package controllers import ( "context" "encoding/json" "errors" "github.com/mindoc-org/mindoc/cache" "github.com/mindoc-org/mindoc/utils/auth2" "github.com/mindoc-org/mindoc/utils/auth2/dingtalk" "github.com/mindoc-org/mindoc/utils/auth2/wecom" "html/template" "math/rand" "net/http" "net/url" "regexp" "strings" "time" "github.com/beego/beego/v2/client/orm" "github.com/beego/beego/v2/core/logs" "github.com/beego/beego/v2/server/web" "github.com/beego/i18n" "github.com/lifei6671/gocaptcha" "github.com/mindoc-org/mindoc/conf" "github.com/mindoc-org/mindoc/mail" "github.com/mindoc-org/mindoc/models" "github.com/mindoc-org/mindoc/utils" ) const ( SessionUserInfoKey = "session-user-info-key" AccessTokenCacheKey = "access-token-cache-key" ) var src = rand.New(rand.NewSource(time.Now().UnixNano())) // AccountController 用户登录与注册 type AccountController struct { BaseController } func (c *AccountController) referer() string { u, _ := url.PathUnescape(c.GetString("url")) if u == "" { u = conf.URLFor("HomeController.Index") } return u } func (c *AccountController) IsInWorkWeixin() bool { ua := c.Ctx.Input.UserAgent() var wechatRule = regexp.MustCompile(`\bMicroMessenger\/\d+(\.\d+)*\b`) var wxworkRule = regexp.MustCompile(`\bwxwork\/\d+(\.\d+)*\b`) return wechatRule.MatchString(ua) && wxworkRule.MatchString(ua) } func (c *AccountController) Prepare() { c.BaseController.Prepare() c.EnableXSRF = web.AppConfig.DefaultBool("enablexsrf", true) c.Data["xsrfdata"] = template.HTML(c.XSRFFormHTML()) c.Data["CanLoginWorkWeixin"] = len(web.AppConfig.DefaultString("workweixin_corpid", "")) > 0 c.Data["CanLoginDingTalk"] = len(web.AppConfig.DefaultString("dingtalk_app_key", "")) > 0 if !c.EnableXSRF { return } if c.Ctx.Input.IsPost() { token := c.Ctx.Input.Query("_xsrf") if token == "" { token = c.Ctx.Request.Header.Get("X-Xsrftoken") } if token == "" { token = c.Ctx.Request.Header.Get("X-Csrftoken") } if token == "" { if c.IsAjax() { c.JsonResult(403, i18n.Tr(c.Lang, "message.illegal_request")) } else { c.ShowErrorPage(403, i18n.Tr(c.Lang, "message.illegal_request")) } } xsrfToken := c.XSRFToken() if xsrfToken != token { if c.IsAjax() { c.JsonResult(403, i18n.Tr(c.Lang, "message.illegal_request")) } else { c.ShowErrorPage(403, i18n.Tr(c.Lang, "message.illegal_request")) } } } } // Login 用户登录 func (c *AccountController) Login() { c.TplName = "account/login.tpl" if member, ok := c.GetSession(conf.LoginSessionName).(models.Member); ok && member.MemberId > 0 { u := c.GetString("url") if u == "" { u = c.Ctx.Request.Header.Get("Referer") } if u == "" { u = conf.URLFor("HomeController.Index") } c.Redirect(u, 302) } var remember CookieRemember // 如果 Cookie 中存在登录信息 if cookie, ok := c.GetSecureCookie(conf.GetAppKey(), "login"); ok { if err := utils.Decode(cookie, &remember); err == nil { if member, err := models.NewMember().Find(remember.MemberId); err == nil { c.SetMember(*member) c.LoggedIn(false) c.StopRun() } } } if c.Ctx.Input.IsPost() { account := c.GetString("account") password := c.GetString("password") captcha := c.GetString("code") isRemember := c.GetString("is_remember") // 如果开启了验证码 if v, ok := c.Option["ENABLED_CAPTCHA"]; ok && strings.EqualFold(v, "true") { v, ok := c.GetSession(conf.CaptchaSessionName).(string) if !ok || !strings.EqualFold(v, captcha) { c.JsonResult(6001, i18n.Tr(c.Lang, "message.captcha_wrong")) } } if account == "" || password == "" { c.JsonResult(6002, i18n.Tr(c.Lang, "message.account_or_password_empty")) } member, err := models.NewMember().Login(account, password) if err == nil { member.LastLoginTime = time.Now() _ = member.Update("last_login_time") c.SetMember(*member) if strings.EqualFold(isRemember, "yes") { remember.MemberId = member.MemberId remember.Account = member.Account remember.Time = time.Now() v, err := utils.Encode(remember) if err == nil { c.SetSecureCookie(conf.GetAppKey(), "login", v, time.Now().Add(time.Hour*24*30).Unix()) } } c.JsonResult(0, "ok", c.referer()) } else { logs.Error("用户登录 ->", err) c.JsonResult(500, i18n.Tr(c.Lang, "message.wrong_account_password"), nil) } return } referer := c.referer() u := c.GetString("url") if u == "" { u = referer if u == "" { u = conf.BaseUrl } } else { var schemaRule = regexp.MustCompile(`^https?\:\/\/`) if !schemaRule.MatchString(u) { u = conf.BaseUrl + u } } c.Data["url"] = referer auth2Redirect := "AccountController.Auth2Redirect" if can, _ := c.Data["CanLoginWorkWeixin"].