aarongao / leyoutu_server

Download as
Browse Code »

Commit 025a2fc14ca58f3d827e5f14644b354debc6109b

Authored by aarongao
1 parent b03775ca
Exists in v1.2 and in 1 other branch v1.1

.

Showing 6 changed files with 121 additions and 13 deletions   Show diff stats
API/DealyMessage.go
  Diff comments   View file @025a2fc
@@ -8,6 +8,7 @@ import ( @@ -8,6 +8,7 @@ import (
8 "go.mongodb.org/mongo-driver/bson/primitive" 8 "go.mongodb.org/mongo-driver/bson/primitive"
9 "letu/Config" 9 "letu/Config"
10 "letu/DB" 10 "letu/DB"
  11 + "letu/Lib/Auth"
11 "letu/Lib/DelayMessage" 12 "letu/Lib/DelayMessage"
12 ) 13 )
13 14
@@ -26,7 +27,9 @@ func DealyMessageInfo(c *gin.Context) { @@ -26,7 +27,9 @@ func DealyMessageInfo(c *gin.Context) {
26 27
27 _user, _ := c.Get("UserInfo") 28 _user, _ := c.Get("UserInfo")
28 user := _user.(*DB.SMember) 29 user := _user.(*DB.SMember)
29 - if c.Query("UserId") != user.Id.Hex() { 30 +
  31 + err := Auth.CheckUserAuth(c.Query("UserId"), user)
  32 + if err != nil {
30 c.JSON(200, tools.ResponseError{ 33 c.JSON(200, tools.ResponseError{
31 401, 34 401,
32 "没有权限", 35 "没有权限",
@@ -73,8 +76,10 @@ func CreateDealyMessage(c *gin.Context) { @@ -73,8 +76,10 @@ func CreateDealyMessage(c *gin.Context) {
73 76
74 77
75 _user, _ := c.Get("UserInfo") 78 _user, _ := c.Get("UserInfo")
76 - userToken := _user.(*DB.SMember)  
77 - if c.PostForm("UserId") != userToken.Id.Hex(){ 79 + user := _user.(*DB.SMember)
  80 +
  81 + err := Auth.CheckUserAuth(c.PostForm("UserId"), user)
  82 + if err != nil {
78 c.JSON(200, tools.ResponseError{ 83 c.JSON(200, tools.ResponseError{
79 401, 84 401,
80 "没有权限", 85 "没有权限",
@@ -82,7 +87,7 @@ func CreateDealyMessage(c *gin.Context) { @@ -82,7 +87,7 @@ func CreateDealyMessage(c *gin.Context) {
82 return 87 return
83 } 88 }
84 89
85 - _, err := primitive.ObjectIDFromHex(c.PostForm("UserId")) 90 + _, err = primitive.ObjectIDFromHex(c.PostForm("UserId"))
86 if err != nil { 91 if err != nil {
87 c.JSON(200, tools.ResponseError{ 92 c.JSON(200, tools.ResponseError{
88 1, 93 1,
@@ -124,8 +129,10 @@ func RemoveDealyMessage(c *gin.Context) { @@ -124,8 +129,10 @@ func RemoveDealyMessage(c *gin.Context) {
124 c.Header("Access-Control-Allow-Credentials", "true") 129 c.Header("Access-Control-Allow-Credentials", "true")
125 130
126 _user, _ := c.Get("UserInfo") 131 _user, _ := c.Get("UserInfo")
127 - userToken := _user.(*DB.SMember)  
128 - if c.PostForm("UserId") != userToken.Id.Hex(){ 132 + user := _user.(*DB.SMember)
  133 +
  134 + err := Auth.CheckUserAuth(c.PostForm("UserId"), user)
  135 + if err != nil {
129 c.JSON(200, tools.ResponseError{ 136 c.JSON(200, tools.ResponseError{
130 401, 137 401,
131 "没有权限", 138 "没有权限",
