthTable}}jwtMiddleware,{{end}} {{.HandlerName}}Create)
+	groupApi.POST("{{.ResourceName}}", {{if .IsAuthTable}}jwtMiddleware,{{end}} {{.HandlerName}}CreateUserOfRole)
 	groupApi.PATCH("{{.ResourceName}}", {{if .IsAuthTable}}jwtMiddleware,{{end}} {{.HandlerName}}Update)
 	{{if .HasId}}groupApi.DELETE("{{.ResourceName}}/:id", {{if .IsAuthTable}}jwtMiddleware,{{end}} {{.HandlerName}}Delete){{end}}
 }
@@ -528,14 +528,14 @@ func {{.HandlerName}}One(c *gin.Context) {
 	jsonData(c, data)
 }
 {{end}}
-//Create
-func {{.HandlerName}}Create(c *gin.Context) {
+//CreateUserOfRole
+func {{.HandlerName}}CreateUserOfRole(c *gin.Context) {
 	var mdl model.{{.ModelName}}
 	err := c.ShouldBind(&mdl)
 	if handleError(c, err) {
 		return
 	}
-	err = mdl.Create()
+	err = mdl.CreateUserOfRole()
 	if handleError(c, err) {
 		return
 	}
@@ -599,7 +599,7 @@ import (
 func init() {
 	groupApi.GET("{{.ResourceName}}",{{.HandlerName}}All)
 	groupApi.GET("{{.ResourceName}}/:id", {{.HandlerName}}One)
-	groupApi.POST("{{.ResourceName}}", {{.HandlerName}}Create)
+	groupApi.POST("{{.ResourceName}}", {{.HandlerName}}CreateUserOfRole)
 	groupApi.PATCH("{{.ResourceName}}", {{.HandlerName}}Update)
 	groupApi.DELETE("{{.ResourceName}}/:id", {{.HandlerName}}Delete)
 }
@@ -612,8 +612,8 @@ func {{.HandlerName}}One(c *gin.Context) {
 
 
 }
-//Create
-func {{.HandlerName}}Create(c *gin.Context) {
+//CreateUserOfRole
+func {{.HandlerName}}CreateUserOfRole(c *gin.Context) {
 
 }
 //Update
@@ -1331,7 +1331,7 @@ type Job struct {
 	fparams map[string]([]interface{})
 }
 
-// Create a new job with the time interval.
+// CreateUserOfRole a new job with the time interval.
 func NewJob(intervel uint64) *Job {
 	return &Job{
 		intervel,
@@ -1649,7 +1649,7 @@ func (s *Scheduler) Less(i, j int) bool {
 	return s.jobs[j].nextRun.After(s.jobs[i].nextRun)
 }
 
-// Create a new scheduler
+// CreateUserOfRole a new scheduler
 func NewScheduler() *Scheduler {
 	return &Scheduler{[MAXJOBNUM]*Job{}, 0}
 }

model/m_comment.go

@@ -70,7 +70,7 @@ func (m *Comment) Action(id, uid uint, action string) (err error) {
 	return db.Model(m).Update(m).Error
 }
 
-//Create
+//CreateUserOfRole
 func (m *Comment) Create() (err error) {
 	m.Id = 0
 	m.LikeUids = nil

model/m_ginbro.go

@@ -17,7 +17,7 @@ type Ginbro struct {
 	DbType     string `json:"db_type" form:"db_type"`
 }
 
-//Create
+//CreateUserOfRole
 func (m *Ginbro) Create() (err error) {
 	m.Id = 0
 	return db.Create(m).Error

model/m_jwt.go

@@ -3,7 +3,6 @@ package model
 import (
 	"errors"
 	"fmt"
-	"strconv"
 	"time"
 
 	"github.com/dgrijalva/jwt-go"
@@ -14,7 +13,23 @@ var AppSecret = ""
 var AppIss = "github.com/dejavuzhou/felix"
 var ExpireTime = time.Hour * 24
 
