package middlewares
import (
"PaymentCenter/app/constants/common"
"PaymentCenter/app/constants/errorcode"
"PaymentCenter/app/constants/pojo"
"PaymentCenter/app/http/controllers"
"PaymentCenter/app/http/entities/front"
"PaymentCenter/app/http/requestmapping"
"PaymentCenter/app/services"
"PaymentCenter/app/services/thirdpay/api"
"PaymentCenter/app/utils"
"PaymentCenter/config"
"encoding/json"
"github.com/bytedance/sonic"
"github.com/gin-gonic/gin"
"io"
"strconv"
"strings"
)
func Auth() gin.HandlerFunc {
return func(c *gin.Context) {
c.ClientIP()
var tokens = strings.SplitN(c.GetHeader("Authorization"), " ", 2)
if len(tokens) != 2 || tokens[0] != "Bearer" {
controllers.HandCodeRes(c, nil, errorcode.NotLogin)
c.Abort()
return
}
// 验证token
token, claims, err := utils.ParseToken(tokens[1])
if err != nil || !token.Valid {
controllers.HandCodeRes(c, nil, errorcode.NotAuth)
c.Abort()
return
}
if err == nil {
c.Set("userId", claims.Id)
c.Set("phone", claims.Phone)
c.Next()
return
} else {
controllers.HandCodeRes(c, nil, errorcode.NotAuth)
c.Abort()
}
}
}
func Cors() gin.HandlerFunc {
return func(c *gin.Context) {
c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, platform,Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control,token, X-Requested-With")
c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT, DELETE")
if c.Request.Method == "OPTIONS" {
c.AbortWithStatus(204)
return
}
c.Next()
}
}
func AdminAuth() gin.HandlerFunc {
return func(c *gin.Context) {
clientIp := c.ClientIP()
utils.Log(c, "请求地址clientIp", clientIp, config.GetConf().AdminGate)
if config.GetConf().Debug == false && !utils.SliceInStr(clientIp, config.GetConf().AdminGate) {
c.Abort()
controllers.HandCodeRes(c, nil, errorcode.Forbidden)
return
}
var userName = c.GetHeader("User-Name")
if userName != "" {
c.Set(common.ADMIN_USER_NAME, userName)
}
var IncludeUsers = c.GetHeader("Include-Users")
if IncludeUsers != "" {
c.Set(common.ADMIN_USER_INCLUDEUSERS, IncludeUsers)
}
var adminId = c.GetHeader("User-Id")
// 测试环境直接放行
if config.GetConf().Debug == true {
c.Set(common.ADMIN_USER_ID, adminId)
c.Next()
} else {
utils.Log(c, "请求header信息", "adminId="+adminId, "IncludeUsers="+IncludeUsers)
// 正式环境校验
if adminId != "" {
c.Set(common.ADMIN_USER_ID, adminId)
c.Next()
} else {
c.Abort()
controllers.HandCodeRes(c, nil, errorcode.NotAuth)
return
}
}
}
}
func ValidateRequest() gin.HandlerFunc {
return func(c *gin.Context) {
var path = c.FullPath()
var handler func() interface{}
var logId int64
if strings.Index(path, "admin") >= 0 {
handler = requestmapping.BackendRequestMap[path]
} else {
handler = requestmapping.FrontRequestMapBeforeDecrypt[path]
}
if handler == nil {
utils.Log(c, "path", path, "未找到handler")
controllers.HandCodeRes(c, nil, errorcode.NotFound)
return
}
v := handler()
msg, err := controllers.GenRequest(c, v)
if err != nil {
utils.Log(c, "参数错误", "path=", path, "err=", err.Error(), "msg=", msg)
controllers.Error(c, errorcode.ParamError, msg...)
c.Abort()
}
c.Set("request", v)
//表单验证
logHandler := requestmapping.FrontRequestMap[path]
if logHandler != nil {
_, isSaveLog := logHandler()
if isSaveLog {
logContent, _ := json.Marshal(v)
//记录请求日志
logId, _ = services.AddRequestLog(logContent, c.ClientIP(), path)
}
c.Set("log", logId)
}
c.Next()
}
}
func ValidatePayRequest() gin.HandlerFunc {
return func(c *gin.Context) {
var (
path = c.FullPath()
code int
logId int64
errCode int
handler func() (interface{}, bool)
requestData front.RequestBody
)
postBody, err := io.ReadAll(c.Request.Body)
if err != nil {
controllers.ApiRes(c, nil, errorcode.ParamError)
}
_err := sonic.Unmarshal(postBody, &requestData)
if _err != nil {
controllers.ApiRes(c, nil, errorcode.ParamError)
return
}
//判断时间
//now := time.Now().UnixNano() / 1000000
//if requestDataStruct.Timestamp > now || (config.GetConf().TimeOut != 0 && (now-requestDataStruct.Timestamp) > config.GetConf().TimeOut) {
// controllers.ApiRes(c, nil, errorcode.RequestTimeOut)
// return
//}
//获取app信息
appCheck := services.GetAppCheck(requestData.AppId, c.ClientIP())
//存入请求记录
if appCheck.Code != errorcode.Success {
controllers.ApiRes(c, nil, appCheck.Code)
return
}
c.Set("appCheckInfo", appCheck)
//解密
if appCheck.App.KeyType != pojo.NO_CRYPT {
postBody, errCode = api.DeCrypt(appCheck.App, requestData.Data, requestData.Key)
if errCode != errorcode.Success {
controllers.ApiRes(c, nil, errCode)
return
}
}
reCheck := appCheck.ReCheckAfterDecrypt(postBody, &requestData)
//检查解密后的数据是否与请求一致
if !reCheck {
controllers.ApiRes(c, nil, appCheck.GetCode())
return
}
//表单验证
handler = requestmapping.FrontRequestMap[path]
v, isSaveLog := handler()
if isSaveLog {
//记录请求日志
logId, code = services.AddRequestLog(postBody, c.ClientIP(), path)
if code != errorcode.Success {
controllers.ApiRes(c, nil, errCode)
}
}
c.Set("log", logId)
msg, err := controllers.ValidApiData(postBody, v)
if err != nil {
utils.Log(c, "参数错误", "path=", path, "err=", err.Error(), "msg=", msg)
controllers.ApiRes(c, nil, errorcode.ParamError, msg...)
return
}
err = json.Unmarshal(postBody, &v)
if err != nil {
controllers.ApiRes(c, nil, errorcode.Forbidden)
return
}
c.Set("request", v)
c.Next()
}
}
func getAppId(postData map[string]interface{}) (appId int64, errCode int) {
var err error
if appIdValue, ok := postData["app_id"]; !ok {
return 0, errorcode.AppIdNotSet
} else {
switch appIdValTyped := appIdValue.(type) {
case float64:
appId = int64(appIdValTyped) // 显式转换
case int:
appId = int64(appIdValTyped) // 显式转换
case string:
// 如果appId是字符串,你可能需要将其解析为整数
// 注意:这里可能会因为格式错误而失败
appId, err = strconv.ParseInt(appIdValTyped, 10, 64)
if err != nil {
return 0, errorcode.InvalidAppIdType
}
default:
return 0, errorcode.InvalidAppIdType
}
}
return appId, errorcode.Success
}