loser/JM-WechatMini
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Init

Browse Source
This commit is contained in:
loser
2023-11-02 04:34:46 +08:00
commit c4548fe498
369 changed files with 40208 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
middleware/auth.go Normal file
View File

@@ -0,0 +1,69 @@
package middleware
import (
"git.echol.cn/loser/logger/log"
"github.com/gin-gonic/gin"
r "miniapp/model/common/response"
"miniapp/oauth2"
"strings"
)
// AuthorizeToken 验证OAuth2生成的Token
func AuthorizeToken() gin.HandlerFunc {
return func(ctx *gin.Context) {
// 判断有无token
tokenStr := ctx.GetHeader("Authorization")
if tokenStr == "" || !strings.HasPrefix(tokenStr, "Bearer ") {
r.FailWithMessage("请先登录", ctx)
ctx.Abort()
return
}
// 先取出用户Token
token, err := oauth2.OAuthServer.ValidationBearerToken(ctx.Request)
if err != nil {
log.Errorf("获取Token失败错误%s", err.Error())
r.FailWithMessage("登录已失效或已在其他地方登录", ctx)
ctx.Abort()
return
}
// 把UserId字段反序列化成map
//info := make(map[string]string)
//if err = json.Unmarshal([]byte(token.GetUserID()), &info); err != nil {
// core.R(ctx).FailWithMessageAndCode("Token数据解析失败", http.StatusUnauthorized)
// ctx.Abort()
// return
//}
//go func() {
// // 异步记录用户在线情况,十分钟没操作就是不在线了
// rdsKey := "oauth:online:" + info["userId"]
// global.RedisConn.Set(context.Background(), rdsKey, "1", 10*time.Minute)
//}()
// 判断通过,允许放行
ctx.Request.Header.Add("userId", token.GetUserID())
ctx.Set("userId", token.GetUserID())
ctx.Next()
}
}
// DealLoginUserId 处理登录用户Id
func DealLoginUserId() gin.HandlerFunc {
return func(ctx *gin.Context) {
// 判断有无token
tokenStr := ctx.GetHeader("Authorization")
if tokenStr == "" || !strings.HasPrefix(tokenStr, "Bearer ") {
//ctx.Next()
return
}
// 先取出用户Token
token, err := oauth2.OAuthServer.ValidationBearerToken(ctx.Request)
if err != nil {
//ctx.Next()
return
}
//log.Debugf("本次请求存在正常Token: %v", tokenStr)
// 判断通过,允许放行
ctx.Request.Header.Add("userId", token.GetUserID())
ctx.Set("userId", token.GetUserID())
//ctx.Next()
}
}

38
middleware/casbin_rbac.go Normal file
View File

@@ -0,0 +1,38 @@
package middleware
import (
"strconv"
"strings"
"github.com/gin-gonic/gin"
"miniapp/global"
"miniapp/model/common/response"
"miniapp/service"
"miniapp/utils"
)
var casbinService = service.ServiceGroupApp.SystemServiceGroup.CasbinService
// CasbinHandler 拦截器
func CasbinHandler() gin.HandlerFunc {
return func(c *gin.Context) {
if global.GVA_CONFIG.System.Env != "develop" {
waitUse, _ := utils.GetClaims(c)
//获取请求的PATH
path := c.Request.URL.Path
obj := strings.TrimPrefix(path, global.GVA_CONFIG.System.RouterPrefix)
// 获取请求方法
act := c.Request.Method
// 获取用户的角色
sub := strconv.Itoa(int(waitUse.AuthorityId))
e := casbinService.Casbin() // 判断策略中是否存在
success, _ := e.Enforce(sub, obj, act)
if !success {
response.FailWithDetailed(gin.H{}, "权限不足", c)
c.Abort()
return
}
}
c.Next()
}
}

