first commit

internal/router/manage/oauth/oauth.go

@@ -0,0 +1,144 @@
+package oauth
+
+import (
+	"encoding/json"
+	"net/http"
+	"strings"
+	"time"
+
+	"management/internal/db/model/dto"
+	db "management/internal/db/sqlc"
+	authglobal "management/internal/global/auth"
+	"management/internal/pkg/crypto"
+	"management/internal/pkg/session"
+	captchaservice "management/internal/service/captcha"
+	systemservice "management/internal/service/system"
+	"management/internal/tpl"
+
+	"github.com/zhang2092/browser"
+)
+
+func Login(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	var user dto.AuthorizeUser
+	u := session.GetBytes(ctx, authglobal.StoreName)
+	if err := json.Unmarshal(u, &user); err == nil {
+		// 判断租户是否一致, 一致则刷新令牌，跳转到首页
+		if err := session.RenewToken(ctx); err == nil {
+			session.Put(ctx, authglobal.StoreName, u)
+			http.Redirect(w, r, "/home.html", http.StatusFound)
+			return
+		}
+	}
+
+	session.Destroy(ctx)
+	tpl.HTML(w, r, "oauth/login.tmpl", nil)
+}
+
+func PostLogin(w http.ResponseWriter, r *http.Request) {
+	email := strings.TrimSpace(r.PostFormValue("email"))
+	password := strings.TrimSpace(r.PostFormValue("password"))
+	captchaID := strings.TrimSpace(r.PostFormValue("captcha_id"))
+	captcha := strings.TrimSpace(r.PostFormValue("captcha"))
+	if len(email) == 0 {
+		tpl.JSON(w, tpl.Response{Success: false, Message: "请填写邮箱"})
+		return
+	}
+	if len(password) == 0 {
+		tpl.JSON(w, tpl.Response{Success: false, Message: "请填写密码"})
+		return
+	}
+	if len(captcha) == 0 {
+		tpl.JSON(w, tpl.Response{Success: false, Message: "请填写验证码"})
+		return
+	}
+	if !captchaservice.Verify(captchaID, captcha, true) {
+		tpl.JSON(w, tpl.Response{Success: false, Message: "验证码错误"})
+		return
+	}
+
+	br, err := browser.NewBrowser(r.Header.Get("User-Agent"))
+	if err != nil {
+		tpl.JSON(w, tpl.Response{Success: false, Message: "平台信息获取错误"})
+		return
+	}
+
+	ctx := r.Context()
+	log := &db.CreateSysUserLoginLogParams{
+		CreatedAt:  time.Now(),
+		Email:      email,
+		IsSuccess:  false,
+		RefererUrl: r.Header.Get("Referer"),
+		Url:        r.URL.RequestURI(),
+		Os:         br.Platform().Name(),
+		Ip:         r.RemoteAddr,
+		Browser:    br.Name(),
+	}
+
+	user, err := systemservice.GetSysUserByEmail(ctx, email)
+	if err != nil {
+		log.Message = err.Error()
+		_ = systemservice.CreateSysUserLoginLog(ctx, log)
+		tpl.JSON(w, tpl.Response{Success: false, Message: err.Error()})
+		return
+	}
+	log.UserUuid = user.Uuid
+	log.Username = user.Username
+
+	err = crypto.BcryptComparePassword(user.HashedPassword, password+user.Salt)
+	if err != nil {
+		log.Message = "compare password failed"
+		_ = systemservice.CreateSysUserLoginLog(ctx, log)
+		tpl.JSON(w, tpl.Response{Success: false, Message: "compare password failed"})
+		return
+	}
+
+	// 登陆成功
+
+	if user.RoleID == 0 {
+		log.Message = "账号没有配置角色, 请联系管理员"
+		_ = systemservice.CreateSysUserLoginLog(ctx, log)
+		tpl.JSON(w, tpl.Response{Success: false, Message: "账号没有配置角色, 请联系管理员"})
+		return
+	}
+
+	sysRole, err := systemservice.GetSysRole(ctx, user.RoleID)
+	if err != nil {
+		log.Message = "账号配置的角色错误, 请联系管理员"
+		_ = systemservice.CreateSysUserLoginLog(ctx, log)
+		tpl.JSON(w, tpl.Response{Success: false, Message: "账号配置的角色错误, 请联系管理员"})
+		return
+	}
+
+	auth := dto.AuthorizeUser{
+		ID:       user.ID,
+		Uuid:     user.Uuid,
+		Email:    user.Email,
+		Username: user.Username,
+		RoleID:   sysRole.ID,
+		RoleName: sysRole.Name,
+		OS:       log.Os,
+		IP:       log.Ip,
+		Browser:  log.Browser,
+	}
+
+	b, err := json.Marshal(auth)
+	if err != nil {
+		log.Message = err.Error()
+		_ = systemservice.CreateSysUserLoginLog(ctx, log)
+		tpl.JSON(w, tpl.Response{Success: false, Message: err.Error()})
+		return
+	}
+
+	session.Put(ctx, authglobal.StoreName, b)
+
+	log.IsSuccess = true
+	log.Message = "登陆成功"
+	_ = systemservice.CreateSysUserLoginLog(ctx, log)
+	tpl.JSON(w, tpl.Response{Success: true, Message: "login successful"})
+}
+
+func Logout(w http.ResponseWriter, r *http.Request) {
+	session.Destroy(r.Context())
+	http.Redirect(w, r, "/", http.StatusFound)
+}