(bool); can { c.Data["workweixin_login_url"] = conf.URLFor(auth2Redirect, ":app", wecom.AppName, "url", url.PathEscape(u)) } if can, _ := c.Data["CanLoginDingTalk"].(bool); can { c.Data["dingtalk_login_url"] = conf.URLFor(auth2Redirect, ":app", dingtalk.AppName, "url", url.PathEscape(u)) } return } /* Auth2.0 第三方对接思路: 1. Auth2Redirect: 点击相应第三方接口,路由重定向至第三方提供的Auth2.0地址 2. Auth2Callback: 第三方回调处理,接收回调的授权码,并获取用户信息 已绑定: 则读取用户信息,直接登录 未绑定: 则弹窗提示(需要敏感信息) a) Auth2BindAccount: 绑定已有账户(用户名+密码) b) Auth2AutoAccount: 自动创建账户,以第三方用户ID作为用户名,密码123456。 用该方式创建的账户,无法使用账号密码登录,需要修改一次密码后才可以进行账号密码登录。 */ func (c *AccountController) getAuth2Client() (auth2.Client, error) { app := c.Ctx.Input.Param(":app") var client auth2.Client tokenKey := AccessTokenCacheKey + "-" + app switch app { case wecom.AppName: if can, _ := c.Data["CanLoginWorkWeixin"].(bool); !can { return nil, errors.New("auth2.client.wecom.disabled") } corpId, _ := web.AppConfig.String("workweixin_corpid") agentId, _ := web.AppConfig.String("workweixin_agentid") secret, _ := web.AppConfig.String("workweixin_secret") client = wecom.NewClient(corpId, agentId, secret) case dingtalk.AppName: if can, _ := c.Data["CanLoginDingTalk"].(bool); !can { return nil, errors.New("auth2.client.dingtalk.disabled") } appKey, _ := web.AppConfig.String("dingtalk_app_key") appSecret, _ := web.AppConfig.String("dingtalk_app_secret") client = dingtalk.NewClient(appSecret, appKey) default: return nil, errors.New("auth2.client.notsupported") } var tokenCache auth2.AccessTokenCache err := cache.Get(tokenKey, &tokenCache) if err != nil { logs.Info("AccessToken从缓存读取失败") token, err := client.GetAccessToken(context.Background()) if err != nil { return client, nil } tokenCache = auth2.NewAccessToken(token) cache.Put(tokenKey, tokenCache, tokenCache.GetExpireIn()) } // 处理过期Token if tokenCache.IsExpired() { token, err := client.GetAccessToken(context.Background()) if err != nil { return client, nil } tokenCache = auth2.NewAccessToken(token) cache.Put(tokenKey, tokenCache, tokenCache.GetExpireIn()) } client.SetAccessToken(tokenCache) return client, nil } func (c *AccountController) parseAuth2CallbackParam() (code, state string) { switch c.Ctx.Input.Param(":app") { case wecom.AppName: code = c.GetString("code") state = c.GetString("state") case dingtalk.AppName: code = c.GetString("authCode") state = c.GetString("state") } logs.Debug("code: ", code) logs.Debug("state: ", state) return } func (c *AccountController) getAuth2Account() (models.Auth2Account, error) { switch c.Ctx.Input.Param(":app") { case wecom.AppName: return models.NewWorkWeixinAccount(), nil case dingtalk.AppName: return models.NewDingTalkAccount(), nil } return nil, errors.New("auth2.account.notsupported") } // Auth2Redirect 第三方auth2.0登录: 钉钉、企业微信 func (c *AccountController) Auth2Redirect() { client, err := c.getAuth2Client() if err != nil { c.DelSession(conf.LoginSessionName) c.SetMember(models.Member{}) c.SetSecureCookie(conf.GetAppKey(), "login", "", -3600) c.StopRun() return } app := c.Ctx.Input.Param(":app") var isAppBrowser bool switch app { case wecom.AppName: isAppBrowser = c.IsInWorkWeixin() } var callback string u := c.GetString("url") if u == "" { u = c.referer() callback = conf.URLFor("AccountController.Auth2Callback", ":app", app) } if u != "" { var schemaRule = regexp.MustCompile(`^https?\:\/\/`) if !schemaRule.MatchString(u) { u = strings.TrimRight(conf.BaseUrl, "/") + strings.TrimLeft(u, "/") } callback = conf.URLFor("AccountController.Auth2Callback", ":app", app, "url", url.PathEscape(u)) } logs.Debug("callback: ", callback) // debug c.Redirect(client.BuildURL(callback, isAppBrowser), http.StatusFound) } // Auth2Callback 第三方auth2.0回调 func (c *AccountController) Auth2Callback() { client, err := c.getAuth2Client() if err != nil { c.DelSession(conf.LoginSessionName) c.SetMember(models.Member{}) c.SetSecureCookie(conf.GetAppKey(), "login", "", -3600) c.StopRun() logs.Error(err) return } if member, ok := c.GetSession(conf.LoginSessionName).