73
middleware/cors.go Normal file
View File

@@ -0,0 +1,73 @@
package middleware
import (
"github.com/gin-gonic/gin"
"miniapp/config"
"miniapp/global"
"net/http"
)
// Cors 直接放行所有跨域请求并放行所有 OPTIONS 方法
func Cors() gin.HandlerFunc {
return func(c *gin.Context) {
method := c.Request.Method
origin := c.Request.Header.Get("Origin")
c.Header("Access-Control-Allow-Origin", origin)
c.Header("Access-Control-Allow-Headers", "Content-Type,AccessToken,X-CSRF-Token, Authorization, Token,X-Token,X-User-Id")
c.Header("Access-Control-Allow-Methods", "POST, GET, OPTIONS,DELETE,PUT")
c.Header("Access-Control-Expose-Headers", "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type, New-Token, New-Expires-At")
c.Header("Access-Control-Allow-Credentials", "true")
// 放行所有OPTIONS方法
if method == "OPTIONS" {
c.AbortWithStatus(http.StatusNoContent)
}
// 处理请求
c.Next()
}
}
// CorsByRules 按照配置处理跨域请求
func CorsByRules() gin.HandlerFunc {
// 放行全部
if global.GVA_CONFIG.Cors.Mode == "allow-all" {
return Cors()
}
return func(c *gin.Context) {
whitelist := checkCors(c.GetHeader("origin"))
// 通过检查, 添加请求头
if whitelist != nil {
c.Header("Access-Control-Allow-Origin", whitelist.AllowOrigin)
c.Header("Access-Control-Allow-Headers", whitelist.AllowHeaders)
c.Header("Access-Control-Allow-Methods", whitelist.AllowMethods)
c.Header("Access-Control-Expose-Headers", whitelist.ExposeHeaders)
if whitelist.AllowCredentials {
c.Header("Access-Control-Allow-Credentials", "true")
}
}
// 严格白名单模式且未通过检查,直接拒绝处理请求
if whitelist == nil && global.GVA_CONFIG.Cors.Mode == "strict-whitelist" && !(c.Request.Method == "GET" && c.Request.URL.Path == "/health") {
c.AbortWithStatus(http.StatusForbidden)
} else {
// 非严格白名单模式,无论是否通过检查均放行所有 OPTIONS 方法
if c.Request.Method == http.MethodOptions {
c.AbortWithStatus(http.StatusNoContent)
}
}
// 处理请求
c.Next()
}
}
func checkCors(currentOrigin string) *config.CORSWhitelist {
for _, whitelist := range global.GVA_CONFIG.Cors.Whitelist {
// 遍历配置中的跨域头,寻找匹配项
if currentOrigin == whitelist.AllowOrigin {
return &whitelist
}
}
return nil
}

60
middleware/email.go Normal file
View File

@@ -0,0 +1,60 @@
package middleware
import (
"bytes"
"io"
"strconv"
"time"
"miniapp/plugin/email/utils"
utils2 "miniapp/utils"
"github.com/gin-gonic/gin"
"go.uber.org/zap"
"miniapp/global"
"miniapp/model/system"
"miniapp/service"
)
var userService = service.ServiceGroupApp.SystemServiceGroup.UserService
func ErrorToEmail() gin.HandlerFunc {
return func(c *gin.Context) {
var username string
claims, _ := utils2.GetClaims(c)
if claims.Username != "" {
username = claims.Username
} else {
id, _ := strconv.Atoi(c.Request.Header.Get("x-user-id"))
user, err := userService.FindUserById(id)
if err != nil {
username = "Unknown"
}
username = user.Username
}
body, _ := io.ReadAll(c.Request.Body)
// 再重新写回请求体body中ioutil.ReadAll会清空c.Request.Body中的数据
c.Request.Body = io.NopCloser(bytes.NewBuffer(body))
record := system.SysOperationRecord{
Ip: c.ClientIP(),
Method: c.Request.Method,
Path: c.Request.URL.Path,
Agent: c.Request.UserAgent(),
Body: string(body),
}
now := time.Now()
c.Next()
latency := time.Since(now)
status := c.Writer.Status()
record.ErrorMessage = c.Errors.ByType(gin.ErrorTypePrivate).String()
str := "接收到的请求为" + record.Body + "\n" + "请求方式为" + record.Method + "\n" + "报错信息如下" + record.ErrorMessage + "\n" + "耗时" + latency.String() + "\n"
if status != 200 {
subject := username + "" + record.Ip + "调用了" + record.Path + "报错了"
if err := utils.ErrorToEmail(subject, str); err != nil {
global.GVA_LOG.Error("ErrorToEmail Failed, err:", zap.Error(err))
}
}
}
}

