aarongao / leyoutu_server

Download as
Browse Code »

Commit 025a2fc14ca58f3d827e5f14644b354debc6109b

Authored by aarongao
1 parent b03775ca
Exists in v1.2 and in 1 other branch v1.1

.

Showing 6 changed files with 121 additions and 13 deletions   Show diff stats
API/DealyMessage.go
  Diff comments   View file @025a2fc
... ... @@ -8,6 +8,7 @@ import (
8 8 "go.mongodb.org/mongo-driver/bson/primitive"
9 9 "letu/Config"
10 10 "letu/DB"
  11 + "letu/Lib/Auth"
11 12 "letu/Lib/DelayMessage"
12 13 )
13 14  
... ... @@ -26,7 +27,9 @@ func DealyMessageInfo(c *gin.Context) {
26 27  
27 28 _user, _ := c.Get("UserInfo")
28 29 user := _user.(*DB.SMember)
29   - if c.Query("UserId") != user.Id.Hex() {
  30 +
  31 + err := Auth.CheckUserAuth(c.Query("UserId"), user)
  32 + if err != nil {
30 33 c.JSON(200, tools.ResponseError{
31 34 401,
32 35 "没有权限",
... ... @@ -73,8 +76,10 @@ func CreateDealyMessage(c *gin.Context) {
73 76  
74 77  
75 78 _user, _ := c.Get("UserInfo")
76   - userToken := _user.(*DB.SMember)
77   - if c.PostForm("UserId") != userToken.Id.Hex(){
  79 + user := _user.(*DB.SMember)
  80 +
  81 + err := Auth.CheckUserAuth(c.PostForm("UserId"), user)
  82 + if err != nil {
78 83 c.JSON(200, tools.ResponseError{
79 84 401,
80 85 "没有权限",
... ... @@ -82,7 +87,7 @@ func CreateDealyMessage(c *gin.Context) {
82 87 return
83 88 }
84 89  
85   - _, err := primitive.ObjectIDFromHex(c.PostForm("UserId"))
  90 + _, err = primitive.ObjectIDFromHex(c.PostForm("UserId"))
86 91 if err != nil {
87 92 c.JSON(200, tools.ResponseError{
88 93 1,
... ... @@ -124,8 +129,10 @@ func RemoveDealyMessage(c *gin.Context) {
124 129 c.Header("Access-Control-Allow-Credentials", "true")
125 130  
126 131 _user, _ := c.Get("UserInfo")
127   - userToken := _user.(*DB.SMember)
128   - if c.PostForm("UserId") != userToken.Id.Hex(){
  132 + user := _user.(*DB.SMember)
  133 +
  134 + err := Auth.CheckUserAuth(c.PostForm("UserId"), user)
  135 + if err != nil {
129 136 c.JSON(200, tools.ResponseError{
130 137 401,
131 138 "没有权限",
... ... @@ -133,7 +140,7 @@ func RemoveDealyMessage(c *gin.Context) {
133 140 return
134 141 }
135 142  
136   - _, err := primitive.ObjectIDFromHex(c.PostForm("UserId"))
  143 + _, err = primitive.ObjectIDFromHex(c.PostForm("UserId"))
137 144 if err != nil {
138 145 c.JSON(200, tools.ResponseError{
139 146 1,
... ...
API/SystemInfo.go 0 → 100644
  Diff comments   View file @025a2fc
... ... @@ -0,0 +1,33 @@
  1 +package Api
  2 +
  3 +import (
  4 + "github.com/aarongao/tools"
  5 + "github.com/gin-gonic/gin"
  6 + "letu/Config"
  7 + "letu/DB"
  8 +)
  9 +
  10 +// @Title 查询系统信息接口
  11 +// @Description 查询系统信息接口
  12 +// @Accept json
  13 +// @Produce json
  14 +// @Success 200 {object} tools.ResponseSeccess "Version=最新版本号UpdateLocationInterval上报位置时间间隔(秒)"
  15 +// @Failure 500 {object} tools.ResponseError "{"errcode":1,"errmsg":"错误原因"}"
  16 +// @Router /SystemInfo? [get]
  17 +func SystemInfo(c *gin.Context) {
  18 + c.Header("Access-Control-Allow-Origin", c.Request.Header.Get("Origin"))
  19 + c.Header("Access-Control-Allow-Credentials", "true")
  20 +
  21 + info := make(map[string]interface{})
  22 + info["Version"] = Config.Info.Version
  23 +
  24 +
  25 + UpdateLocationInterval := DB.Redis.Get("UpdateLocationInterval")
