diff --git a/API/DealyMessage.go b/API/DealyMessage.go index 3876a63..4e0fd69 100644 --- a/API/DealyMessage.go +++ b/API/DealyMessage.go @@ -8,6 +8,7 @@ import ( "go.mongodb.org/mongo-driver/bson/primitive" "letu/Config" "letu/DB" + "letu/Lib/Auth" "letu/Lib/DelayMessage" ) @@ -26,7 +27,9 @@ func DealyMessageInfo(c *gin.Context) { _user, _ := c.Get("UserInfo") user := _user.(*DB.SMember) - if c.Query("UserId") != user.Id.Hex() { + + err := Auth.CheckUserAuth(c.Query("UserId"), user) + if err != nil { c.JSON(200, tools.ResponseError{ 401, "没有权限", @@ -73,8 +76,10 @@ func CreateDealyMessage(c *gin.Context) { _user, _ := c.Get("UserInfo") - userToken := _user.(*DB.SMember) - if c.PostForm("UserId") != userToken.Id.Hex(){ + user := _user.(*DB.SMember) + + err := Auth.CheckUserAuth(c.PostForm("UserId"), user) + if err != nil { c.JSON(200, tools.ResponseError{ 401, "没有权限", @@ -82,7 +87,7 @@ func CreateDealyMessage(c *gin.Context) { return } - _, err := primitive.ObjectIDFromHex(c.PostForm("UserId")) + _, err = primitive.ObjectIDFromHex(c.PostForm("UserId")) if err != nil { c.JSON(200, tools.ResponseError{ 1, @@ -124,8 +129,10 @@ func RemoveDealyMessage(c *gin.Context) { c.Header("Access-Control-Allow-Credentials", "true") _user, _ := c.Get("UserInfo") - userToken := _user.(*DB.SMember) - if c.PostForm("UserId") != userToken.Id.Hex(){ + user := _user.(*DB.SMember) + + err := Auth.CheckUserAuth(c.PostForm("UserId"), user) + if err != nil { c.JSON(200, tools.ResponseError{ 401, "没有权限", @@ -133,7 +140,7 @@ func RemoveDealyMessage(c *gin.Context) { return } - _, err := primitive.ObjectIDFromHex(c.PostForm("UserId")) + _, err = primitive.ObjectIDFromHex(c.PostForm("UserId")) if err != nil { c.JSON(200, tools.ResponseError{ 1, diff --git a/API/SystemInfo.go b/API/SystemInfo.go new file mode 100644 index 0000000..7ff2e2e --- /dev/null +++ b/API/SystemInfo.go @@ -0,0 +1,33 @@ +package Api + +import ( + "github.com/aarongao/tools" + "github.com/gin-gonic/gin" + "letu/Config" + "letu/DB" +) + +// @Title 查询系统信息接口 +// @Description 查询系统信息接口 +// @Accept json +// @Produce json +// @Success 200 {object} tools.ResponseSeccess "Version=最新版本号UpdateLocationInterval上报位置时间间隔(秒)" +// @Failure 500 {object} tools.ResponseError "{"errcode":1,"errmsg":"错误原因"}" +// @Router /SystemInfo? [get] +func SystemInfo(c *gin.Context) { + c.Header("Access-Control-Allow-Origin", c.Request.Header.Get("Origin")) + c.Header("Access-Control-Allow-Credentials", "true") + + info := make(map[string]interface{}) + info["Version"] = Config.Info.Version + + + UpdateLocationInterval := DB.Redis.Get("UpdateLocationInterval") + info["UpdateLocationInterval"] = UpdateLocationInterval + + c.JSON(200, tools.ResponseSeccess{ + 0, + info, + }) + +} diff --git a/API/User.go b/API/User.go index 9830773..0f9d8fc 100644 --- a/API/User.go +++ b/API/User.go @@ -8,6 +8,7 @@ import ( "go.mongodb.org/mongo-driver/bson/primitive" "go.mongodb.org/mongo-driver/mongo/options" "letu/DB" + "letu/Lib/Auth" "letu/Lib/JWT" "regexp" "time" @@ -165,6 +166,7 @@ func RegisterDevice(c *gin.Context) { // @Accept json // @Produce json // @Param id aaron string true "用户id" +// @Param Token wgergejfwe string true "用户token" // @Success 200 {object} tools.ResponseSeccess "{"errcode":0,"result":{"Id":"5e09c64c1c09c6f0f7ca2fa9","Token":"640bf934e425aba5d3c90998b2641f2f0ca07261d334d9615d1cd4790b5f34e7"}}" // @Failure 500 {object} tools.ResponseError "{"errcode":1,"errmsg":"错误原因"}" // @Router /UserInfo? [get] @@ -172,6 +174,9 @@ func UserInfo(c *gin.Context) { c.Header("Access-Control-Allow-Origin", c.Request.Header.Get("Origin")) c.Header("Access-Control-Allow-Credentials", "true") + _user, _ := c.Get("UserInfo") + user := _user.(*DB.SMember) + objID, err := primitive.ObjectIDFromHex(c.Query("id")) if err != nil { c.JSON(200, tools.ResponseError{ @@ -185,6 +190,13 @@ func UserInfo(c *gin.Context) { DB.CMember.FindOne(tools.GetContext(), bson.M{"_id": objID}).Decode(&User) User.Device = &DB.SDevice{} + + if user.UserType == "visitor" { + User.Username = "" + User.Password = "" + User.Auth = nil + } + c.JSON(200, tools.ResponseSeccess{ 0, User, @@ -251,6 +263,15 @@ func UpdateUser(c *gin.Context) { _user, _ := c.Get("UserInfo") user := _user.