61
middleware/error.go Normal file
View File

@@ -0,0 +1,61 @@
package middleware
import (
"net"
"net/http"
"net/http/httputil"
"os"
"runtime/debug"
"strings"
"github.com/gin-gonic/gin"
"go.uber.org/zap"
"miniapp/global"
)
// GinRecovery recover掉项目可能出现的panic并使用zap记录相关日志
func GinRecovery(stack bool) gin.HandlerFunc {
return func(c *gin.Context) {
defer func() {
if err := recover(); err != nil {
// Check for a broken connection, as it is not really a
// condition that warrants a panic stack trace.
var brokenPipe bool
if ne, ok := err.(*net.OpError); ok {
if se, ok := ne.Err.(*os.SyscallError); ok {
if strings.Contains(strings.ToLower(se.Error()), "broken pipe") || strings.Contains(strings.ToLower(se.Error()), "connection reset by peer") {
brokenPipe = true
}
}
}
httpRequest, _ := httputil.DumpRequest(c.Request, false)
if brokenPipe {
global.GVA_LOG.Error(c.Request.URL.Path,
zap.Any("error", err),
zap.String("request", string(httpRequest)),
)
// If the connection is dead, we can't write a status to it.
_ = c.Error(err.(error)) // nolint: errcheck
c.Abort()
return
}
if stack {
global.GVA_LOG.Error("[Recovery from panic]",
zap.Any("error", err),
zap.String("request", string(httpRequest)),
zap.String("stack", string(debug.Stack())),
)
} else {
global.GVA_LOG.Error("[Recovery from panic]",
zap.Any("error", err),
zap.String("request", string(httpRequest)),
)
}
c.AbortWithStatus(http.StatusInternalServerError)
}
}()
c.Next()
}
}

