|
|
package Sso
|
|
|
|
|
|
import (
|
|
|
"dsBaseWeb/Model"
|
|
|
"dsBaseWeb/Utils/CommonUtil"
|
|
|
"dsBaseWeb/Utils/ConfigUtil"
|
|
|
"dsBaseWeb/Utils/LogUtil"
|
|
|
"dsBaseWeb/Utils/RedisUtil"
|
|
|
"encoding/base64"
|
|
|
"github.com/gin-gonic/gin"
|
|
|
"github.com/valyala/fasthttp"
|
|
|
"net/http"
|
|
|
"strings"
|
|
|
)
|
|
|
|
|
|
//模块的路由配置
|
|
|
func Routers(r *gin.RouterGroup) {
|
|
|
rr := r.Group("/sso")
|
|
|
//配置接口
|
|
|
rr.GET("/CheckSsoCode", CheckSsoCode)
|
|
|
rr.GET("/Logout", Logout)
|
|
|
return
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
功能:清除缓存中的access_token
|
|
|
*/
|
|
|
func Logout(c *gin.Context) {
|
|
|
accessToken := c.Query("access_token")
|
|
|
RedisUtil.DEL(accessToken)
|
|
|
c.JSON(200, Model.Res{
|
|
|
Success: true,
|
|
|
Message: "操作成功!",
|
|
|
})
|
|
|
}
|
|
|
|
|
|
func CheckSsoCode(c *gin.Context) {
|
|
|
//获取统一认证返回的code
|
|
|
code := c.Query("code")
|
|
|
//获取最终访问的地址,并baes64解密
|
|
|
reqCallBackURLBytes, _ := base64.StdEncoding.DecodeString(c.Query("oauth_callback"))
|
|
|
reqCallBackURL := string(reqCallBackURLBytes)
|
|
|
|
|
|
host := c.Request.Host
|
|
|
|
|
|
ssoServer := ""
|
|
|
clientId := ""
|
|
|
clientSecret := ""
|
|
|
redirectURI := ""
|
|
|
|
|
|
ipStart := strings.Split(host, ".")[0]
|
|
|
isIntranetIPBool := false
|
|
|
isIntranetIPArr := strings.Split(ConfigUtil.IntranetIP, ",")
|
|
|
|
|
|
for i := 0; i < len(isIntranetIPArr); i++ {
|
|
|
if ipStart == isIntranetIPArr[i] {
|
|
|
isIntranetIPBool = true
|
|
|
}
|
|
|
}
|
|
|
|
|
|
if isIntranetIPBool { //true为内网
|
|
|
ssoServer = ConfigUtil.SsoServerNw
|
|
|
clientId = ConfigUtil.ClientIdNw
|
|
|
clientSecret = ConfigUtil.ClientSecretNw
|
|
|
redirectURI = ConfigUtil.RedirectURINw
|
|
|
} else {
|
|
|
ssoServer = ConfigUtil.SsoServerWw
|
|
|
clientId = ConfigUtil.ClientIdWw
|
|
|
clientSecret = ConfigUtil.ClientSecretWw
|
|
|
redirectURI = ConfigUtil.RedirectURIWw
|
|
|
}
|
|
|
|
|
|
//拼统一认证验证code接口地址
|
|
|
checkCodeUrl := ssoServer + ConfigUtil.AuthTokenURI
|
|
|
//拼统一认证验证code接口需要的参数
|
|
|
args := &fasthttp.Args{}
|
|
|
args.Add("code", code)
|
|
|
args.Add("client_id", clientId)
|
|
|
args.Add("client_secret", clientSecret)
|
|
|
args.Add("grant_type", ConfigUtil.GrantType)
|
|
|
args.Add("redirect_uri", redirectURI)
|
|
|
|
|
|
//用POST调用统一认证验证code接口
|
|
|
statusCode, resp, err := fasthttp.Post(nil, checkCodeUrl, args)
|
|
|
if err != nil {
|
|
|
LogUtil.Error("错误信息: ", err.Error())
|
|
|
LogUtil.Error("statusCode: ", CommonUtil.ConvertIntToString(statusCode))
|
|
|
return
|
|
|
}
|
|
|
|
|
|
//统一认证返回的信息
|
|
|
respMap := CommonUtil.ConvertJsonStringToMap(string(resp))
|
|
|
|
|
|
if respMap["code"].(float64) != 200 {
|
|
|
LogUtil.Error("错误信息: ", respMap["msg"].(string))
|
|
|
return
|
|
|
}
|
|
|
|
|
|
accessToken := respMap["access_token"].(string)
|
|
|
personId := respMap["person_id"].(string)
|
|
|
identityId := CommonUtil.ConvertInt32ToString(int32(respMap["identity_id"].(float64)))
|
|
|
//生成token,在拦截中会进行校验,防止cookie被篡改
|
|
|
token := CommonUtil.MD5([]byte(personId + "_" + identityId + "_dsideal4r5t6y7u"))
|
|
|
|
|
|
//写cookie
|
|
|
c.SetCookie(ConfigUtil.AccessTokenKey, accessToken, 0, "/", "", false, true)
|
|
|
c.SetCookie("person_id", personId, 0, "/", "", false, true)
|
|
|
c.SetCookie("identity_id", identityId, 0, "/", "", false, true)
|
|
|
c.SetCookie("token", token, 0, "/", "", false, true)
|
|
|
|
|
|
//将返回的access_token写入到redis
|
|
|
RedisUtil.SET(accessToken, "1")
|
|
|
RedisUtil.EXPIRE(accessToken)
|
|
|
|
|
|
//跳转到最终访问的地址
|
|
|
c.Redirect(http.StatusMovedPermanently, reqCallBackURL)
|
|
|
}
|