(models.Member); ok && member.MemberId > 0 { u := c.GetString("url") if u == "" { u = c.Ctx.Request.Header.Get("Referer") } if u == "" { u = conf.URLFor("HomeController.Index") } member, err := models.NewMember().Find(member.MemberId) if err != nil { c.DelSession(conf.LoginSessionName) c.SetMember(models.Member{}) c.SetSecureCookie(conf.GetAppKey(), "login", "", -3600) } else { c.SetMember(*member) } c.Redirect(u, 302) } var remember CookieRemember // 如果 Cookie 中存在登录信息 if cookie, ok := c.GetSecureCookie(conf.GetAppKey(), "login"); ok { if err := utils.Decode(cookie, &remember); err == nil { if member, err := models.NewMember().Find(remember.MemberId); err == nil { c.SetMember(*member) c.LoggedIn(false) c.StopRun() } } } c.TplName = "account/auth2_callback.tpl" bindExisted := "false" errMsg := "" userInfoJson := "{}" defer func() { c.Data["bind_existed"] = template.JS(bindExisted) logs.Debug("bind_existed: ", bindExisted) c.Data["error_msg"] = template.JS(errMsg) c.Data["user_info_json"] = template.JS(userInfoJson) c.Data["app"] = template.JS(c.Ctx.Input.Param(":app")) }() // 请求参数获取 code, state := c.parseAuth2CallbackParam() if err := client.ValidateCallback(state); err != nil { c.DelSession(conf.LoginSessionName) c.SetMember(models.Member{}) c.SetSecureCookie(conf.GetAppKey(), "login", "", -3600) errMsg = err.Error() logs.Error(err) return } userInfo, err := client.GetUserInfo(context.Background(), code) if err != nil { c.DelSession(conf.LoginSessionName) c.SetMember(models.Member{}) c.SetSecureCookie(conf.GetAppKey(), "login", "", -3600) errMsg = err.Error() logs.Error(err) return } account, err := c.getAuth2Account() if err != nil { logs.Error("获取Auth2用户失败 ->", err) c.JsonResult(500, "不支持的第三方用户", nil) return } member, err := account.ExistedMember(userInfo.UserId) if err != nil { if err == orm.ErrNoRows { if userInfo.Mobile == "" { errMsg = "请到应用浏览器中登录,并授权获取敏感信息。" } else { jsonInfo, _ := json.Marshal(userInfo) userInfoJson = string(jsonInfo) errMsg = "" c.SetSession(SessionUserInfoKey, userInfo) } } else { logs.Error("Error: ", err) errMsg = "登录错误: " + err.Error() } return } bindExisted = "true" errMsg = "" member.LastLoginTime = time.Now() _ = member.Update("last_login_time") c.SetMember(*member) remember.MemberId = member.MemberId remember.Account = member.Account remember.Time = time.Now() v, err := utils.Encode(remember) if err == nil { c.SetSecureCookie(conf.GetAppKey(), "login", v, time.Now().Add(time.Hour*24*30*5).Unix()) } u := c.GetString("url") if u == "" { u = conf.URLFor("HomeController.Index") } c.Redirect(u, 302) } // Auth2BindAccount 第三方auth2.0绑定已有账号 func (c *AccountController) Auth2BindAccount() { userInfo, ok := c.GetSession(SessionUserInfoKey).(auth2.UserInfo) if !ok || len(userInfo.UserId) <= 0 { c.DelSession(SessionUserInfoKey) c.JsonResult(400, "请求错误, 请从首页重新登录") return } account := c.GetString("account") password := c.GetString("password") if account == "" || password == "" { c.JsonResult(400, "账号或密码不能为空") return } member, err := models.NewMember().Login(account, password) if err != nil { logs.Error("用户登录 ->", err) c.JsonResult(500, "账号或密码错误", nil) return } bindAccount, err := c.getAuth2Account() if err != nil { logs.Error("获取Auth2用户失败 ->", err) c.JsonResult(500, "不支持的第三方用户", nil) return } member.CreateAt = 0 ormer := orm.NewOrm() o, err := ormer.Begin() if err != nil { logs.Error("开启事务时出错 -> ", err) c.JsonResult(500, "开启事务时出错: ", err.Error()) return } if err := bindAccount.AddBind(ormer, userInfo, member); err != nil { logs.Error(err) o.Rollback() c.JsonResult(500, "绑定失败,数据库错误: "+err.Error()) return } // 绑定成功之后修改用户信息 member.LastLoginTime = time.Now() //member.RealName = user_info.Name //member.Avatar = user_info.Avatar if len(member.Avatar) < 1 { member.Avatar = conf.GetDefaultAvatar() } //member.Email = user_info.Email //member.Phone = user_info.Mobile if _, err := ormer.Update(member, "last_login_time", "real_name", "avatar", "email", "phone"); err != nil { o.Rollback() logs.Error("保存用户信息失败=>", err) c.JsonResult(500, "绑定失败,现有账户信息更新失败: "+err.Error()) return } if err := o.Commit(); err != nil { logs.Error("开启事务时出错 -> ", err) c.JsonResult(500, "开启事务时出错: ", err.Error()) return } c.DelSession(SessionUserInfoKey) c.SetMember(*member) var remember CookieRemember remember.MemberId = member.MemberId remember.Account = member.Account remember.Time = time.Now() v, err := utils.Encode(remember) if err != nil { c.JsonResult(500, "绑定成功, 但自动登录失败, 请返回首页重新登录", nil) return } c.SetSecureCookie(conf.GetAppKey(), "login", v, time.Now().Add(time.Hour*24*30*5).Unix()) c.JsonResult(0, "绑定成功", nil) } // Auth2AutoAccount auth2.0自动创建账号 func (c *AccountController) Auth2AutoAccount() { app := c.Ctx.Input.Param(":app") logs.Debug("app: ", app) userInfo, ok := c.GetSession(SessionUserInfoKey).