79
middleware/jwt.go Normal file
View File

@@ -0,0 +1,79 @@
package middleware
import (
"errors"
"github.com/golang-jwt/jwt/v4"
"strconv"
"time"
"miniapp/utils"
"miniapp/global"
"miniapp/model/common/response"
"miniapp/model/system"
"miniapp/service"
"github.com/gin-gonic/gin"
"go.uber.org/zap"
)
var jwtService = service.ServiceGroupApp.SystemServiceGroup.JwtService
func JWTAuth() gin.HandlerFunc {
return func(c *gin.Context) {
// 我们这里jwt鉴权取头部信息 x-token 登录时回返回token信息 这里前端需要把token存储到cookie或者本地localStorage中 不过需要跟后端协商过期时间 可以约定刷新令牌或者重新登录
token := c.Request.Header.Get("x-token")
if token == "" {
response.FailWithDetailed(gin.H{"reload": true}, "未登录或非法访问", c)
c.Abort()
return
}
if jwtService.IsBlacklist(token) {
response.FailWithDetailed(gin.H{"reload": true}, "您的帐户异地登陆或令牌失效", c)
c.Abort()
return
}
j := utils.NewJWT()
// parseToken 解析token包含的信息
claims, err := j.ParseToken(token)
if err != nil {
if errors.Is(err, utils.TokenExpired) {
response.FailWithDetailed(gin.H{"reload": true}, "授权已过期", c)
c.Abort()
return
}
response.FailWithDetailed(gin.H{"reload": true}, err.Error(), c)
c.Abort()
return
}
// 已登录用户被管理员禁用 需要使该用户的jwt失效 此处比较消耗性能 如果需要 请自行打开
// 用户被删除的逻辑 需要优化 此处比较消耗性能 如果需要 请自行打开
//if user, err := userService.FindUserByUuid(claims.UUID.String()); err != nil || user.Enable == 2 {
// _ = jwtService.JsonInBlacklist(system.JwtBlacklist{Jwt: token})
// response.FailWithDetailed(gin.H{"reload": true}, err.Error(), c)
// c.Abort()
//}
if claims.ExpiresAt.Unix()-time.Now().Unix() < claims.BufferTime {
dr, _ := utils.ParseDuration(global.GVA_CONFIG.JWT.ExpiresTime)
claims.ExpiresAt = jwt.NewNumericDate(time.Now().Add(dr))
newToken, _ := j.CreateTokenByOldToken(token, *claims)
newClaims, _ := j.ParseToken(newToken)
c.Header("new-token", newToken)
c.Header("new-expires-at", strconv.FormatInt(newClaims.ExpiresAt.Unix(), 10))
if global.GVA_CONFIG.System.UseMultipoint {
RedisJwtToken, err := jwtService.GetRedisJWT(newClaims.Username)
if err != nil {
global.GVA_LOG.Error("get redis jwt failed", zap.Error(err))
} else { // 当之前的取成功时才进行拉黑操作
_ = jwtService.JsonInBlacklist(system.JwtBlacklist{Jwt: RedisJwtToken})
}
// 无论如何都要记录当前的活跃状态
_ = jwtService.SetRedisJWT(newToken, newClaims.Username)
}
}
c.Set("claims", claims)
c.Next()
}
}

92
middleware/limit_ip.go Normal file
View File

@@ -0,0 +1,92 @@
package middleware
import (
"context"
"errors"
"net/http"
"time"
"go.uber.org/zap"
"github.com/gin-gonic/gin"
"miniapp/global"
"miniapp/model/common/response"
)
type LimitConfig struct {
// GenerationKey 根据业务生成key 下面CheckOrMark查询生成
GenerationKey func(c *gin.Context) string
// 检查函数,用户可修改具体逻辑,更加灵活
CheckOrMark func(key string, expire int, limit int) error
// Expire key 过期时间
Expire int
// Limit 周期时间
Limit int
}
func (l LimitConfig) LimitWithTime() gin.HandlerFunc {
return func(c *gin.Context) {
if err := l.CheckOrMark(l.GenerationKey(c), l.Expire, l.Limit); err != nil {
c.JSON(http.StatusOK, gin.H{"code": response.ERROR, "msg": err})
c.Abort()
return
} else {
c.Next()
}
}
}
// DefaultGenerationKey 默认生成key
func DefaultGenerationKey(c *gin.Context) string {
return "GVA_Limit" + c.ClientIP()
}
func DefaultCheckOrMark(key string, expire int, limit int) (err error) {
// 判断是否开启redis
if global.GVA_REDIS == nil {
return err
}
if err = SetLimitWithTime(key, limit, time.Duration(expire)*time.Second); err != nil {
global.GVA_LOG.Error("limit", zap.Error(err))
}
return err
}
func DefaultLimit() gin.HandlerFunc {
return LimitConfig{
GenerationKey: DefaultGenerationKey,
CheckOrMark: DefaultCheckOrMark,
Expire: global.GVA_CONFIG.System.LimitTimeIP,
Limit: global.GVA_CONFIG.System.LimitCountIP,
}.LimitWithTime()
}
// SetLimitWithTime 设置访问次数
func SetLimitWithTime(key string, limit int, expiration time.Duration) error {
count, err := global.GVA_REDIS.Exists(context.Background(), key).Result()
if err != nil {
return err
}
if count == 0 {
pipe := global.GVA_REDIS.TxPipeline()
pipe.Incr(context.Background(), key)
pipe.Expire(context.Background(), key, expiration)
_, err = pipe.Exec(context.Background())
return err
} else {
// 次数
if times, err := global.GVA_REDIS.Get(context.Background(), key).Int(); err != nil {
return err
} else {
if times >= limit {
if t, err := global.GVA_REDIS.PTTL(context.Background(), key).Result(); err != nil {
return errors.New("请求太过频繁,请稍后再试")
} else {
return errors.New("请求太过频繁, 请 " + t.String() + " 秒后尝试")
}
} else {
return global.GVA_REDIS.Incr(context.Background(), key).Err()
}
}
}
}