  26 + info["UpdateLocationInterval"] = UpdateLocationInterval
  27 +
  28 + c.JSON(200, tools.ResponseSeccess{
  29 + 0,
  30 + info,
  31 + })
  32 +
  33 +}
... ...
API/User.go
  Diff comments   View file @025a2fc
... ... @@ -8,6 +8,7 @@ import (
8 8 "go.mongodb.org/mongo-driver/bson/primitive"
9 9 "go.mongodb.org/mongo-driver/mongo/options"
10 10 "letu/DB"
  11 + "letu/Lib/Auth"
11 12 "letu/Lib/JWT"
12 13 "regexp"
13 14 "time"
... ... @@ -165,6 +166,7 @@ func RegisterDevice(c *gin.Context) {
165 166 // @Accept json
166 167 // @Produce json
167 168 // @Param id aaron string true "用户id"
  169 +// @Param Token wgergejfwe string true "用户token"
168 170 // @Success 200 {object} tools.ResponseSeccess "{"errcode":0,"result":{"Id":"5e09c64c1c09c6f0f7ca2fa9","Token":"640bf934e425aba5d3c90998b2641f2f0ca07261d334d9615d1cd4790b5f34e7"}}"
169 171 // @Failure 500 {object} tools.ResponseError "{"errcode":1,"errmsg":"错误原因"}"
170 172 // @Router /UserInfo? [get]
... ... @@ -172,6 +174,9 @@ func UserInfo(c *gin.Context) {
172 174 c.Header("Access-Control-Allow-Origin", c.Request.Header.Get("Origin"))
173 175 c.Header("Access-Control-Allow-Credentials", "true")
174 176  
  177 + _user, _ := c.Get("UserInfo")
  178 + user := _user.(*DB.SMember)
  179 +
175 180 objID, err := primitive.ObjectIDFromHex(c.Query("id"))
176 181 if err != nil {
177 182 c.JSON(200, tools.ResponseError{
... ... @@ -185,6 +190,13 @@ func UserInfo(c *gin.Context) {
185 190 DB.CMember.FindOne(tools.GetContext(), bson.M{"_id": objID}).Decode(&User)
186 191  
187 192 User.Device = &DB.SDevice{}
  193 +
  194 + if user.UserType == "visitor" {
  195 + User.Username = ""
  196 + User.Password = ""
  197 + User.Auth = nil
  198 + }
  199 +
188 200 c.JSON(200, tools.ResponseSeccess{
189 201 0,
190 202 User,
... ... @@ -251,6 +263,15 @@ func UpdateUser(c *gin.Context) {
251 263 _user, _ := c.Get("UserInfo")
252 264 user := _user.(*DB.SMember)
253 265  
  266 + err := Auth.CheckUserAuth(c.PostForm("id"), user)
  267 + if err != nil {
  268 + c.JSON(200, tools.ResponseError{
  269 + 401,
  270 + "没有权限",
  271 + })
  272 + return
  273 + }
  274 +
254 275 if c.PostForm("id") != user.Id.Hex() {
255 276 c.JSON(200, tools.ResponseError{
256 277 401,
... ... @@ -288,7 +309,7 @@ func UpdateUser(c *gin.Context) {
288 309 }
289 310  
290 311 objID, _ := primitive.ObjectIDFromHex(c.PostForm("id"))
291   - _, err := DB.CMember.UpdateOne(tools.GetContext(),
  312 + _, err = DB.CMember.UpdateOne(tools.GetContext(),
292 313 bson.M{"_id": objID},
293 314 bson.M{"$set": bson.M{
294 315 "Birthday": c.PostForm("Birthday"),
... ... @@ -329,9 +350,12 @@ func RemoveUser(c *gin.Context) {
329 350 c.Header("Access-Control-Allow-Origin", c.Request.Header.Get("Origin"))
330 351 c.Header("Access-Control-Allow-Credentials", "true")
331 352  
  353 +
332 354 _user, _ := c.Get("UserInfo")
333 355 user := _user.(*DB.SMember)
334   - if c.PostForm("id") != user.Id.Hex() {
  356 +
  357 + err := Auth.CheckUserAuth(c.PostForm("id"), user)
  358 + if err != nil {
335 359 c.JSON(200, tools.ResponseError{
336 360 401,
337 361 "没有权限",
... ...
Lib/Auth/Auth.go
  Diff comments   View file @025a2fc
... ... @@ -4,6 +4,7 @@ import (
4 4 "github.com/aarongao/tools"
5 5 "github.com/gin-gonic/gin"
6 6 "github.com/pkg/errors"