(auth2.UserInfo) if !ok || len(userInfo.UserId) <= 0 { c.DelSession(SessionUserInfoKey) c.JsonResult(400, "请求错误, 请从首页重新登录") return } c.DelSession(SessionUserInfoKey) member := models.NewMember() if _, err := member.FindByAccount(userInfo.UserId); err == nil && member.MemberId > 0 { c.JsonResult(400, "账号已存在") return } ormer := orm.NewOrm() o, err := ormer.Begin() if err != nil { logs.Error("开启事务时出错 -> ", err) c.JsonResult(500, "开启事务时出错: ", err.Error()) return } member.Account = userInfo.UserId member.RealName = userInfo.Name member.Password = "123456" // 强制设置默认密码,需修改一次密码后,才可以进行账号密码登录 hash, err := utils.PasswordHash(member.Password) if err != nil { logs.Error("加密用户密码失败 =>", err) c.JsonResult(500, "加密用户密码失败"+err.Error()) return } logs.Debug("member.Password: ", member.Password) logs.Debug("hash: ", hash) member.Password = hash member.Role = conf.MemberGeneralRole member.Avatar = userInfo.Avatar if len(member.Avatar) < 1 { member.Avatar = conf.GetDefaultAvatar() } member.CreateAt = 0 member.Email = userInfo.Mail member.Phone = userInfo.Mobile member.Status = 0 if _, err = ormer.Insert(member); err != nil { o.Rollback() c.JsonResult(500, "注册失败,数据库错误: "+err.Error()) return } account, err := c.getAuth2Account() if err != nil { logs.Error("获取Auth2用户失败 ->", err) c.JsonResult(500, "不支持的第三方用户", nil) return } member.CreateAt = 0 if err := account.AddBind(ormer, userInfo, member); err != nil { logs.Error(err) o.Rollback() c.JsonResult(500, "注册失败,数据库错误: "+err.Error()) return } if err := o.Commit(); err != nil { logs.Error("提交事务时出错 -> ", err) c.JsonResult(500, "提交事务时出错: ", err.Error()) return } member.LastLoginTime = time.Now() _ = member.Update("last_login_time") c.SetMember(*member) var remember CookieRemember remember.MemberId = member.MemberId remember.Account = member.Account remember.Time = time.Now() v, err := utils.Encode(remember) if err != nil { c.JsonResult(500, "绑定成功, 但自动登录失败, 请返回首页重新登录", nil) return } c.SetSecureCookie(conf.GetAppKey(), "login", v, time.Now().Add(time.Hour*24*30*5).Unix()) c.JsonResult(0, "绑定成功", nil) } // 钉钉登录 //func (c *AccountController) DingTalkLogin() { // code := c.GetString("dingtalk_code") // if code == "" { // c.JsonResult(500, i18n.Tr(c.Lang, "message.failed_obtain_user_info"), nil) // } // // appKey, _ := web.AppConfig.String("dingtalk_app_key") // appSecret, _ := web.AppConfig.String("dingtalk_app_secret") // tmpReader, _ := web.AppConfig.String("dingtalk_tmp_reader") // // if appKey == "" || appSecret == "" || tmpReader == "" { // c.JsonResult(500, i18n.Tr(c.Lang, "message.dingtalk_auto_login_not_enable"), nil) // c.StopRun() // } // // dingtalkAgent := dingtalk.NewDingTalkAgent(appSecret, appKey) // err := dingtalkAgent.GetAccesstoken() // if err != nil { // logs.Warn("获取钉钉临时Token失败 ->", err) // c.JsonResult(500, i18n.Tr(c.Lang, "message.failed_auto_login"), nil) // c.StopRun() // } // // userid, err := dingtalkAgent.GetUserIDByCode(code) // if err != nil { // logs.Warn("获取钉钉用户ID失败 ->", err) // c.JsonResult(500, i18n.Tr(c.Lang, "message.failed_auto_login"), nil) // c.StopRun() // } // // username, avatar, err := dingtalkAgent.GetUserNameAndAvatarByUserID(userid) // if err != nil { // logs.Warn("获取钉钉用户信息失败 ->", err) // c.JsonResult(500, i18n.Tr(c.Lang, "message.failed_auto_login"), nil) // c.StopRun() // } // // member, err := models.NewMember().TmpLogin(tmpReader) // if err == nil { // member.LastLoginTime = time.Now() // _ = member.Update("last_login_time") // member.Account = username // if avatar != "" { // member.Avatar = avatar // } // // c.SetMember(*member) // } // c.JsonResult(0, "ok", username) //} // WorkWeixinLogin 用户企业微信登录 //func (c *AccountController) WorkWeixinLogin() { // logs.Info("UserAgent: ", c.Ctx.Input.UserAgent()) // debug // // if member, ok := c.GetSession(conf.LoginSessionName).