27
middleware/loadtls.go Normal file
View File

@@ -0,0 +1,27 @@
package middleware
import (
"fmt"
"github.com/gin-gonic/gin"
"github.com/unrolled/secure"
)
// 用https把这个中间件在router里面use一下就好
func LoadTls() gin.HandlerFunc {
return func(c *gin.Context) {
middleware := secure.New(secure.Options{
SSLRedirect: true,
SSLHost: "localhost:443",
})
err := middleware.Process(c.Writer, c.Request)
if err != nil {
// 如果出现错误,请不要继续
fmt.Println(err)
return
}
// 继续往下处理
c.Next()
}
}

89
middleware/logger.go Normal file
View File

@@ -0,0 +1,89 @@
package middleware
import (
"bytes"
"encoding/json"
"fmt"
"io"
"strings"
"time"
"github.com/gin-gonic/gin"
)
// LogLayout 日志layout
type LogLayout struct {
Time time.Time
Metadata map[string]interface{} // 存储自定义原数据
Path string // 访问路径
Query string // 携带query
Body string // 携带body数据
IP string // ip地址
UserAgent string // 代理
Error string // 错误
Cost time.Duration // 花费时间
Source string // 来源
}
type Logger struct {
// Filter 用户自定义过滤
Filter func(c *gin.Context) bool
// FilterKeyword 关键字过滤(key)
FilterKeyword func(layout *LogLayout) bool
// AuthProcess 鉴权处理
AuthProcess func(c *gin.Context, layout *LogLayout)
// 日志处理
Print func(LogLayout)
// Source 服务唯一标识
Source string
}
func (l Logger) SetLoggerMiddleware() gin.HandlerFunc {
return func(c *gin.Context) {
start := time.Now()
path := c.Request.URL.Path
query := c.Request.URL.RawQuery
var body []byte
if l.Filter != nil && !l.Filter(c) {
body, _ = c.GetRawData()
// 将原body塞回去
c.Request.Body = io.NopCloser(bytes.NewBuffer(body))
}
c.Next()
cost := time.Since(start)
layout := LogLayout{
Time: time.Now(),
Path: path,
Query: query,
IP: c.ClientIP(),
UserAgent: c.Request.UserAgent(),
Error: strings.TrimRight(c.Errors.ByType(gin.ErrorTypePrivate).String(), "\n"),
Cost: cost,
Source: l.Source,
}
if l.Filter != nil && !l.Filter(c) {
layout.Body = string(body)
}
if l.AuthProcess != nil {
// 处理鉴权需要的信息
l.AuthProcess(c, &layout)
}
if l.FilterKeyword != nil {
// 自行判断key/value 脱敏等
l.FilterKeyword(&layout)
}
// 自行处理日志
l.Print(layout)
}
}
func DefaultLogger() gin.HandlerFunc {
return Logger{
Print: func(layout LogLayout) {
// 标准输出,k8s做收集
v, _ := json.Marshal(layout)
fmt.Println(string(v))
},
Source: "GVA",
}.SetLoggerMiddleware()
}

