qiyuesuo-client/auth.go

package qiyuesuosdk

import (
	"strconv"
	"time"

	v2auth_request "git.sxidc.com/student-physical-examination/contract_lock_sdk/model/v2auth/request"
	v2auth_response "git.sxidc.com/student-physical-examination/contract_lock_sdk/model/v2auth/response"
	"git.sxidc.com/student-physical-examination/contract_lock_sdk/model/common"
)

type companyCertPageResp struct {
	apiResponse
	AuthURL string `json:"authurl"`
}

type companyCertStatusResp struct {
	apiResponse
	Result CompanyAuthStatus `json:"result"`
}

type companySealAuthURLResp struct {
	apiResponse
	Result v2auth_response.V2AuthCompanysignsilentUrlResponse `json:"result"`
}

type companyAuthRecordResp struct {
	apiResponse
	Result []common.AuthorizedSealRecordBean `json:"result"`
}

// CompanyCertificationURL 获取法人单位在线认证页 URL。
func (c *Client) CompanyCertificationURL(p OrgCertParams) (string, error) {
	if p.OpenCompanyID == "" || p.Mobile == "" || p.CompanyName == "" || p.Charger == "" {
		return "", ErrInvalidParams
	}
	type reqBody struct {
		Name          string   `json:"name"`
		Charger       string   `json:"charger"`
		Mobile        string   `json:"mobile"`
		OpenCompanyId string   `json:"openCompanyId"`
		Modes         []string `json:"modes"`
		Customer      bool     `json:"customer"`
	}
	fields, err := structFormFields(reqBody{
		Name:          p.CompanyName,
		Charger:       p.Charger,
		Mobile:        p.Mobile,
		OpenCompanyId: p.OpenCompanyID,
		Modes:         []string{"AUTHFILE", "BANKPAY"},
		Customer:      true,
	}, ",")
	if err != nil {
		return "", err
	}
	var resp companyCertPageResp
	err = c.postMultipart("/companyauth/pcpage", fields, "", nil, &resp)
	if err != nil {
		return "", err
	}
	if err = resp.err(); err != nil {
		return "", err
	}
	return resp.AuthURL, nil
}

// CompanyLocateParams 定位契约锁法人单位；与开放平台一致：id > name > registerNo > openCompanyId。
type CompanyLocateParams struct {
	ID            string
	OpenCompanyID string
	Name          string
	RegisterNo    string
}

func (p CompanyLocateParams) toCompanyRequest() (*common.CompanyRequest, error) {
	switch {
	case p.ID != "":
		return &common.CompanyRequest{Id: p.ID}, nil
	case p.Name != "":
		return &common.CompanyRequest{Name: p.Name}, nil
	case p.RegisterNo != "":
		return &common.CompanyRequest{RegisterNo: p.RegisterNo}, nil
	case p.OpenCompanyID != "":
		return &common.CompanyRequest{OpenCompanyId: p.OpenCompanyID}, nil
	default:
		return nil, ErrInvalidParams
	}
}

// CompanyCertificationStatus 按 openCompanyId 查询法人单位认证状态；未注册时 found=false。
func (c *Client) CompanyCertificationStatus(openCompanyID string) (*CompanyAuthStatus, bool, error) {
	return c.CompanyCertificationStatusFor(CompanyLocateParams{OpenCompanyID: openCompanyID})
}

// CompanyCertificationStatusFor 按多种键查询法人单位认证状态。
func (c *Client) CompanyCertificationStatusFor(company CompanyLocateParams) (*CompanyAuthStatus, bool, error) {
	fields, err := company.toStatusFields()
	if err != nil {
		return nil, false, err
	}
	var resp companyCertStatusResp
	err = c.postMultipart("/companyauth/status", fields, "", nil, &resp)
	if err != nil {
		return nil, false, err
	}
	if err = resp.err(); err != nil {
		if resp.Code == 2002002 {
			return nil, false, nil
		}
		return nil, false, err
	}
	return &resp.Result, true, nil
}

func (p CompanyLocateParams) toStatusFields() (map[string]string, error) {
	switch {
	case p.ID != "":
		return map[string]string{"id": p.ID}, nil
	case p.Name != "":
		return map[string]string{"name": p.Name}, nil
	case p.RegisterNo != "":
		return map[string]string{"registerNo": p.RegisterNo}, nil
	case p.OpenCompanyID != "":
		return map[string]string{"openCompanyId": p.OpenCompanyID}, nil
	default:
		return nil, ErrInvalidParams
	}
}

// CompanySealAuthURL 获取机构印章静默授权页；authEnd 为空则默认 1 年。
func (c *Client) CompanySealAuthURL(openCompanyID, adminMobile string, authEnd time.Time) (string, error) {
	return c.CompanySealAuthURLFor(CompanyLocateParams{OpenCompanyID: openCompanyID}, adminMobile, authEnd)
}

