authorization-service/handler/admin_common.go

package handler

import (
	"context"
	"fmt"
	"github.com/sirupsen/logrus"
	"go-micro.dev/v4/auth"
	"go-micro.dev/v4/metadata"
	"golang.org/x/crypto/bcrypt"
	"sghgogs.com/sghblog/authorization-service/domain/service"
	pb "sghgogs.com/sghblog/authorization-service/proto"
	"sghgogs.com/sghblog/authorization-service/utils/authutil"
	"sghgogs.com/sghblog/common"
	"sghgogs.com/sghblog/common/errorcode"
	"strconv"
	"strings"
	"time"
)

type AdminCommon struct {
	Service service.IService
}

func ConvertTimeToInt64(t time.Time) int64 {
	return t.Unix()
}

// checkPasswordHash 验证用户输入的密码是否与存储的哈希值匹配
func checkPasswordHash(password, hash string) bool {
	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
	return err == nil
}
func (svc *AdminCommon) AdminLogin(ctx context.Context, loginUser *pb.AdminLoginRequest, rsp *pb.AdminLoginResponse) error {
	// 1. 查询
	if user, uErr := svc.Service.AdminLogin(loginUser.Username, loginUser.Password); uErr != nil {
		return uErr
	} else {
		rsp.User = &user
		md := map[string]string{}
		md["username"] = user.Username
		md["user_id"] = fmt.Sprintf("%d", user.Id)
		md["phone_number"] = user.PhoneNumber
		md["password"] = loginUser.Password
		var roles []string
		for _, role := range user.Roles {
			roles = append(roles, strings.ToLower(role.Key))
		}
		generate, err := authutil.JWTAuthService.GenerateToken(
			user.Id,
			"system",
			"user",
			loginUser.Password,
			roles,
			md,
		)
		if err != nil {
			return errorcode.BadRequest("authorization service", common.ErrorMessage[common.FailedToGenerateTokenErrorCode])
		}
		token, err := authutil.JWTAuthService.Token(user.Id, generate.Secret)
		if err != nil {
			return errorcode.BadRequest("authorization service", common.ErrorMessage[common.FailedToGenerateTokenErrorCode])
		}
		if err = authutil.JWTAuthService.StoreToken(ctx, user.Id, user.Username, token.AccessToken); err != nil {
			return errorcode.BadRequest("authorization service", common.ErrorMessage[common.FailedToStoreTokenErrorCode])
		}
		rsp.Token = token.AccessToken
	}
	return nil
}

func (svc *AdminCommon) AdminLogout(ctx context.Context, logoutRequest *pb.AdminLogoutRequest, rsp *pb.AdminLogoutResponse) error {
	md, b := metadata.FromContext(ctx)
	if !b {
		return errorcode.Unauthorized("authorization service", common.ErrorMessage[common.UnauthorizedErrorCode])
	}
	authHeader, ok := md["Authorization"]

	if !ok || !strings.HasPrefix(authHeader, auth.BearerScheme) {
		logrus.Error("no auth token provided")
		return errorcode.Unauthorized("authorization service", common.ErrorMessage[common.UnauthorizedErrorCode])
	}

	// Extract auth token.
	token := strings.TrimPrefix(authHeader, auth.BearerScheme)

	token = strings.TrimSpace(token)
	if err := authutil.JWTAuthService.Blacklist(token); err != nil {
		return errorcode.Unauthorized("authorization service", common.ErrorMessage[common.FailedRedisInternalServerErrorCode])
	}
	return nil
}

func (svc *AdminCommon) AdminProfile(ctx context.Context, profileRequest *pb.AdminProfileRequest, rsp *pb.AdminProfileResponse) error {
	md, b := metadata.FromContext(ctx)
	if !b {
		return errorcode.Unauthorized("authorization service", common.ErrorMessage[common.UnauthorizedErrorCode])
		// errors.New("no metadata found")
	}
	authHeader, ok := md["Authorization"]

	if !ok || !strings.HasPrefix(authHeader, auth.BearerScheme) {
		logrus.Error("no auth token provided")
		return errorcode.Unauthorized("authorization service", common.ErrorMessage[common.UnauthorizedErrorCode])
	}

	// Extract auth token.
	token := strings.TrimPrefix(authHeader, auth.BearerScheme)

	token = strings.TrimSpace(token)
	inspect, err := authutil.JWTAuthService.Inspect(token)
	if err != nil {
		return errorcode.Unauthorized("authorization service", common.ErrorMessage[common.TokenInvalidErrorCode])
	}
	if value, ok := inspect.Metadata["user_id"]; ok {
		userId, _ := strconv.ParseInt(value, 10, 64)
		user, err := svc.Service.GetAdminUser(userId)
		if err != nil {
			return err
		}
		rsp.User = user
	}
	return nil
}