|
|
package Handler
|
|
|
|
|
|
import (
|
|
|
"bufio"
|
|
|
"dsBaseWeb/Utils/CommonUtil"
|
|
|
"dsBaseWeb/Utils/ConfigUtil"
|
|
|
"dsBaseWeb/Utils/RedisUtil"
|
|
|
"encoding/base64"
|
|
|
"fmt"
|
|
|
"github.com/gin-gonic/gin"
|
|
|
"io"
|
|
|
"net/http"
|
|
|
"os"
|
|
|
"strings"
|
|
|
)
|
|
|
|
|
|
var WhiteArray []string
|
|
|
|
|
|
// 初始化白名单
|
|
|
func init() {
|
|
|
configIniFile := "./Config/White.txt"
|
|
|
if !CommonUtil.Exists(configIniFile) {
|
|
|
configIniFile = "/usr/local/dsMin/dsBaseWeb/Config/White.txt"
|
|
|
}
|
|
|
f, err := os.Open(configIniFile)
|
|
|
if err != nil {
|
|
|
fmt.Println("没有找到白名单文件!")
|
|
|
}
|
|
|
buf := bufio.NewReader(f)
|
|
|
for {
|
|
|
line, err := buf.ReadString('\n')
|
|
|
line = strings.TrimSpace(line)
|
|
|
if strings.Index(line, "#") < 0 && len(line) > 0 {
|
|
|
WhiteArray = append(WhiteArray, line)
|
|
|
}
|
|
|
if err != nil || io.EOF == err {
|
|
|
break
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
|
|
|
func SsoHandler() gin.HandlerFunc {
|
|
|
return func(c *gin.Context) {
|
|
|
//写入浏览器ID
|
|
|
if cookie, err := c.Request.Cookie("browser_id"); err == nil {
|
|
|
value := cookie.Value
|
|
|
if len(value) == 0 {
|
|
|
cookie.Value = CommonUtil.GetUUID()
|
|
|
}
|
|
|
c.SetCookie("browser_id", CommonUtil.GetUUID(), 0, "/", "", false, true)
|
|
|
}
|
|
|
//获取访问的完整地址(包括参数)
|
|
|
requestUri := c.Request.RequestURI
|
|
|
host := c.Request.Host
|
|
|
|
|
|
ipStart := strings.Split(host, ".")[0]
|
|
|
isIntranetIP := strings.Index(ConfigUtil.IntranetIP, ipStart)
|
|
|
|
|
|
//白名单中的放行
|
|
|
for i := 0; i < len(WhiteArray); i++ {
|
|
|
if strings.Index(c.Request.RequestURI, WhiteArray[i]) >= 0 {
|
|
|
//放行~
|
|
|
c.Next()
|
|
|
return
|
|
|
}
|
|
|
}
|
|
|
|
|
|
//是否需要跳转到统一认证中心,默认为true需要
|
|
|
needLoginFlag := true
|
|
|
|
|
|
ssoServer := ""
|
|
|
clientId := ""
|
|
|
redirectURI := ""
|
|
|
|
|
|
//从配置文件中获取统一认证的服务器地址
|
|
|
if isIntranetIP < 0 { //小于0说明是外网
|
|
|
ssoServer = ConfigUtil.SsoServerWw
|
|
|
clientId = ConfigUtil.ClientIdWw
|
|
|
redirectURI = ConfigUtil.RedirectURIWw
|
|
|
} else {
|
|
|
ssoServer = ConfigUtil.SsoServerNw
|
|
|
clientId = ConfigUtil.ClientIdNw
|
|
|
redirectURI = ConfigUtil.RedirectURINw
|
|
|
}
|
|
|
|
|
|
authCodeURI := ConfigUtil.AuthCodeURI
|
|
|
responseType := ConfigUtil.ResponseType
|
|
|
|
|
|
//获取cookie中的access_token
|
|
|
cookieAccessToken, _ := c.Request.Cookie(ConfigUtil.AccessTokenKey)
|
|
|
cookiePersonId, _ := c.Request.Cookie("person_id")
|
|
|
cookieIdentityId, _ := c.Request.Cookie("identity_id")
|
|
|
cookieToken, _ := c.Request.Cookie("token")
|
|
|
//判断cookie是否存在
|
|
|
if cookieAccessToken != nil && cookiePersonId != nil && cookieIdentityId != nil && cookieToken != nil {
|
|
|
//token
|
|
|
token := CommonUtil.MD5([]byte(cookiePersonId.Value + "_" + cookieIdentityId.Value + "_dsideal4r5t6y7u"))
|
|
|
//如果现算的token和cookie中的token一样,说明person_id和identity_id没有被篡改
|
|
|
if token == cookieToken.Value {
|
|
|
//将cookie中的access_token到缓存中看是否存在
|
|
|
cacheExists, _ := RedisUtil.EXISTS(cookieAccessToken.Value)
|
|
|
if cacheExists {
|
|
|
needLoginFlag = false
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
|
|
|
//needLoginFlag为true说明需要跳转到统一认证,否则通过
|
|
|
if needLoginFlag {
|
|
|
c.Abort()
|
|
|
|
|
|
//将访问的全整路径进行base64加码
|
|
|
oauthCallback := base64.StdEncoding.EncodeToString([]byte("http://" + host + requestUri))
|
|
|
loginUrl := ssoServer + authCodeURI + "?client_id=" + clientId + "&redirect_uri=" + redirectURI + "&response_type=" + responseType + "&oauth_callback=" + oauthCallback + "&device_id=1"
|
|
|
c.Redirect(http.StatusMovedPermanently, loginUrl)
|
|
|
return
|
|
|
} else {
|
|
|
c.Next()
|
|
|
return
|
|
|
}
|
|
|
}
|
|
|
}
|