// CompanySealAuthURLFor 按法人单位定位参数获取印章静默授权页。
func (c *Client) CompanySealAuthURLFor(company CompanyLocateParams, adminMobile string, authEnd time.Time) (string, error) {
	if adminMobile == "" {
		return "", ErrInvalidParams
	}
	companyReq, err := company.toCompanyRequest()
	if err != nil {
		return "", err
	}
	if authEnd.IsZero() {
		authEnd = time.Now().Add(DefaultCompanySealAuthDuration)
	}
	timeEditable := false
	req := v2auth_request.V2AuthCompanysignsilentUrlRequest{
		SealMultipleRequest: &common.SealMultipleRequest{
			Company: companyReq,
		},
		AuthUser:           &common.SilentUserRequest{Mobile: adminMobile},
		AuthInformation:    []string{"AUTHORIZE_SEAL", "AUTHORIZE_COMPANY_CERTIFICATE"},
		AuthorizedMode:     []string{"FACEAUTH", "PINAUTH"},
		AuthEndDate:        authEnd.Format("2006-01-02"),
		AuthTimeModifiable: &timeEditable,
	}
	var resp companySealAuthURLResp
	if err := c.postJSON("/v2/auth/companysignsilent/url", req, &resp); err != nil {
		return "", err
	}
	if err := resp.err(); err != nil {
		return "", err
	}
	return resp.Result.Url, nil
}

// AuthorizedCompanySeal 静默授权记录中的印章摘要（与签章权限一致，不依赖印章列表查看权限）。
type AuthorizedCompanySeal struct {
	ID            string
	Name          string
	Type          string
	SealAttribute string
}

// ListAuthorizedCompanySeals 查询法人单位静默授权中的印章；status 传 EFFECT 查生效授权。
func (c *Client) ListAuthorizedCompanySeals(company CompanyLocateParams, status string) ([]AuthorizedCompanySeal, error) {
	companyReq, err := company.toCompanyRequest()
	if err != nil {
		return nil, err
	}
	req := v2auth_request.V2AuthSignsilentCompanyRecordRequest{
		AuthCompany: companyReq,
		Status:      status,
	}
	var resp companyAuthRecordResp
	if err := c.postJSON("/v2/auth/signsilent/company/record", req, &resp); err != nil {
		return nil, err
	}
	if err := resp.err(); err != nil {
		return nil, err
	}
	out := make([]AuthorizedCompanySeal, 0, len(resp.Result))
	for _, item := range resp.Result {
		seal := authorizedSealFromRecord(item)
		if seal.ID == "" {
			continue
		}
		out = append(out, seal)
	}
	return out, nil
}

func authorizedSealFromRecord(item common.AuthorizedSealRecordBean) AuthorizedCompanySeal {
	seal := AuthorizedCompanySeal{}
	if item.AuthorizedSealRecord != nil {
		seal.ID = item.AuthorizedSealRecord.SealId
	}
	if item.SealBean != nil {
		if seal.ID == "" && item.SealBean.Id != nil {
			seal.ID = strconv.FormatInt(*item.SealBean.Id, 10)
		}
		seal.Name = item.SealBean.Name
		seal.Type = item.SealBean.Type_
		seal.SealAttribute = item.SealBean.SealAttribute
	}
	return seal
}

// QueryCompanySealAuthRecords 查询机构静默授权记录；status 传 "EFFECT" 查有效授权。
func (c *Client) QueryCompanySealAuthRecords(openCompanyID, status string) ([]AuthRecord, error) {
	return c.queryCompanySealAuthRecordsFor(CompanyLocateParams{OpenCompanyID: openCompanyID}, status)
}

func (c *Client) queryCompanySealAuthRecordsFor(company CompanyLocateParams, status string) ([]AuthRecord, error) {
	companyReq, err := company.toCompanyRequest()
	if err != nil {
		return nil, err
	}
	req := v2auth_request.V2AuthSignsilentCompanyRecordRequest{
		AuthCompany: companyReq,
		Status:      status,
	}
	var resp companyAuthRecordResp
	if err := c.postJSON("/v2/auth/signsilent/company/record", req, &resp); err != nil {
		return nil, err
	}
	if err := resp.err(); err != nil {
		return nil, err
	}
	out := make([]AuthRecord, 0, len(resp.Result))
	for _, item := range resp.Result {
		if item.AuthorizedSealRecord == nil {
			continue
		}
		out = append(out, AuthRecord{
			Status:    item.AuthorizedSealRecord.Status,
			StartTime: item.AuthorizedSealRecord.StartTime,
			EndTime:   item.AuthorizedSealRecord.EndTime,
			AuthScope: item.AuthorizedSealRecord.AuthScope,
		})
	}
	return out, nil
}

// IsCompanySealAuthorized 是否存在有效机构印章静默授权。
func (c *Client) IsCompanySealAuthorized(openCompanyID string) (bool, error) {
	records, err := c.QueryCompanySealAuthRecords(openCompanyID, "EFFECT")
	if err != nil {
		return false, err
	}
	return len(records) > 0, nil
}