package middlewares import ( "PaymentCenter/app/constants/common" "PaymentCenter/app/constants/errorcode" "PaymentCenter/app/constants/pojo" "PaymentCenter/app/http/controllers" "PaymentCenter/app/http/entities/front" "PaymentCenter/app/http/requestmapping" "PaymentCenter/app/services" "PaymentCenter/app/services/thirdpay/api" "PaymentCenter/app/utils" "PaymentCenter/config" "encoding/json" "github.com/bytedance/sonic" "github.com/gin-gonic/gin" "io" "strconv" "strings" ) func Auth() gin.HandlerFunc { return func(c *gin.Context) { c.ClientIP() var tokens = strings.SplitN(c.GetHeader("Authorization"), " ", 2) if len(tokens) != 2 || tokens[0] != "Bearer" { controllers.HandCodeRes(c, nil, errorcode.NotLogin) c.Abort() return } // 验证token token, claims, err := utils.ParseToken(tokens[1]) if err != nil || !token.Valid { controllers.HandCodeRes(c, nil, errorcode.NotAuth) c.Abort() return } if err == nil { c.Set("userId", claims.Id) c.Set("phone", claims.Phone) c.Next() return } else { controllers.HandCodeRes(c, nil, errorcode.NotAuth) c.Abort() } } } func Cors() gin.HandlerFunc { return func(c *gin.Context) { c.Writer.Header().Set("Access-Control-Allow-Origin", "*") c.Writer.Header().Set("Access-Control-Allow-Credentials", "true") c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, platform,Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control,token, X-Requested-With") c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT, DELETE") if c.Request.Method == "OPTIONS" { c.AbortWithStatus(204) return } c.Next() } } func AdminAuth() gin.HandlerFunc { return func(c *gin.Context) { clientIp := c.ClientIP() utils.Log(c, "请求地址clientIp", clientIp, config.GetConf().AdminGate) if config.GetConf().Debug == false && !utils.SliceInStr(clientIp, config.GetConf().AdminGate) { c.Abort() controllers.HandCodeRes(c, nil, errorcode.Forbidden) return } var userName = c.GetHeader("User-Name") if userName != "" { c.Set(common.ADMIN_USER_NAME, userName) } var IncludeUsers = c.GetHeader("Include-Users") if IncludeUsers != "" { c.Set(common.ADMIN_USER_INCLUDEUSERS, IncludeUsers) } var adminId = c.GetHeader("User-Id") // 测试环境直接放行 if config.GetConf().Debug == true { c.Set(common.ADMIN_USER_ID, adminId) c.Next() } else { utils.Log(c, "请求header信息", "adminId="+adminId, "IncludeUsers="+IncludeUsers) // 正式环境校验 if adminId != "" { c.Set(common.ADMIN_USER_ID, adminId) c.Next() } else { c.Abort() controllers.HandCodeRes(c, nil, errorcode.NotAuth) return } } } } func ValidateRequest() gin.HandlerFunc { return func(c *gin.Context) { var path = c.FullPath() var handler func() interface{} if strings.Index(path, "admin") >= 0 { handler = requestmapping.BackendRequestMap[path] } else { handler = requestmapping.FrontRequestMapBeforeDecrypt[path] } if handler == nil { utils.Log(c, "path", path, "未找到handler") controllers.HandCodeRes(c, nil, errorcode.NotFound) return } v := handler() msg, err := controllers.GenRequest(c, v) if err != nil { utils.Log(c, "参数错误", "path=", path, "err=", err.Error(), "msg=", msg) controllers.Error(c, errorcode.ParamError, msg...) c.Abort() } c.Set("request", v) c.Next() } } func ValidatePayRequest() gin.HandlerFunc { return func(c *gin.Context) { var ( path = c.FullPath() code int logId int64 errCode int handler func() (interface{}, bool) requestData front.RequestBody ) postBody, err := io.ReadAll(c.Request.Body) if err != nil { controllers.ApiRes(c, nil, errorcode.ParamError) } _err := sonic.Unmarshal(postBody, &requestData) if _err != nil { controllers.ApiRes(c, nil, errorcode.ParamError) return } //判断时间 //now := time.Now().UnixNano() / 1000000 //if requestDataStruct.Timestamp > now || (config.GetConf().TimeOut != 0 && (now-requestDataStruct.Timestamp) > config.GetConf().TimeOut) { // controllers.ApiRes(c, nil, errorcode.RequestTimeOut) // return //} //获取app信息 appCheck := services.GetAppCheck(requestData.AppId, c.ClientIP()) //存入请求记录 if appCheck.Code != errorcode.Success { controllers.ApiRes(c, nil, appCheck.Code) return } c.Set("appCheckInfo", appCheck) //解密 if appCheck.App.KeyType != pojo.NO_CRYPT { postBody, errCode = api.DeCrypt(appCheck.App, requestData.Data, requestData.Key) if errCode != errorcode.Success { controllers.ApiRes(c, nil, errCode) return } } reCheck := appCheck.ReCheckAfterDecrypt(postBody, &requestData) //检查解密后的数据是否与请求一致 if !reCheck { controllers.ApiRes(c, nil, appCheck.GetCode()) return } //表单验证 handler = requestmapping.FrontRequestMap[path] v, isSaveLog := handler() if isSaveLog { //记录请求日志 logId, code = services.AddRequestLog(postBody, c.ClientIP(), path) if code != errorcode.Success { controllers.ApiRes(c, nil, errCode) } } c.Set("log", logId) msg, err := controllers.ValidApiData(postBody, v) if err != nil { utils.Log(c, "参数错误", "path=", path, "err=", err.Error(), "msg=", msg) controllers.ApiRes(c, nil, errorcode.ParamError, msg...) return } err = json.Unmarshal(postBody, &v) if err != nil { controllers.ApiRes(c, nil, errorcode.Forbidden) return } c.Set("request", v) c.Next() } } func getAppId(postData map[string]interface{}) (appId int64, errCode int) { var err error if appIdValue, ok := postData["app_id"]; !ok { return 0, errorcode.AppIdNotSet } else { switch appIdValTyped := appIdValue.(type) { case float64: appId = int64(appIdValTyped) // 显式转换 case int: appId = int64(appIdValTyped) // 显式转换 case string: // 如果appId是字符串,你可能需要将其解析为整数 // 注意:这里可能会因为格式错误而失败 appId, err = strconv.ParseInt(appIdValTyped, 10, 64) if err != nil { return 0, errorcode.InvalidAppIdType } default: return 0, errorcode.InvalidAppIdType } } return appId, errorcode.Success }