@@ -133,7 +140,7 @@ func RemoveDealyMessage(c *gin.Context) { @@ -133,7 +140,7 @@ func RemoveDealyMessage(c *gin.Context) {
133 return 140 return
134 } 141 }
135 142
136 - _, err := primitive.ObjectIDFromHex(c.PostForm("UserId")) 143 + _, err = primitive.ObjectIDFromHex(c.PostForm("UserId"))
137 if err != nil { 144 if err != nil {
138 c.JSON(200, tools.ResponseError{ 145 c.JSON(200, tools.ResponseError{
139 1, 146 1,
API/SystemInfo.go 0 → 100644
  Diff comments   View file @025a2fc
@@ -0,0 +1,33 @@ @@ -0,0 +1,33 @@
  1 +package Api
  2 +
  3 +import (
  4 + "github.com/aarongao/tools"
  5 + "github.com/gin-gonic/gin"
  6 + "letu/Config"
  7 + "letu/DB"
  8 +)
  9 +
  10 +// @Title 查询系统信息接口
  11 +// @Description 查询系统信息接口
  12 +// @Accept json
  13 +// @Produce json
  14 +// @Success 200 {object} tools.ResponseSeccess "Version=最新版本号UpdateLocationInterval上报位置时间间隔(秒)"
  15 +// @Failure 500 {object} tools.ResponseError "{"errcode":1,"errmsg":"错误原因"}"
  16 +// @Router /SystemInfo? [get]
  17 +func SystemInfo(c *gin.Context) {
  18 + c.Header("Access-Control-Allow-Origin", c.Request.Header.Get("Origin"))
  19 + c.Header("Access-Control-Allow-Credentials", "true")
  20 +
  21 + info := make(map[string]interface{})
  22 + info["Version"] = Config.Info.Version
  23 +
  24 +
  25 + UpdateLocationInterval := DB.Redis.Get("UpdateLocationInterval")
  26 + info["UpdateLocationInterval"] = UpdateLocationInterval
  27 +
  28 + c.JSON(200, tools.ResponseSeccess{
  29 + 0,
  30 + info,
  31 + })
  32 +
  33 +}
@@ -8,6 +8,7 @@ import ( @@ -8,6 +8,7 @@ import (
8 "go.mongodb.org/mongo-driver/bson/primitive" 8 "go.mongodb.org/mongo-driver/bson/primitive"
9 "go.mongodb.org/mongo-driver/mongo/options" 9 "go.mongodb.org/mongo-driver/mongo/options"
10 "letu/DB" 10 "letu/DB"
  11 + "letu/Lib/Auth"
11 "letu/Lib/JWT" 12 "letu/Lib/JWT"
12 "regexp" 13 "regexp"
13 "time" 14 "time"
@@ -165,6 +166,7 @@ func RegisterDevice(c *gin.Context) { @@ -165,6 +166,7 @@ func RegisterDevice(c *gin.Context) {
165 // @Accept json 166 // @Accept json
166 // @Produce json 167 // @Produce json
167 // @Param id aaron string true "用户id" 168 // @Param id aaron string true "用户id"
  169 +// @Param Token wgergejfwe string true "用户token"
168 // @Success 200 {object} tools.ResponseSeccess "{"errcode":0,"result":{"Id":"5e09c64c1c09c6f0f7ca2fa9","Token":"640bf934e425aba5d3c90998b2641f2f0ca07261d334d9615d1cd4790b5f34e7"}}" 170 // @Success 200 {object} tools.ResponseSeccess "{"errcode":0,"result":{"Id":"5e09c64c1c09c6f0f7ca2fa9","Token":"640bf934e425aba5d3c90998b2641f2f0ca07261d334d9615d1cd4790b5f34e7"}}"
169 // @Failure 500 {object} tools.ResponseError "{"errcode":1,"errmsg":"错误原因"}" 171 // @Failure 500 {object} tools.ResponseError "{"errcode":1,"errmsg":"错误原因"}"