(models.Member); ok && member.MemberId > 0 { // u := c.GetString("url") // if u == "" { // u = c.Ctx.Request.Header.Get("Referer") // if u == "" { // u = conf.URLFor("HomeController.Index") // } // } // // session自动登录时刷新session内容 // member, err := models.NewMember().Find(member.MemberId) // if err != nil { // c.DelSession(conf.LoginSessionName) // c.SetMember(models.Member{}) // c.SetSecureCookie(conf.GetAppKey(), "login", "", -3600) // } else { // c.SetMember(*member) // } // c.Redirect(u, 302) // } // var remember CookieRemember // // 如果 Cookie 中存在登录信息 // if cookie, ok := c.GetSecureCookie(conf.GetAppKey(), "login"); ok { // if err := utils.Decode(cookie, &remember); err == nil { // if member, err := models.NewMember().Find(remember.MemberId); err == nil { // c.SetMember(*member) // c.LoggedIn(false) // c.StopRun() // } // } // } // // if c.Ctx.Input.IsPost() { // // account := c.GetString("account") // // password := c.GetString("password") // // captcha := c.GetString("code") // // isRemember := c.GetString("is_remember") // c.JsonResult(400, "request method not allowed", nil) // } else { // var callback_u string // u := c.GetString("url") // if u == "" { // u = c.referer() // } // if u != "" { // var schemaRule = regexp.MustCompile(`^https?\:\/\/`) // if !schemaRule.MatchString(u) { // u = strings.TrimRight(conf.BaseUrl, "/") + strings.TrimLeft(u, "/") // } // } // if u == "" { // callback_u = conf.URLFor("AccountController.WorkWeixinLoginCallback") // } else { // callback_u = conf.URLFor("AccountController.WorkWeixinLoginCallback", "url", url.PathEscape(u)) // } // logs.Info("callback_u: ", callback_u) // debug // // state := "mindoc" // workweixinConf := conf.GetWorkWeixinConfig() // appid := workweixinConf.CorpId // agentid := workweixinConf.AgentId // var redirect_uri string // // isInWorkWeixin := c.IsInWorkWeixin() // c.Data["IsInWorkWeixin"] = isInWorkWeixin // if isInWorkWeixin { // // 企业微信内-网页授权登录 // urlFmt := "%s?appid=%s&agentid=%s&redirect_uri=%s&response_type=code&scope=snsapi_privateinfo&state=%s#wechat_redirect" // redirect_uri = fmt.Sprintf(urlFmt, WorkWeixin_AuthorizeUrlBase, appid, agentid, url.PathEscape(callback_u), state) // } else { // // 浏览器内-扫码授权登录 // urlFmt := "%s?login_type=CorpApp&appid=%s&agentid=%s&redirect_uri=%s&state=%s" // redirect_uri = fmt.Sprintf(urlFmt, WorkWeixin_QRConnectUrlBase, appid, agentid, url.PathEscape(callback_u), state) // } // logs.Info("redirect_uri: ", redirect_uri) // debug // c.Redirect(redirect_uri, 302) // } //} /* 思路: 1. 浏览器打开 用户名+密码 登录 与企业微信没有交集 手机企业微信登录->扫码页面->扫码后获取用户信息, 判断是否绑定了企业微信 已绑定,则读取用户信息,直接登录 未绑定,则弹窗提示[未绑定企业微信,请先在企业微信中打开,完成绑定] 2. 企业微信打开->自动登录->判断是否绑定了企业微信 已绑定,则读取用户信息,直接登录 未绑定,则弹窗提示 是否已有账户(用户名+密码方式) 有: 弹窗输入[用户名+密码+验证码]校验 无: 直接以企业UserId作为用户名(小写),创建随机密码 */ // WorkWeixinLoginCallback 用户企业微信登录-回调 //func (c *AccountController) WorkWeixinLoginCallback() { // c.TplName = "account/auth2_callback.tpl" // // if member, ok := c.GetSession(conf.LoginSessionName).(models.Member); ok && member.MemberId > 0 { // u := c.GetString("url") // if u == "" { // u = c.Ctx.Request.Header.Get("Referer") // } // if u == "" { // u = conf.URLFor("HomeController.Index") // } // member, err := models.NewMember().Find(member.MemberId) // if err != nil { // c.DelSession(conf.LoginSessionName) // c.SetMember(models.Member{}) // c.SetSecureCookie(conf.GetAppKey(), "login", "", -3600) // } else { // c.SetMember(*member) // } // c.Redirect(u, 302) // } // // var remember CookieRemember // // 如果 Cookie 中存在登录信息 // if cookie, ok := c.GetSecureCookie(conf.GetAppKey(), "login"); ok { // if err := utils.Decode(cookie, &remember); err == nil { // if member, err := models.NewMember().Find(remember.MemberId); err == nil { // c.SetMember(*member) // c.LoggedIn(false) // c.StopRun() // } // } // } // // // 请求参数获取 // req_code := c.GetString("code") // logs.Warning("req_code: ", req_code) // req_state := c.GetString("state") // logs.Warning("req_state: ", req_state) // var user_info_json string // var error_msg string // var bind_existed string // if len(req_code) > 0 && req_state == "mindoc" { // // 获取当前应用的access_token // access_token, ok := workweixin.GetAccessToken() // if ok { // logs.Warning("access_token: ", access_token) // // 获取当前请求的userid // user_id, ticket, ok := workweixin.RequestUserId(access_token, req_code) // if ok { // logs.Warning("user_id: ", user_id) // // 查询系统现有数据,是否绑定了当前请求用户的企业微信 // member, err := models.NewWorkWeixinAccount().ExistedMember(user_id) // if err == nil { // member.LastLoginTime = time.Now() // _ = member.Update("last_login_time") // // c.SetMember(*member) // // var remember CookieRemember // remember.MemberId = member.MemberId // remember.Account = member.Account // remember.Time = time.Now() // v, err := utils.Encode(remember) // if err == nil { // c.SetSecureCookie(conf.GetAppKey(), "login", v, time.Now().Add(time.Hour*24*30*5).Unix()) // } // bind_existed = "true" // error_msg = "" // u := c.GetString("url") // if u == "" { // u = conf.URLFor("HomeController.Index") // } // c.Redirect(u, 302) // } else if err == orm.ErrNoRows { // bind_existed = "false" // if ticket == "" { // error_msg = "请到企业微信中登录,并授权获取敏感信息。" // } else { // user_info, err := workweixin.RequestUserPrivateInfo(access_token, user_id, ticket) // if err != nil { // error_msg = "获取敏感信息错误: " + err.Error() // } else { // json_info, _ := json.Marshal(user_info) // user_info_json = string(json_info) // error_msg = "" // c.SetSession(SessionUserInfoKey, user_info) // } // } // } else { // logs.Error("Error: ", err) // error_msg = "登录错误: " + err.Error() // } // } else { // error_msg = "获取用户Id失败: " + user_id // } // } else { // error_msg = "应用凭据获取失败: " + access_token // } // } else { // error_msg = "参数错误" // } // if user_info_json == "" { // user_info_json = "{}" // } // if bind_existed == "" { // bind_existed = "null" // } // // refer & doc: // // - https://golang.org/pkg/html/template/#HTML // // - https://stackoverflow.com/questions/24411880/go-html-templates-can-i-stop-the-templates-package-inserting-quotes-around-stri // // - https://stackoverflow.com/questions/38035176/insert-javascript-snippet-inside-template-with-beego-golang // c.Data["bind_existed"] = template.JS(bind_existed) // logs.Debug("bind_existed: ", bind_existed) // c.Data["error_msg"] = template.JS(error_msg) // c.Data["user_info_json"] = template.JS(user_info_json) // /* // // 调试: 显示源码 // result, err := c.RenderString() // if err != nil { // logs.Error(err) // } else { // logs.Warning(result) // } // */ //} // WorkWeixinLoginBind 用户企业微信登录-绑定 //func (c *AccountController) WorkWeixinLoginBind() { // if user_info, ok := c.GetSession(SessionUserInfoKey).(workweixin.WorkWeixinUserPrivateInfo); ok && len(user_info.UserId) > 0 { // req_account := c.GetString("account") // req_password := c.GetString("password") // if req_account == "" || req_password == "" { // c.JsonResult(400, "账号或密码不能为空") // } else { // member, err := models.NewMember().Login(req_account, req_password) // if err == nil { // account := models.NewWorkWeixinAccount() // account.MemberId = member.MemberId // account.WorkWeixin_UserId = user_info.UserId // member.CreateAt = 0 // ormer := orm.NewOrm() // o, err := ormer.Begin() // if err != nil { // logs.Error("开启事务时出错 -> ", err) // c.JsonResult(500, "开启事务时出错: ", err.Error()) // } // if err := account.AddBind(ormer); err != nil { // o.Rollback() // c.JsonResult(500, "绑定失败,数据库错误: "+err.Error()) // } else { // // 绑定成功之后修改用户信息 // member.LastLoginTime = time.Now() // //member.RealName = user_info.Name // //member.Avatar = user_info.Avatar // if len(member.Avatar) < 1 { // member.Avatar = conf.GetDefaultAvatar() // } // //member.Email = user_info.Email // //member.Phone = user_info.Mobile // if _, err := ormer.Update(member, "last_login_time", "real_name", "avatar", "email", "phone"); err != nil { // o.Rollback() // logs.Error("保存用户信息失败=>", err) // c.JsonResult(500, "绑定失败,现有账户信息更新失败: "+err.Error()) // } else { // if err := o.Commit(); err != nil { // logs.Error("开启事务时出错 -> ", err) // c.JsonResult(500, "开启事务时出错: ", err.Error()) // } else { // c.DelSession(SessionUserInfoKey) // c.SetMember(*member) // // var remember CookieRemember // remember.MemberId = member.MemberId // remember.Account = member.Account // remember.Time = time.Now() // v, err := utils.Encode(remember) // if err == nil { // c.SetSecureCookie(conf.GetAppKey(), "login", v, time.Now().Add(time.Hour*24*30*5).Unix()) // c.JsonResult(0, "绑定成功", nil) // } else { // c.JsonResult(500, "绑定成功, 但自动登录失败, 请返回首页重新登录", nil) // } // } // } // // } // // } else { // logs.Error("用户登录 ->", err) // c.JsonResult(500, "账号或密码错误", nil) // } // c.JsonResult(500, "TODO: 绑定以后账号功能开发中") // } // } else { // if ok { // c.DelSession(SessionUserInfoKey) // } // c.JsonResult(400, "请求错误, 请从首页重新登录") // } // //} // WorkWeixinLoginIgnore 用户企业微信登录-忽略 //func (c *AccountController) WorkWeixinLoginIgnore() { // if user_info, ok := c.GetSession(SessionUserInfoKey).