baishaojie
/
kpt_xdmy


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185
							//package jwt
//
//import (
//	//"strings"
//
//	"github.com/dgrijalva/jwt-go"
//	"github.com/gin-gonic/gin"
//	"kpt.xdmy/pkg/e"
//	"kpt.xdmy/pkg/util"
//	jwtGet "kpt.xdmy/pkg/util"
//)
//
//func JWT() gin.HandlerFunc {
//	return func(c *gin.Context) {
//		var code int
//		var data interface{}
//
//		code = e.SUCCESS
//		//Authorization := c.GetHeader("Authorization")
//		//token := strings.Split(Authorization, " ")
//		Authorization := c.GetHeader("token")
//		token := Authorization
//		if Authorization == "" {
//			code = e.INVALID_PARAMS
//		} else {
//			//_, err := util.ParseToken(token[1])
//			_, err := util.ParseToken(token)
//			if err != nil {
//				switch err.(*jwt.ValidationError).Errors {
//				case jwt.ValidationErrorExpired:
//					code = e.ERROR_AUTH_CHECK_TOKEN_TIMEOUT
//				default:
//					code = e.ERROR_AUTH_CHECK_TOKEN_FAIL
//				}
//			}
//		}
//
//		if code != e.SUCCESS {
//			c.JSON(e.SUCCESS, gin.H{
//				"code": code,
//				"msg":  "登录超时",
//				"data": data,
//			})
//
//			c.Abort()
//			return
//		}
//
//		t, _ := jwt.Parse(token, func(*jwt.Token) (interface{}, error) {
//			return jwtGet.JwtSecret, nil
//		})
//		c.Set("jwt_username", jwtGet.GetIdFromClaims("username", t.Claims))
//		c.Next()
//	}
//}

package jwt

import (
	"bytes"
	"encoding/base64"
	"encoding/json"
	"fmt"
	"github.com/astaxie/beego/logs"
	"github.com/dgrijalva/jwt-go"
	"github.com/gin-gonic/gin"
	"github.com/pkg/errors"
	"io/ioutil"
	"kpt.xdmy/pkg/e"
	jwtGet "kpt.xdmy/pkg/util"
	"net/http"
	"strings"

	//"strings"
	"kpt.xdmy/pkg/setting"
)

//var (
//	svc *service.Service
//)

type Introspect struct {
	Active   bool   `json:"active"`
	UserName string `json:"user_name"`
}

func JWT() gin.HandlerFunc {
	if setting.IDaaSSetting.IsDaaS == 1 {
		return func(c *gin.Context) {
			//s := new(service.Service)
			fmt.Println(setting.IDaaSSetting)
			authorization := fmt.Sprintf("Basic %s", base64.StdEncoding.EncodeToString([]byte(setting.IDaaSSetting.ClientId+":"+setting.IDaaSSetting.ClientSecret)))
			fmt.Println(authorization)
			//tokenData := make(map[string]string, 0)
			//tokenData["token"] = c.GetHeader("token")
			//tokenDataByte, _ := json.Marshal(tokenData)
			tokenRespByte, _ := PostPush(setting.IDaaSSetting.Url+fmt.Sprintf("/api/v1/oauth2/introspect?token=%s", c.GetHeader("token")), nil, authorization)
			IntrospectResp := new(Introspect)
			json.Unmarshal(tokenRespByte, &IntrospectResp)

			if !IntrospectResp.Active {
				c.JSON(e.SUCCESS, gin.H{
					"code": e.INVALID_PARAMS,
					"msg":  "登录失效！",
					"data": "",
				})

				c.Abort()
				return
			}

			c.Set("jwt_username", IntrospectResp.UserName)
			c.Next()
		}
	} else {
		return func(c *gin.Context) {
			var code int
			var data interface{}

			code = e.SUCCESS
			//Authorization := c.GetHeader("Authorization")
			//token := strings.Split(Authorization, " ")
			Authorization := c.GetHeader("token")
			token := Authorization
			if Authorization == "" {
				code = e.INVALID_PARAMS
			} else {
				//_, err := util.ParseToken(token[1])
				_, err := jwtGet.ParseToken(token)
				if err != nil {
					switch err.(*jwt.ValidationError).Errors {
					case jwt.ValidationErrorExpired:
						code = e.ERROR_AUTH_CHECK_TOKEN_TIMEOUT
					default:
						code = e.ERROR_AUTH_CHECK_TOKEN_FAIL
					}
				}
			}

			if code != e.SUCCESS {
				c.JSON(e.SUCCESS, gin.H{
					"code": code,
					"msg":  "登录超时",
					"data": data,
				})

				c.Abort()
				return
			}

			t, _ := jwt.Parse(token, func(*jwt.Token) (interface{}, error) {
				return jwtGet.JwtSecret, nil
			})
			c.Set("jwt_username", jwtGet.GetIdFromClaims("username", t.Claims))
			c.Next()
		}
	}
}

func PostPush(url string, data []byte, authorization string) ([]byte, error) {

	req, err := http.NewRequest("POST", url, bytes.NewBuffer(data))
	if err != nil {
		logs.Error(err)
		return nil, err
	}

	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	req.Header.Set("Authorization", authorization)

	client := &http.Client{}
	resp, err := client.Do(req)
	if err != nil {
		logs.Error(err)
		return nil, err
	}

	defer resp.Body.Close()
	body, _ := ioutil.ReadAll(resp.Body)
	fmt.Println(string(body))
	if strings.Index(resp.Status, "200") == -1 {
		return nil, errors.New(fmt.Sprintf("%s 请求失败！", resp.Status))
	}
	return body, nil
}