(*DB.SMember) + err := Auth.CheckUserAuth(c.PostForm("id"), user) + if err != nil { + c.JSON(200, tools.ResponseError{ + 401, + "没有权限", + }) + return + } + if c.PostForm("id") != user.Id.Hex() { c.JSON(200, tools.ResponseError{ 401, @@ -288,7 +309,7 @@ func UpdateUser(c *gin.Context) { } objID, _ := primitive.ObjectIDFromHex(c.PostForm("id")) - _, err := DB.CMember.UpdateOne(tools.GetContext(), + _, err = DB.CMember.UpdateOne(tools.GetContext(), bson.M{"_id": objID}, bson.M{"$set": bson.M{ "Birthday": c.PostForm("Birthday"), @@ -329,9 +350,12 @@ func RemoveUser(c *gin.Context) { c.Header("Access-Control-Allow-Origin", c.Request.Header.Get("Origin")) c.Header("Access-Control-Allow-Credentials", "true") + _user, _ := c.Get("UserInfo") user := _user.(*DB.SMember) - if c.PostForm("id") != user.Id.Hex() { + + err := Auth.CheckUserAuth(c.PostForm("id"), user) + if err != nil { c.JSON(200, tools.ResponseError{ 401, "没有权限", diff --git a/Lib/Auth/Auth.go b/Lib/Auth/Auth.go index 367bdbb..32c116d 100644 --- a/Lib/Auth/Auth.go +++ b/Lib/Auth/Auth.go @@ -4,6 +4,7 @@ import ( "github.com/aarongao/tools" "github.com/gin-gonic/gin" "github.com/pkg/errors" + "go.mongodb.org/mongo-driver/bson/primitive" "letu/DB" "letu/Lib/JWT" ) @@ -31,7 +32,6 @@ func Modules(c *gin.Context) { 0, rs, }) - } // 检查基础权限 @@ -53,6 +53,13 @@ func CheckAuthFunc(handFunc func(c *gin.Context), auth *DB.SModel) func(c *gin.C if token == "" { token = c.Request.Header.Get("Token") } + if token == "" { + c.JSON(200, tools.ResponseError{ + 1, + "缺少Token", + }) + return + } // 解析token user, err := JWT.ParseToken(token) @@ -89,6 +96,11 @@ func CheckScenicAuth(ScenicId string, user *DB.SMember) error { return errors.New("景区id不能为空") } + _, err := primitive.ObjectIDFromHex(ScenicId) + if err != nil { + return errors.New("景区id格式不正确") + } + if user.UserType == "operator" { if user.ScenicId != ScenicId { return errors.New("权限不正确(需要正确的Token和ScenicId)") @@ -96,3 +108,23 @@ func CheckScenicAuth(ScenicId string, user *DB.SMember) error { } return nil } + +func CheckUserAuth(UserId string, user *DB.SMember) error { + + if UserId == "" { + return errors.New("用户id不能为空") + } + + _, err := primitive.ObjectIDFromHex(UserId) + if err != nil { + return errors.New("用户id格式不正确") + } + + if user.UserType == "visitor" { + if UserId != user.Id.Hex() { + return errors.New("权限不正确(需要正确的Token和UserId)") + } + } + + return nil +} diff --git a/Version.md b/Version.md index 6f3c07c..5d508b2 100644 --- a/Version.md +++ b/Version.md @@ -6,8 +6,19 @@ ##### 变更说明: -1. /UserInfo接口增加权限验证(需要携带Token),区分游客和操作员 -2. +1. /UserInfo接口增加权限验证(需要携带Token),游客只能查询自己信息,操作员可查询所有。 + +2. /SystemInfo 新增系统信息接口 + + ``` + { + "errcode": 0, + "result": { + "UpdateLocationInterval": 30,//上报位置时间间隔(秒) + "Version": "v1.1"//最新版本号 + } + } + ``` ##### 发布流程: diff --git a/main.go b/main.go index d3d9145..340d827 100644 --- a/main.go +++ b/main.go @@ -114,7 +114,7 @@ func main() { //InitController("/CreateUser", Api.CreateUser) InitController("POST", "/LoginUser", Api.LoginUser, &DB.SModel{}) InitController("POST", "/UpdateUser", Api.UpdateUser, &DB.SModel{"用户管理", "修改"}) - InitController("GET", "/UserInfo", Api.UserInfo, &DB.SModel{}) + InitController("GET", "/UserInfo", Api.UserInfo, &DB.SModel{"用户管理", "查看单条"}) InitController("GET", "/ScenicInfo", Api.ScenicInfo, &DB.SModel{}) InitController("GET", "/LineInfo", Api.LineInfo, &DB.SModel{}) InitController("GET", "/AllTag", Api.AllTag, &DB.SModel{}) @@ -151,6 +151,7 @@ func main() { InitController("POST", "/LoginOperator", Api.LoginOperator, &DB.SModel{}) InitController("POST", "/UpdateOperator", Api.UpdateOperator, &DB.SModel{"操作员管理", "增加和修改"}) InitController("GET", "/AllOperator", Api.AllOperator, &DB.SModel{"操作员管理", "查看所有"}) + InitController("GET", "/SystemInfo", Api.SystemInfo, &DB.SModel{}) Gin.GET("/AllModules", Auth.Modules) //InitController("/ws", Api.WsPage) -- libgit2 0.21.0