(workweixin.WorkWeixinUserPrivateInfo); ok && len(user_info.UserId) > 0 { // c.DelSession(SessionUserInfoKey) // member := models.NewMember() // // if _, err := member.FindByAccount(user_info.UserId); err == nil && member.MemberId > 0 { // c.JsonResult(400, "账号已存在") // } // // ormer := orm.NewOrm() // o, err := ormer.Begin() // if err != nil { // logs.Error("开启事务时出错 -> ", err) // c.JsonResult(500, "开启事务时出错: ", err.Error()) // } // // member.Account = user_info.UserId // member.RealName = user_info.Name // var rnd = rand.New(src) // // fmt.Sprintf("%x", rnd.Uint64()) // // strconv.FormatUint(rnd.Uint64(), 16) // member.Password = user_info.UserId + strconv.FormatUint(rnd.Uint64(), 16) // member.Password = "123456" // 强制设置默认密码,需修改一次密码后,才可以进行账号密码登录 // hash, err := utils.PasswordHash(member.Password) // if err != nil { // logs.Error("加密用户密码失败 =>", err) // c.JsonResult(500, "加密用户密码失败"+err.Error()) // } else { // logs.Error("member.Password: ", member.Password) // logs.Error("hash: ", hash) // member.Password = hash // } // member.Role = conf.MemberGeneralRole // member.Avatar = user_info.Avatar // if len(member.Avatar) < 1 { // member.Avatar = conf.GetDefaultAvatar() // } // member.CreateAt = 0 // member.Email = user_info.BizMail // member.Phone = user_info.Mobile // member.Status = 0 // if _, err = ormer.Insert(member); err != nil { // o.Rollback() // c.JsonResult(500, "注册失败,数据库错误: "+err.Error()) // } else { // account := models.NewWorkWeixinAccount() // account.MemberId = member.MemberId // account.WorkWeixin_UserId = user_info.UserId // member.CreateAt = 0 // if err := account.AddBind(ormer); err != nil { // o.Rollback() // c.JsonResult(500, "注册失败,数据库错误: "+err.Error()) // } else { // if err := o.Commit(); err != nil { // logs.Error("提交事务时出错 -> ", err) // c.JsonResult(500, "提交事务时出错: ", err.Error()) // } else { // member.LastLoginTime = time.Now() // _ = member.Update("last_login_time") // // c.SetMember(*member) // // var remember CookieRemember // remember.MemberId = member.MemberId // remember.Account = member.Account // remember.Time = time.Now() // v, err := utils.Encode(remember) // if err == nil { // c.SetSecureCookie(conf.GetAppKey(), "login", v, time.Now().Add(time.Hour*24*30*5).Unix()) // c.JsonResult(0, "绑定成功", nil) // } else { // c.JsonResult(500, "绑定成功, 但自动登录失败, 请返回首页重新登录", nil) // } // } // } // } // } else { // if ok { // c.DelSession(SessionUserInfoKey) // } // c.JsonResult(400, "请求错误, 请从首页重新登录") // } //} // QR二维码登录 //func (c *AccountController) QRLogin() { // appName := c.Ctx.Input.Param(":app") // // switch appName { // // 钉钉扫码登录 // case "dingtalk": // code := c.GetString("code") // state := c.GetString("state") // if state != "1" || code == "" { // c.Redirect(conf.URLFor("AccountController.Login"), 302) // c.StopRun() // } // appKey, _ := web.AppConfig.String("dingtalk_qr_key") // appSecret, _ := web.AppConfig.String("dingtalk_qr_secret") // // qrDingtalk := dingtalk.NewDingtalkQRLogin(appSecret, appKey) // unionID, err := qrDingtalk.GetUnionIDByCode(code) // if err != nil { // logs.Warn("获取钉钉临时UnionID失败 ->", err) // c.Redirect(conf.URLFor("AccountController.Login"), 302) // c.StopRun() // } // // appKey, _ = web.AppConfig.String("dingtalk_app_key") // appSecret, _ = web.AppConfig.String("dingtalk_app_secret") // tmpReader, _ := web.AppConfig.String("dingtalk_tmp_reader") // // dingtalkAgent := dingtalk.NewDingTalkAgent(appSecret, appKey) // err = dingtalkAgent.GetAccesstoken() // if err != nil { // logs.Warn("获取钉钉临时Token失败 ->", err) // c.Redirect(conf.URLFor("AccountController.Login"), 302) // c.StopRun() // } // // userid, err := dingtalkAgent.GetUserIDByUnionID(unionID) // if err != nil { // logs.Warn("获取钉钉用户ID失败 ->", err) // c.Redirect(conf.URLFor("AccountController.Login"), 302) // c.StopRun() // } // // username, avatar, err := dingtalkAgent.GetUserNameAndAvatarByUserID(userid) // if err != nil { // logs.Warn("获取钉钉用户信息失败 ->", err) // c.Redirect(conf.URLFor("AccountController.Login"), 302) // c.StopRun() // } // // member, err := models.NewMember().TmpLogin(tmpReader) // if err == nil { // member.LastLoginTime = time.Now() // _ = member.Update("last_login_time") // member.Account = username // if avatar != "" { // member.Avatar = avatar // } // // c.SetMember(*member) // c.LoggedIn(false) // c.StopRun() // } // c.Redirect(conf.URLFor("AccountController.Login"), 302) // // // 企业微信扫码登录 // case "workweixin": // // // // default: // c.Redirect(conf.URLFor("AccountController.Login"), 302) // c.StopRun() // } //} // 登录成功后的操作,如重定向到原始请求页面 func (c *AccountController) LoggedIn(isPost bool) interface{} { turl := c.referer() if !isPost { c.Redirect(turl, 302) return nil } else { var data struct { TURL string `json:"url"` } data.TURL = turl return data } } // 用户注册 func (c *AccountController) Register() { c.TplName = "account/register.tpl" //如果用户登录了,则跳转到网站首页 if member, ok := c.GetSession(conf.LoginSessionName).