-func jwtGenerateToken(m *User) (*jwtObj, error) {
+type userStdClaims struct {
+	jwt.StandardClaims
+	*User
+}
+
+func (c userStdClaims) Valid() (err error) {
+	err = c.StandardClaims.Valid()
+	if err != nil {
+		return err
+	}
+	if c.User.Id < 1 {
+		return errors.New("invalid user in jwt")
+	}
+	return
+}
+
+func jwtGenerateToken(m *User) (string, error) {
 	m.Password = ""
 	expireAfterTime := time.Hour * 24
 	expireTime := time.Now().Add(expireAfterTime)
@@ -24,44 +39,42 @@ func jwtGenerateToken(m *User) (*jwtObj, error) {
 		Id:        fmt.Sprintf("%d", m.Id),
 		Issuer:    AppIss,
 	}
-	token := jwt.NewWithClaims(jwt.SigningMethodHS256, stdClaims)
+
+	uClaims := userStdClaims{
+		StandardClaims: stdClaims,
+		User:           m,
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, uClaims)
 	// Sign and get the complete encoded token as a string using the secret
 	tokenString, err := token.SignedString([]byte(AppSecret))
 	if err != nil {
 		logrus.WithError(err).Fatal("config is wrong, can not generate jwt")
 	}
-	data := &jwtObj{User: *m, Token: tokenString, Expire: expireTime, ExpireTs: expireTime.Unix()}
-	return data, err
+	return tokenString, err
 }
 
-type jwtObj struct {
-	User
-	Token    string    `json:"token"`
-	Expire   time.Time `json:"expire"`
-	ExpireTs int64     `json:"expire_ts"`
-}
 
 //JwtParseUser
-func JwtParseUser(tokenString string) (uint, error) {
+func JwtParseUser(tokenString string) (*User, error) {
 	if tokenString == "" {
-		return 0, errors.New("no token is found in Authorization Bearer")
+		return nil, errors.New("no token is found in Authorization Bearer")
 	}
-	claims := jwt.StandardClaims{}
+	claims := userStdClaims{}
 	_, err := jwt.ParseWithClaims(tokenString, &claims, func(token *jwt.Token) (interface{}, error) {
 		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
 			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
 		}
 		return []byte(AppSecret), nil
 	})
 	if err != nil {
-		return 0, err
+		return nil, err
 	}
 	if claims.VerifyExpiresAt(time.Now().Unix(), true) == false {
-		return 0, errors.New("token is expired")
+		return nil, errors.New("token is expired")
 	}
 	if !claims.VerifyIssuer(AppIss, true) {
-		return 0, errors.New("token's issuer is wrong")
+		return nil, errors.New("token's issuer is wrong")
 	}
-	uid, err := strconv.ParseUint(claims.Id, 10, 64)
-	return uint(uid), err
+	return claims.User, err
 }

model/m_machine.go

@@ -88,7 +88,7 @@ func (m *Machine) Update() (err error) {
 	return db.Model(m).Update(m).Error
 }
 
-//Create insert a row
+//CreateUserOfRole insert a row
 func (m *Machine) Create() (err error) {
 	m.Id = 0
 	return db.Create(m).Error

model/m_ssh_log.go

@@ -64,7 +64,7 @@ func (m *SshLog) Update() (err error) {
 	return db.Model(m).Update(m).Error
 }
 
-//Create
+//CreateUserOfRole
 func (m *SshLog) Create() (err error) {
 	m.Id = 0
 	return db.Create(m).Error

model/m_users.go

@@ -2,6 +2,7 @@ package model
 
 import (
 	"errors"
+	"fmt"
 	"time"
 
