PaymentCenter/app/http/middlewares/base.go

package middlewares

import (
	"PaymentCenter/app/constants/common"
	"PaymentCenter/app/constants/errorcode"
	"PaymentCenter/app/http/controllers"
	"PaymentCenter/app/http/entities/front"
	"PaymentCenter/app/http/requestmapping"
	"PaymentCenter/app/services"
	"PaymentCenter/app/services/thirdpay/api"
	"PaymentCenter/app/utils"
	"PaymentCenter/config"
	"encoding/json"
	"github.com/gin-gonic/gin"
	"strings"
)

func Auth() gin.HandlerFunc {
	return func(c *gin.Context) {
		c.ClientIP()
		var tokens = strings.SplitN(c.GetHeader("Authorization"), " ", 2)
		if len(tokens) != 2 || tokens[0] != "Bearer" {
			controllers.HandCodeRes(c, nil, errorcode.NotLogin)
			c.Abort()
			return
		}
		// 验证token
		token, claims, err := utils.ParseToken(tokens[1])
		if err != nil || !token.Valid {
			controllers.HandCodeRes(c, nil, errorcode.NotAuth)
			c.Abort()
			return
		}
		if err == nil {
			c.Set("userId", claims.Id)
			c.Set("phone", claims.Phone)
			c.Next()
			return
		} else {
			controllers.HandCodeRes(c, nil, errorcode.NotAuth)
			c.Abort()
		}
	}
}

func Cors() gin.HandlerFunc {
	return func(c *gin.Context) {
		c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
		c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
		c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, platform,Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control,token, X-Requested-With")
		c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT, DELETE")

		if c.Request.Method == "OPTIONS" {
			c.AbortWithStatus(204)
			return
		}

		c.Next()
	}
}

func AdminAuth() gin.HandlerFunc {
	return func(c *gin.Context) {
		clientIp := c.ClientIP()
		utils.Log(c, "请求地址clientIp", clientIp, config.GetConf().AdminGate)

		if config.GetConf().Debug == false && !utils.SliceInStr(clientIp, config.GetConf().AdminGate) {
			c.Abort()
			controllers.HandCodeRes(c, nil, errorcode.Forbidden)
			return
		}

		var userName = c.GetHeader("User-Name")
		if userName != "" {
			c.Set(common.ADMIN_USER_NAME, userName)
		}
		var IncludeUsers = c.GetHeader("Include-Users")
		if IncludeUsers != "" {
			c.Set(common.ADMIN_USER_INCLUDEUSERS, IncludeUsers)
		}

		var adminId = c.GetHeader("User-Id")
		// 测试环境直接放行
		if config.GetConf().Debug == true {
			c.Set(common.ADMIN_USER_ID, adminId)
			c.Next()
		} else {
			utils.Log(c, "请求header信息", "adminId="+adminId, "IncludeUsers="+IncludeUsers)
			// 正式环境校验
			if adminId != "" {
				c.Set(common.ADMIN_USER_ID, adminId)
				c.Next()
			} else {
				c.Abort()
				controllers.HandCodeRes(c, nil, errorcode.NotAuth)
				return
			}
		}
	}
}

func ValidateRequest() gin.HandlerFunc {
	return func(c *gin.Context) {
		var path = c.FullPath()
		var handler func() interface{}

		if strings.Index(path, "admin") >= 0 {
			handler = requestmapping.BackendRequestMap[path]
		} else {
			handler = requestmapping.FrontRequestMapBeforeDecrypt[path]
		}
		if handler == nil {
			utils.Log(c, "path", path, "未找到handler")
			controllers.HandCodeRes(c, nil, errorcode.NotFound)
			return
		}
		v := handler()
		msg, err := controllers.GenRequest(c, v)
		if err != nil {
			utils.Log(c, "参数错误", "path=", path, "err=", err.Error(), "msg=", msg)
			controllers.Error(c, errorcode.ParamError, msg...)
			c.Abort()
		}
		c.Set("request", v)

		c.Next()
	}
}

func ValidatePayRequest() gin.HandlerFunc {
	return func(c *gin.Context) {
		var path = c.FullPath()
		var handler func() interface{}
		requestData, err := utils.SonicApiDataToStruct(controllers.GetRequest(c), &front.RequestBody{})
		if err != nil {
			controllers.ApiRes(c, nil, errorcode.ParamError)
			return
		}
		requestDataStruct := requestData.(*front.RequestBody)

		//判断时间
		//now := time.Now().UnixNano() / 1000000
		//if requestDataStruct.Timestamp > now || (config.GetConf().TimeOut != 0 && (now-requestDataStruct.Timestamp) > config.GetConf().TimeOut) {
		//	controllers.ApiRes(c, nil, errorcode.RequestTimeOut)
		//	return
		//}
		//获取app信息
		appCheck := services.GetAppCheck(requestDataStruct.AppId, c.ClientIP())
		//存入请求记录
		if appCheck.Code != errorcode.Success {
			controllers.ApiRes(c, nil, appCheck.Code)
			return
		}
		//解密
		dataByte, errCode := api.DeCrypt(appCheck.App, requestDataStruct.Data, requestDataStruct.Key)
		if errCode != errorcode.Success {
			controllers.ApiRes(c, nil, errCode)
			return
		}
		//记录请求日志
		id, code := services.AddRequestLog(dataByte, c.ClientIP(), path)
		if code != errorcode.Success {
			controllers.ApiRes(c, nil, errCode)
		}
		c.Set("log", id)
		//检查解密后的数据是否与请求一致
		reCheck := appCheck.ReCheckAfterDecrypt(dataByte, requestDataStruct)
		if !reCheck {
			controllers.ApiRes(c, nil, appCheck.GetCode())
			return
		}
		//表单验证
		handler = requestmapping.FrontRequestMap[path]
		v := handler()
		msg, err := controllers.ValidApiData(dataByte, v)
		if err != nil {
			utils.Log(c, "参数错误", "path=", path, "err=", err.Error(), "msg=", msg)
			controllers.ApiRes(c, nil, errorcode.ParamError, msg...)
			c.Abort()
		}
		err = json.Unmarshal(dataByte, &v)
		if err != nil {
			controllers.ApiRes(c, nil, errorcode.Forbidden)
			return
		}
		c.Set("request", v)
		c.Set("appCheckInfo", appCheck)
		c.Next()
	}
}