136
middleware/operation.go Normal file
View File

@@ -0,0 +1,136 @@
package middleware
import (
"bytes"
"encoding/json"
"io"
"net/http"
"net/url"
"strconv"
"strings"
"sync"
"time"
"miniapp/utils"
"github.com/gin-gonic/gin"
"go.uber.org/zap"
"miniapp/global"
"miniapp/model/system"
"miniapp/service"
)
var operationRecordService = service.ServiceGroupApp.SystemServiceGroup.OperationRecordService
var respPool sync.Pool
var bufferSize = 1024
func init() {
respPool.New = func() interface{} {
return make([]byte, bufferSize)
}
}
func OperationRecord() gin.HandlerFunc {
return func(c *gin.Context) {
var body []byte
var userId int
if c.Request.Method != http.MethodGet {
var err error
body, err = io.ReadAll(c.Request.Body)
if err != nil {
global.GVA_LOG.Error("read body from request error:", zap.Error(err))
} else {
c.Request.Body = io.NopCloser(bytes.NewBuffer(body))
}
} else {
query := c.Request.URL.RawQuery
query, _ = url.QueryUnescape(query)
split := strings.Split(query, "&")
m := make(map[string]string)
for _, v := range split {
kv := strings.Split(v, "=")
if len(kv) == 2 {
m[kv[0]] = kv[1]
}
}
body, _ = json.Marshal(&m)
}
claims, _ := utils.GetClaims(c)
if claims != nil && claims.BaseClaims.ID != 0 {
userId = int(claims.BaseClaims.ID)
} else {
id, err := strconv.Atoi(c.Request.Header.Get("x-user-id"))
if err != nil {
userId = 0
}
userId = id
}
record := system.SysOperationRecord{
Ip: c.ClientIP(),
Method: c.Request.Method,
Path: c.Request.URL.Path,
Agent: c.Request.UserAgent(),
Body: string(body),
UserID: userId,
}
// 上传文件时候 中间件日志进行裁断操作
if strings.Contains(c.GetHeader("Content-Type"), "multipart/form-data") {
if len(record.Body) > bufferSize {
// 截断
newBody := respPool.Get().([]byte)
copy(newBody, record.Body)
record.Body = string(newBody)
defer respPool.Put(newBody)
}
}
writer := responseBodyWriter{
ResponseWriter: c.Writer,
body: &bytes.Buffer{},
}
c.Writer = writer
now := time.Now()
c.Next()
latency := time.Since(now)
record.ErrorMessage = c.Errors.ByType(gin.ErrorTypePrivate).String()
record.Status = c.Writer.Status()
record.Latency = latency
record.Resp = writer.body.String()
if strings.Contains(c.Writer.Header().Get("Pragma"), "public") ||
strings.Contains(c.Writer.Header().Get("Expires"), "0") ||
strings.Contains(c.Writer.Header().Get("Cache-Control"), "must-revalidate, post-check=0, pre-check=0") ||
strings.Contains(c.Writer.Header().Get("Content-Type"), "application/force-download") ||
strings.Contains(c.Writer.Header().Get("Content-Type"), "application/octet-stream") ||
strings.Contains(c.Writer.Header().Get("Content-Type"), "application/vnd.ms-excel") ||
strings.Contains(c.Writer.Header().Get("Content-Type"), "application/download") ||
strings.Contains(c.Writer.Header().Get("Content-Disposition"), "attachment") ||
strings.Contains(c.Writer.Header().Get("Content-Transfer-Encoding"), "binary") {
if len(record.Resp) > bufferSize {
// 截断
newBody := respPool.Get().([]byte)
copy(newBody, record.Resp)
record.Resp = string(newBody)
defer respPool.Put(newBody)
}
}
if err := operationRecordService.CreateSysOperationRecord(record); err != nil {
global.GVA_LOG.Error("create operation record error:", zap.Error(err))
}
}
}
type responseBodyWriter struct {
gin.ResponseWriter
body *bytes.Buffer
}
func (r responseBodyWriter) Write(b []byte) (int, error) {
r.body.Write(b)
return r.ResponseWriter.Write(b)
}