170 // @Router /UserInfo? [get] 172 // @Router /UserInfo? [get]
@@ -172,6 +174,9 @@ func UserInfo(c *gin.Context) { @@ -172,6 +174,9 @@ func UserInfo(c *gin.Context) {
172 c.Header("Access-Control-Allow-Origin", c.Request.Header.Get("Origin")) 174 c.Header("Access-Control-Allow-Origin", c.Request.Header.Get("Origin"))
173 c.Header("Access-Control-Allow-Credentials", "true") 175 c.Header("Access-Control-Allow-Credentials", "true")
174 176
  177 + _user, _ := c.Get("UserInfo")
  178 + user := _user.(*DB.SMember)
  179 +
175 objID, err := primitive.ObjectIDFromHex(c.Query("id")) 180 objID, err := primitive.ObjectIDFromHex(c.Query("id"))
176 if err != nil { 181 if err != nil {
177 c.JSON(200, tools.ResponseError{ 182 c.JSON(200, tools.ResponseError{
@@ -185,6 +190,13 @@ func UserInfo(c *gin.Context) { @@ -185,6 +190,13 @@ func UserInfo(c *gin.Context) {
185 DB.CMember.FindOne(tools.GetContext(), bson.M{"_id": objID}).Decode(&User) 190 DB.CMember.FindOne(tools.GetContext(), bson.M{"_id": objID}).Decode(&User)
186 191
187 User.Device = &DB.SDevice{} 192 User.Device = &DB.SDevice{}
  193 +
  194 + if user.UserType == "visitor" {
  195 + User.Username = ""
  196 + User.Password = ""
  197 + User.Auth = nil
  198 + }
  199 +
188 c.JSON(200, tools.ResponseSeccess{ 200 c.JSON(200, tools.ResponseSeccess{
189 0, 201 0,
190 User, 202 User,
@@ -251,6 +263,15 @@ func UpdateUser(c *gin.Context) { @@ -251,6 +263,15 @@ func UpdateUser(c *gin.Context) {
251 _user, _ := c.Get("UserInfo") 263 _user, _ := c.Get("UserInfo")
252 user := _user.(*DB.SMember) 264 user := _user.(*DB.SMember)
253 265
  266 + err := Auth.CheckUserAuth(c.PostForm("id"), user)
  267 + if err != nil {
  268 + c.JSON(200, tools.ResponseError{
  269 + 401,
  270 + "没有权限",
  271 + })
  272 + return
  273 + }
  274 +
254 if c.PostForm("id") != user.Id.Hex() { 275 if c.PostForm("id") != user.Id.Hex() {
255 c.JSON(200, tools.ResponseError{ 276 c.JSON(200, tools.ResponseError{
256 401, 277 401,
@@ -288,7 +309,7 @@ func UpdateUser(c *gin.Context) { @@ -288,7 +309,7 @@ func UpdateUser(c *gin.Context) {
288 } 309 }
289 310
290 objID, _ := primitive.ObjectIDFromHex(c.PostForm("id")) 311 objID, _ := primitive.ObjectIDFromHex(c.PostForm("id"))
291 - _, err := DB.CMember.UpdateOne(tools.GetContext(), 312 + _, err = DB.CMember.UpdateOne(tools.GetContext(),
292 bson.M{"_id": objID}, 313 bson.M{"_id": objID},
293 bson.M{"$set": bson.M{ 314 bson.M{"$set": bson.M{
294 "Birthday": c.PostForm("Birthday"), 315 "Birthday": c.PostForm("Birthday"),
@@ -329,9 +350,12 @@ func RemoveUser(c *gin.Context) { @@ -329,9 +350,12 @@ func RemoveUser(c *gin.Context) {
