func AuthInterceptor(c *revel.Controller) revel.Result {
// 全部变成首字大写
/*
var controller = strings.Title(c.Name)
var method = strings.Title(c.MethodName)
// 是否需要验证?
if !needValidate(controller, method) {
return nil
}
*/
// 验证是否已登录
// 必须是管理员
if username, ok := c.Session["Username"]; ok && username == configService.GetAdminUsername() {
return nil // 已登录
}
// 没有登录, 判断是否是ajax操作
if c.Request.Header.Get("X-Requested-With") == "XMLHttpRequest" {
re := info.NewRe()
re.Msg = "NOTLOGIN"
return c.RenderJson(re)
}
return c.Redirect("/login")
}
/*
Filter AuthFilter is Revel Filter for JWT Auth Token verification
Register it in the revel.Filters in <APP_PATH>/app/init.go
Add jwt.AuthFilter anywhere deemed appropriate, it must be register after revel.PanicFilter
revel.Filters = []revel.Filter{
revel.PanicFilter,
...
jwt.AuthFilter, // JWT Auth Token verification for Request Paths
...
}
Note: If everything looks good then Claims map made available via c.Args
and can be accessed using c.Args[jwt.TOKEN_CLAIMS_KEY]
*/
func AuthFilter(c *revel.Controller, fc []revel.Filter) {
if !anonymousPaths.MatchString(c.Request.URL.Path) {
token, err := ParseFromRequest(c.Request.Request)
if err == nil && token.Valid && !IsInBlocklist(GetAuthToken(c.Request)) {
c.Args[TOKEN_CLAIMS_KEY] = token.Claims
fc[0](c, fc[1:]) // everything looks good, move on
} else {
if ve, ok := err.(*jwt.ValidationError); ok {
if ve.Errors&jwt.ValidationErrorMalformed != 0 {
revel.ERROR.Println("That's not even a token")
} else if ve.Errors&(jwt.ValidationErrorExpired|jwt.ValidationErrorNotValidYet) != 0 {
revel.ERROR.Println("Timing is everything, Token is either expired or not active yet")
} else {
revel.ERROR.Printf("Couldn't handle this token: %v", err)
}
} else {
revel.ERROR.Printf("Couldn't handle this token: %v", err)
}
c.Response.Status = http.StatusUnauthorized
c.Response.Out.Header().Add("WWW-Authenticate", Realm)
c.Result = c.RenderJson(map[string]string{
"id": "unauthorized",
"message": "Invalid or token is not provided",
})
return
}
}
fc[0](c, fc[1:]) //not applying JWT auth filter due to anonymous path
}
func checkDataTypeParam(c *revel.Controller) revel.Result {
dataType, ok := c.Params.Values["dataType"]
if ok && dataType[0] != "" {
if _, ok := database.SynchronizationTypes[dataType[0]]; !ok {
c.Response.Status = 400
return c.RenderJson("wrong dataType attribute")
}
return nil
}
c.Response.Status = 400
return c.RenderJson("mandatory parameter dataType is not present")
}
func returnMessage(c *revel.Controller, message interface{}, err error) revel.Result {
result := &opResult{}
if err != nil {
result.Result = Error
result.Message = err.Error()
revel.WARN.Fatalln(err)
} else {
result.Result = Success
result.Message = message
}
return c.RenderJson(result)
}
// 这里得到token, 若不是login, logout等公用操作, 必须验证是否已登录
func AuthInterceptor(c *revel.Controller) revel.Result {
// 得到token /api/user/info?userId=xxx&token=xxxxx
token := c.Params.Values.Get("token")
noToken := false
if token == "" {
// 若无, 则取sessionId
token = c.Session.Id()
noToken = true
}
c.Session["_token"] = token
// 全部变成首字大写
var controller = strings.Title(c.Name)
var method = strings.Title(c.MethodName)
// 验证是否已登录
// 通过sessionService判断该token下是否有userId, 并返回userId
userId := sessionService.GetUserId(token)
if noToken && userId == "" {
// 从session中获取, api/file/getImage, api/file/getAttach, api/file/getAllAttach
// 客户端
userId, _ = c.Session["UserId"]
}
c.Session["_userId"] = userId
// 是否需要验证?
if !needValidate(controller, method) {
return nil
}
if userId != "" {
return nil // 已登录
}
// 没有登录, 返回错误的信息, 需要登录
re := info.NewApiRe()
re.Msg = "NOTLOGIN"
return c.RenderJson(re)
}
func GetGridJson(c *revel.Controller, count int, data interface{}) revel.Result {
json := &GridJson{count, data}
return c.RenderJson(json)
}