 	"github.com/sirupsen/logrus"
@@ -18,7 +19,7 @@ type User struct {
 	Email          string        `gorm:"column:email" form:"email" json:"email" comment:"邮箱" columnType:"varchar(255)" dataType:"varchar" columnKey:"UNI"`
 	Mobile         string        `gorm:"column:mobile" form:"mobile" json:"mobile" comment:"手机号码" columnType:"varchar(11)" dataType:"varchar" columnKey:"UNI"`
 	Password       string        `gorm:"column:password" form:"password" json:"password,omitempty" comment:"密码" columnType:"varchar(255)" dataType:"varchar" columnKey:""`
-	RoleId         uint          `gorm:"column:role_id" form:"role_id" json:"role_id" comment:"角色ID:2-超级用户,4-普通用户" columnType:"int(10) unsigned" dataType:"int" columnKey:""`
+	RoleId         uint          `gorm:"column:role_id" form:"role_id" json:"role_id" comment:"角色ID:2-超级用户,4-普通用户8-评论用户" columnType:"int(10) unsigned" dataType:"int" columnKey:""`
 	Status         uint          `gorm:"column:status" form:"status" json:"status" comment:"状态: 1-正常,2-禁用/删除" columnType:"int(10) unsigned" dataType:"int" columnKey:""`
 	Avatar         string        `gorm:"column:avatar" form:"avatar" json:"avatar" comment:"用户头像" columnType:"varchar(255)" dataType:"varchar" columnKey:""`
 	Remark         string        `gorm:"column:remark" form:"remark" json:"remark" comment:"备注" columnType:"varchar(255)" dataType:"varchar" columnKey:""`
@@ -52,11 +53,11 @@ func (m *User) Update() (err error) {
 	return db.Model(m).Update(m).Error
 }
 
-//Create
-func (m *User) Create() (err error) {
+//CreateUserOfRole
+func (m *User) CreateUserOfRole(role uint) (err error) {
 	m.Id = 0
 	m.makePassword()
-	m.RoleId = 4
+	m.RoleId = role //评论用户
 	return db.Create(m).Error
 }
 
@@ -69,20 +70,23 @@ func (m *User) Delete() (err error) {
 }
 
 //Login
-func (m *User) Login(ip string) (*jwtObj, error) {
+func (m *User) Login(ip string, roleId uint) (string, error) {
 	m.Id = 0
 	if m.Password == "" {
-		return nil, errors.New("password is required")
+		return "", errors.New("password is required")
 	}
 	inputPassword := m.Password
 
 	err := db.Where("username = ? or email = ?", m.Username, m.Username).First(&m).Error
 	if err != nil {
-		return nil, err
+		return "", err
+	}
+	if (m.RoleId & roleId) != roleId {
+		return "", fmt.Errorf("not role of %d",roleId)
 	}
 	//password is set to bcrypt check
 	if err := bcrypt.CompareHashAndPassword([]byte(m.HashedPassword), []byte(inputPassword)); err != nil {
-		return nil, err
+		return "", err
 	}
 	m.Password = ""
 	data, err := jwtGenerateToken(m)

ssh2ws/internal/h_ginbro.go

@@ -73,7 +73,7 @@ func GinbroDownload(c *gin.Context) {
 
 	buf := new(bytes.Buffer)
 
-	// Create a new zip archive.
+	// CreateUserOfRole a new zip archive.
 	w := zip.NewWriter(buf)
 
 	err := filepath.Walk(srcPath, func(path string, fi os.FileInfo, err error) error {

ssh2ws/internal/h_login.go

@@ -6,14 +6,28 @@ import (
 	"github.com/spf13/viper"
 )
 
-func Login(c *gin.Context) {
+func LoginAdmin(c *gin.Context) {
 	var mdl model.User
 	err := c.ShouldBind(&mdl)
 	if handleError(c, err) {
 		return
 	}
 	ip := c.ClientIP()
-	data, err := mdl.Login(ip)
+	data, err := mdl.Login(ip, 2)
+	if handleError(c, err) {
+		return
+	}
+	jsonData(c, data)
+}
+
+func LoginCommenter(c *gin.Context) {
+	var mdl model.User
+	err := c.ShouldBind(&mdl)
+	if handleError(c, err) {
+		return
+	}
+	ip := c.ClientIP()
+	data, err := mdl.Login(ip, 8)
 	if handleError(c, err) {
 		return
 	}

ssh2ws/internal/h_user.go

@@ -19,13 +19,13 @@ func UserAll(c *gin.Context) {
 	jsonPagination(c, list, total, query)
 }
 
-func UserCreate(c *gin.Context) {
+func RegisterCommenter(c *gin.Context) {
 	var mdl model.User
 	err := c.ShouldBind(&mdl)
 	if handleError(c, err) {
 		return
 	}
-	err = mdl.Create()
+	err = mdl.CreateUserOfRole(8)
 	if handleError(c, err) {
 		return
 	}