329 c.Header("Access-Control-Allow-Origin", c.Request.Header.Get("Origin")) 350 c.Header("Access-Control-Allow-Origin", c.Request.Header.Get("Origin"))
330 c.Header("Access-Control-Allow-Credentials", "true") 351 c.Header("Access-Control-Allow-Credentials", "true")
331 352
  353 +
332 _user, _ := c.Get("UserInfo") 354 _user, _ := c.Get("UserInfo")
333 user := _user.(*DB.SMember) 355 user := _user.(*DB.SMember)
334 - if c.PostForm("id") != user.Id.Hex() { 356 +
  357 + err := Auth.CheckUserAuth(c.PostForm("id"), user)
  358 + if err != nil {
335 c.JSON(200, tools.ResponseError{ 359 c.JSON(200, tools.ResponseError{
336 401, 360 401,
337 "没有权限", 361 "没有权限",
Lib/Auth/Auth.go
  Diff comments   View file @025a2fc
@@ -4,6 +4,7 @@ import ( @@ -4,6 +4,7 @@ import (
4 "github.com/aarongao/tools" 4 "github.com/aarongao/tools"
5 "github.com/gin-gonic/gin" 5 "github.com/gin-gonic/gin"
6 "github.com/pkg/errors" 6 "github.com/pkg/errors"
  7 + "go.mongodb.org/mongo-driver/bson/primitive"
7 "letu/DB" 8 "letu/DB"
8 "letu/Lib/JWT" 9 "letu/Lib/JWT"
9 ) 10 )
@@ -31,7 +32,6 @@ func Modules(c *gin.Context) { @@ -31,7 +32,6 @@ func Modules(c *gin.Context) {
31 0, 32 0,
32 rs, 33 rs,
33 }) 34 })
34 -  
35 } 35 }
36 36
37 // 检查基础权限 37 // 检查基础权限
@@ -53,6 +53,13 @@ func CheckAuthFunc(handFunc func(c *gin.Context), auth *DB.SModel) func(c *gin.C @@ -53,6 +53,13 @@ func CheckAuthFunc(handFunc func(c *gin.Context), auth *DB.SModel) func(c *gin.C
53 if token == "" { 53 if token == "" {
54 token = c.Request.Header.Get("Token") 54 token = c.Request.Header.Get("Token")
55 } 55 }
  56 + if token == "" {
  57 + c.JSON(200, tools.ResponseError{
  58 + 1,
  59 + "缺少Token",
  60 + })
  61 + return
  62 + }
56 63
57 // 解析token 64 // 解析token
58 user, err := JWT.ParseToken(token) 65 user, err := JWT.ParseToken(token)
@@ -89,6 +96,11 @@ func CheckScenicAuth(ScenicId string, user *DB.SMember) error { @@ -89,6 +96,11 @@ func CheckScenicAuth(ScenicId string, user *DB.SMember) error {
89 return errors.New("景区id不能为空") 96 return errors.New("景区id不能为空")
90 } 97 }
91 98
  99 + _, err := primitive.ObjectIDFromHex(ScenicId)
  100 + if err != nil {
  101 + return errors.New("景区id格式不正确")
  102 + }
  103 +
92 if user.UserType == "operator" { 104 if user.UserType == "operator" {
93 if user.ScenicId != ScenicId { 105 if user.ScenicId != ScenicId {
94 return errors.New("权限不正确(需要正确的Token和ScenicId)") 106 return errors.New("权限不正确(需要正确的Token和ScenicId)")
@@ -96,3 +108,23 @@ func CheckScenicAuth(ScenicId string, user *DB.SMember) error { @@ -96,3 +108,23 @@ func CheckScenicAuth(ScenicId string, user *DB.SMember) error {
96 } 108 }
97 return nil 109 return nil
98 } 110 }
  111 +
  112 +func CheckUserAuth(UserId string, user *DB.SMember) error {
  113 +