  7 + "go.mongodb.org/mongo-driver/bson/primitive"
7 8 "letu/DB"
8 9 "letu/Lib/JWT"
9 10 )
... ... @@ -31,7 +32,6 @@ func Modules(c *gin.Context) {
31 32 0,
32 33 rs,
33 34 })
34   -
35 35 }
36 36  
37 37 // 检查基础权限
... ... @@ -53,6 +53,13 @@ func CheckAuthFunc(handFunc func(c *gin.Context), auth *DB.SModel) func(c *gin.C
53 53 if token == "" {
54 54 token = c.Request.Header.Get("Token")
55 55 }
  56 + if token == "" {
  57 + c.JSON(200, tools.ResponseError{
  58 + 1,
  59 + "缺少Token",
  60 + })
  61 + return
  62 + }
56 63  
57 64 // 解析token
58 65 user, err := JWT.ParseToken(token)
... ... @@ -89,6 +96,11 @@ func CheckScenicAuth(ScenicId string, user *DB.SMember) error {
89 96 return errors.New("景区id不能为空")
90 97 }
91 98  
  99 + _, err := primitive.ObjectIDFromHex(ScenicId)
  100 + if err != nil {
  101 + return errors.New("景区id格式不正确")
  102 + }
  103 +
92 104 if user.UserType == "operator" {
93 105 if user.ScenicId != ScenicId {
94 106 return errors.New("权限不正确(需要正确的Token和ScenicId)")
... ... @@ -96,3 +108,23 @@ func CheckScenicAuth(ScenicId string, user *DB.SMember) error {
96 108 }
97 109 return nil
98 110 }
  111 +
  112 +func CheckUserAuth(UserId string, user *DB.SMember) error {
  113 +
  114 + if UserId == "" {
  115 + return errors.New("用户id不能为空")
  116 + }
  117 +
  118 + _, err := primitive.ObjectIDFromHex(UserId)
  119 + if err != nil {
  120 + return errors.New("用户id格式不正确")
  121 + }
  122 +
  123 + if user.UserType == "visitor" {
  124 + if UserId != user.Id.Hex() {
  125 + return errors.New("权限不正确(需要正确的Token和UserId)")
  126 + }
  127 + }
  128 +
  129 + return nil
  130 +}
... ...
Version.md
  Diff comments   View file @025a2fc
... ... @@ -6,8 +6,19 @@
6 6  
7 7 ##### 变更说明:
8 8  
9   -1. /UserInfo接口增加权限验证(需要携带Token),区分游客和操作员
10   -2.
  9 +1. /UserInfo接口增加权限验证(需要携带Token),游客只能查询自己信息,操作员可查询所有。
  10 +
  11 +2. /SystemInfo 新增系统信息接口
  12 +
  13 + ```
  14 + {
  15 + "errcode": 0,
  16 + "result": {
  17 + "UpdateLocationInterval": 30,//上报位置时间间隔(秒)
  18 + "Version": "v1.1"//最新版本号
  19 + }
  20 + }
  21 + ```
11 22  
12 23 ##### 发布流程:
13 24  
... ...
main.go
  Diff comments   View file @025a2fc
... ... @@ -114,7 +114,7 @@ func main() {
114 114 //InitController("/CreateUser", Api.CreateUser)
115 115 InitController("POST", "/LoginUser", Api.LoginUser, &DB.SModel{})
116 116 InitController("POST", "/UpdateUser", Api.UpdateUser, &DB.SModel{"用户管理", "修改"})
117   - InitController("GET", "/UserInfo", Api.UserInfo, &DB.SModel{})
  117 + InitController("GET", "/UserInfo", Api.UserInfo, &DB.SModel{"用户管理", "查看单条"})
118 118 InitController("GET", "/ScenicInfo", Api.ScenicInfo, &DB.SModel{})
119 119 InitController("GET", "/LineInfo", Api.LineInfo, &DB.SModel{})
120 120 InitController("GET", "/AllTag", Api.AllTag, &DB.SModel{})
... ... @@ -151,6 +151,7 @@ func main() {
151 151 InitController("POST", "/LoginOperator", Api.LoginOperator, &DB.SModel{})
152 152 InitController("POST", "/UpdateOperator", Api.UpdateOperator, &DB.SModel{"操作员管理", "增加和修改"})
153 153 InitController("GET", "/AllOperator", Api.AllOperator, &DB.SModel{"操作员管理", "查看所有"})
  154 + InitController("GET", "/SystemInfo", Api.SystemInfo, &DB.SModel{})
154 155 Gin.GET("/AllModules", Auth.Modules)
155 156 //InitController("/ws", Api.WsPage)
156 157  
... ...