package Handler import ( "bufio" "dsBaseWeb/Utils/CommonUtil" "dsBaseWeb/Utils/ConfigUtil" "dsBaseWeb/Utils/RedisUtil" "encoding/base64" "fmt" "github.com/gin-gonic/gin" "io" "net/http" "os" "strings" ) var WhiteArray []string // 初始化白名单 func init() { configIniFile := "./Config/White.txt" if !CommonUtil.Exists(configIniFile) { configIniFile = "/usr/local/dsMin/dsBaseWeb/Config/White.txt" } f, err := os.Open(configIniFile) if err != nil { fmt.Println("没有找到白名单文件!") } buf := bufio.NewReader(f) for { line, err := buf.ReadString('\n') line = strings.TrimSpace(line) if strings.Index(line, "#") < 0 && len(line) > 0 { WhiteArray = append(WhiteArray, line) } if err != nil || io.EOF == err { break } } } func SsoHandler() gin.HandlerFunc { return func(c *gin.Context) { //写入浏览器ID if cookie, err := c.Request.Cookie("browser_id"); err == nil { value := cookie.Value if len(value) == 0 { cookie.Value = CommonUtil.GetUUID() } c.SetCookie("browser_id", CommonUtil.GetUUID(), 0, "/", "", false, true) } //获取访问的完整地址(包括参数) requestUri := c.Request.RequestURI host := c.Request.Host //白名单中的放行 //if !strings.HasPrefix(requestUri, "/dsBaseWeb/2019/"){ //对/dsBaseWeb/2019/进行特殊检测,黄海增加于2020-12-17 for i := 0; i < len(WhiteArray); i++ { if strings.Index(c.Request.RequestURI, WhiteArray[i]) >= 0 { //放行~ c.Next() return } } //} //是否需要跳转到统一认证中心,默认为true需要 needLoginFlag := true ssoServer := "" clientId := "" redirectURI := "" ipStart := strings.Split(host, ".")[0] isIntranetIPBool := false isIntranetIPArr := strings.Split(ConfigUtil.IntranetIP, ",") for i := 0; i < len(isIntranetIPArr); i++ { if ipStart == isIntranetIPArr[i] { isIntranetIPBool = true } } //从配置文件中获取统一认证的服务器地址 if isIntranetIPBool { //true为内网 ssoServer = ConfigUtil.SsoServerNw clientId = ConfigUtil.ClientIdNw redirectURI = ConfigUtil.RedirectURINw } else { ssoServer = ConfigUtil.SsoServerWw clientId = ConfigUtil.ClientIdWw redirectURI = ConfigUtil.RedirectURIWw } authCodeURI := ConfigUtil.AuthCodeURI responseType := ConfigUtil.ResponseType //获取cookie中的access_token cookieAccessToken, _ := c.Request.Cookie(ConfigUtil.AccessTokenKey) cookiePersonId, _ := c.Request.Cookie("person_id") cookieIdentityId, _ := c.Request.Cookie("identity_id") cookieToken, _ := c.Request.Cookie("token") //判断cookie是否存在 if cookieAccessToken != nil && cookiePersonId != nil && cookieIdentityId != nil && cookieToken != nil { //token token := CommonUtil.MD5([]byte(cookiePersonId.Value + "_" + cookieIdentityId.Value + "_dsideal4r5t6y7u")) //如果现算的token和cookie中的token一样,说明person_id和identity_id没有被篡改 if token == cookieToken.Value { //将cookie中的access_token到缓存中看是否存在 cacheExists, _ := RedisUtil.EXISTS(cookieAccessToken.Value) if cacheExists { needLoginFlag = false } } } //needLoginFlag为true说明需要跳转到统一认证,否则通过 if needLoginFlag { c.Abort() //将访问的全整路径进行base64加码 oauthCallback := base64.StdEncoding.EncodeToString([]byte("http://" + host + requestUri)) loginUrl := ssoServer + authCodeURI + "?client_id=" + clientId + "&redirect_uri=" + redirectURI + "&response_type=" + responseType + "&oauth_callback=" + oauthCallback + "&device_id=1" c.Redirect(http.StatusMovedPermanently, loginUrl) return } else { c.Next() return } } }