  114 + if UserId == "" {
  115 + return errors.New("用户id不能为空")
  116 + }
  117 +
  118 + _, err := primitive.ObjectIDFromHex(UserId)
  119 + if err != nil {
  120 + return errors.New("用户id格式不正确")
  121 + }
  122 +
  123 + if user.UserType == "visitor" {
  124 + if UserId != user.Id.Hex() {
  125 + return errors.New("权限不正确(需要正确的Token和UserId)")
  126 + }
  127 + }
  128 +
  129 + return nil
  130 +}
@@ -6,8 +6,19 @@ @@ -6,8 +6,19 @@
6 6
7 ##### 变更说明: 7 ##### 变更说明:
8 8
9 -1. /UserInfo接口增加权限验证(需要携带Token),区分游客和操作员  
10 -2. 9 +1. /UserInfo接口增加权限验证(需要携带Token),游客只能查询自己信息,操作员可查询所有。
  10 +
  11 +2. /SystemInfo 新增系统信息接口
  12 +
  13 + ```
  14 + {
  15 + "errcode": 0,
  16 + "result": {
  17 + "UpdateLocationInterval": 30,//上报位置时间间隔(秒)
  18 + "Version": "v1.1"//最新版本号
  19 + }
  20 + }
  21 + ```
11 22
12 ##### 发布流程: 23 ##### 发布流程:
13 24
@@ -114,7 +114,7 @@ func main() { @@ -114,7 +114,7 @@ func main() {
114 //InitController("/CreateUser", Api.CreateUser) 114 //InitController("/CreateUser", Api.CreateUser)
115 InitController("POST", "/LoginUser", Api.LoginUser, &DB.SModel{}) 115 InitController("POST", "/LoginUser", Api.LoginUser, &DB.SModel{})
116 InitController("POST", "/UpdateUser", Api.UpdateUser, &DB.SModel{"用户管理", "修改"}) 116 InitController("POST", "/UpdateUser", Api.UpdateUser, &DB.SModel{"用户管理", "修改"})
117 - InitController("GET", "/UserInfo", Api.UserInfo, &DB.SModel{}) 117 + InitController("GET", "/UserInfo", Api.UserInfo, &DB.SModel{"用户管理", "查看单条"})
118 InitController("GET", "/ScenicInfo", Api.ScenicInfo, &DB.SModel{}) 118 InitController("GET", "/ScenicInfo", Api.ScenicInfo, &DB.SModel{})
119 InitController("GET", "/LineInfo", Api.LineInfo, &DB.SModel{}) 119 InitController("GET", "/LineInfo", Api.LineInfo, &DB.SModel{})
120 InitController("GET", "/AllTag", Api.AllTag, &DB.SModel{}) 120 InitController("GET", "/AllTag", Api.AllTag, &DB.SModel{})
@@ -151,6 +151,7 @@ func main() { @@ -151,6 +151,7 @@ func main() {
151 InitController("POST", "/LoginOperator", Api.LoginOperator, &DB.SModel{}) 151 InitController("POST", "/LoginOperator", Api.LoginOperator, &DB.SModel{})
152 InitController("POST", "/UpdateOperator", Api.UpdateOperator, &DB.SModel{"操作员管理", "增加和修改"}) 152 InitController("POST", "/UpdateOperator", Api.UpdateOperator, &DB.SModel{"操作员管理", "增加和修改"})
153 InitController("GET", "/AllOperator", Api.AllOperator, &DB.SModel{"操作员管理", "查看所有"}) 153 InitController("GET", "/AllOperator", Api.AllOperator, &DB.SModel{"操作员管理", "查看所有"})
  154 + InitController("GET", "/SystemInfo", Api.SystemInfo, &DB.SModel{})
154 Gin.GET("/AllModules", Auth.Modules) 155 Gin.GET("/AllModules", Auth.Modules)
155 //InitController("/ws", Api.WsPage) 156 //InitController("/ws", Api.WsPage)
156 157