package service import ( "baize_scaffold/utm/application/domain/auth" "baize_scaffold/utm/data_loader" "baize_scaffold/utm/tools" "fmt" "git.sxidc.com/go-framework/baize/framework/binding" "git.sxidc.com/go-framework/baize/framework/core/api" "git.sxidc.com/go-framework/baize/framework/core/api/request" "git.sxidc.com/go-framework/baize/framework/core/api/response" "git.sxidc.com/go-framework/baize/framework/core/application" "git.sxidc.com/go-framework/baize/framework/core/domain" "git.sxidc.com/go-framework/baize/framework/core/infrastructure" "github.com/pkg/errors" ) var authService = &AuthService{} type AuthService struct{} func (svc *AuthService) Init(appInstance *application.App) error { svc.root(appInstance) svc.v1(appInstance) return nil } func (svc *AuthService) Destroy() error { return nil } func (svc *AuthService) root(appInstance *application.App) { rootBinder := binding.NewBinder(appInstance.ChooseRouter(api.RouterPrefix, ""), nil) binding.PostBind(rootBinder, &binding.SimpleBindItem[map[string]any]{ Path: "/login", SendResponseFunc: response.SendMapResponse, RequestParams: &auth.LoginJsonBody{}, ServiceFunc: func(c *api.Context, params request.Params, objects []domain.Object, i *infrastructure.Infrastructure) (map[string]any, error) { errResponse := map[string]any{ "token": "", } jsonBody, err := request.ToConcrete[*auth.LoginJsonBody](params) if err != nil { return errResponse, err } user, err := data_loader.GetDataLoader().GetUserByUserNameAndPassword(jsonBody.UserName, jsonBody.Password) if err != nil { return errResponse, err } token, err := tools.NewJWT(user.ID, 0) if err != nil { return errResponse, err } return map[string]any{ "token": token, }, nil }, }) } func (svc *AuthService) v1(appInstance *application.App) { v1Binder := binding.NewBinder(appInstance.ChooseRouter(api.RouterPrefix, "v1"), nil) binding.PostBind(v1Binder, &binding.SimpleBindItem[map[string]any]{ Path: "/auth", SendResponseFunc: response.SendMapResponse, RequestParams: &auth.CheckTokenJsonBody{}, ServiceFunc: func(c *api.Context, params request.Params, objects []domain.Object, i *infrastructure.Infrastructure) (map[string]any, error) { errResponse := map[string]any{ "result": &auth.AuthenticationResult{}, } jsonBody, err := request.ToConcrete[*auth.CheckTokenJsonBody](params) if err != nil { return errResponse, err } valid, userID, err := tools.CheckJWT(jsonBody.Token) if err != nil { return errResponse, err } if !valid { return errResponse, errors.New("token无效") } user, err := data_loader.GetDataLoader().GetUserByID(userID) if err != nil { return errResponse, err } tenant, err := data_loader.GetDataLoader().GetTenantByID(user.CurrentTenantID) if err != nil { return errResponse, err } roles, err := data_loader.GetDataLoader().GetRolesByIDs(user.RoleIDs) if err != nil { return errResponse, err } find := false for _, role := range roles { for _, permission := range role.Permissions { if permission.Resource == jsonBody.Resource && permission.Action == jsonBody.Action { find = true break } } } if !find { return errResponse, errors.New(fmt.Sprintf("用户无权限: Resource: %s, Action: %s", jsonBody.Resource, jsonBody.Action)) } resultRoles := make([]auth.Role, 0) for _, role := range roles { resultRolePermissions := make([]auth.Permission, 0) for _, permission := range role.Permissions { resultRolePermissions = append(resultRolePermissions, auth.Permission{ Resource: permission.Resource, Action: permission.Action, }) } resultRoles = append(resultRoles, auth.Role{ ID: role.ID, Name: role.Name, Permissions: resultRolePermissions, }) } return map[string]any{ "result": &auth.AuthenticationResult{ TenantID: tenant.ID, TenantName: tenant.Name, UserID: user.ID, UserName: user.UserName, Roles: resultRoles, }, }, nil }, }) }