(models.Member); ok && member.MemberId > 0 { c.Redirect(conf.URLFor("HomeController.Index"), 302) } // 如果没有开启用户注册 if v, ok := c.Option["ENABLED_REGISTER"]; ok && !strings.EqualFold(v, "true") { c.Abort("404") } if c.Ctx.Input.IsPost() { account := c.GetString("account") password1 := c.GetString("password1") password2 := c.GetString("password2") email := c.GetString("email") captcha := c.GetString("code") if ok, err := regexp.MatchString(conf.RegexpAccount, account); account == "" || !ok || err != nil { c.JsonResult(6001, i18n.Tr(c.Lang, "message.username_invalid_format")) } if l := strings.Count(password1, ""); password1 == "" || l > 50 || l < 6 { c.JsonResult(6002, i18n.Tr(c.Lang, "message.password_length_invalid")) } if password1 != password2 { c.JsonResult(6003, i18n.Tr(c.Lang, "message.incorrect_confirm_password")) } if ok, err := regexp.MatchString(conf.RegexpEmail, email); !ok || err != nil || email == "" { c.JsonResult(6004, i18n.Tr(c.Lang, "message.email_invalid_format")) } // 如果开启了验证码 if v, ok := c.Option["ENABLED_CAPTCHA"]; ok && strings.EqualFold(v, "true") { v, ok := c.GetSession(conf.CaptchaSessionName).(string) if !ok || !strings.EqualFold(v, captcha) { c.JsonResult(6001, i18n.Tr(c.Lang, "message.captcha_wrong")) } } member := models.NewMember() if _, err := member.FindByAccount(account); err == nil && member.MemberId > 0 { c.JsonResult(6005, i18n.Tr(c.Lang, "message.account_existed")) } member.Account = account member.Password = password1 member.Role = conf.MemberGeneralRole member.Avatar = conf.GetDefaultAvatar() member.CreateAt = 0 member.Email = email member.Status = 0 if err := member.Add(); err != nil { c.JsonResult(6006, i18n.Tr(c.Lang, "message.failed_register")) } c.JsonResult(0, "ok", member) } } // 找回密码 func (c *AccountController) FindPassword() { c.TplName = "account/find_password_setp1.tpl" mailConf := conf.GetMailConfig() if c.Ctx.Input.IsPost() { email := c.GetString("email") captcha := c.GetString("code") if email == "" { c.JsonResult(6005, i18n.Tr(c.Lang, "message.email_empty")) } if !mailConf.EnableMail { c.JsonResult(6004, i18n.Tr(c.Lang, "message.mail_service_not_enable")) } // 如果开启了验证码 if v, ok := c.Option["ENABLED_CAPTCHA"]; ok && strings.EqualFold(v, "true") { v, ok := c.GetSession(conf.CaptchaSessionName).(string) if !ok || !strings.EqualFold(v, captcha) { c.JsonResult(6001, i18n.Tr(c.Lang, "message.captcha_wrong")) } } member, err := models.NewMember().FindByFieldFirst("email", email) if err != nil { c.JsonResult(6006, i18n.Tr(c.Lang, "message.email_not_exist")) } if member == nil || member.Status != 0 { c.JsonResult(6007, i18n.Tr(c.Lang, "message.account_disable")) } if member == nil || member.AuthMethod == conf.AuthMethodLDAP { c.JsonResult(6011, i18n.Tr(c.Lang, "message.account_not_support_retrieval")) } count, err := models.NewMemberToken().FindSendCount(email, time.Now().Add(-1*time.Hour), time.Now()) if err != nil { logs.Error(err) c.JsonResult(6008, i18n.Tr(c.Lang, "message.failed_send_mail")) } if count > mailConf.MailNumber { c.JsonResult(6008, i18n.Tr(c.Lang, "message.sent_too_many_times")) } memberToken := models.NewMemberToken() memberToken.Token = string(utils.Krand(32, utils.KC_RAND_KIND_ALL)) memberToken.Email = email memberToken.MemberId = member.MemberId memberToken.IsValid = false if _, err := memberToken.InsertOrUpdate(); err != nil { c.JsonResult(6009, i18n.Tr(c.Lang, "message.failed_send_mail")) } data := map[string]interface{}{ "SITE_NAME": c.Option["SITE_NAME"], "url": conf.URLFor("AccountController.FindPassword", "token", memberToken.Token, "mail", email), "BaseUrl": c.BaseUrl(), } body, err := c.ExecuteViewPathTemplate("account/mail_template.tpl", data) if err != nil { logs.Error(err) c.JsonResult(6003, i18n.Tr(c.Lang, "message.failed_send_mail")) } go func(mailConf *conf.SmtpConf, email string, body string) { mailConfig := &mail.SMTPConfig{ Username: mailConf.SmtpUserName, Password: mailConf.SmtpPassword, Host: mailConf.SmtpHost, Port: mailConf.SmtpPort, Secure: mailConf.Secure, Identity: "", } logs.Info(mailConfig) c := mail.NewSMTPClient(mailConfig) m := mail.NewMail() m.AddFrom(mailConf.FormUserName) m.AddFromName(mailConf.FormUserName) m.AddSubject("找回密码") m.AddHTML(body) m.AddTo(email) if e := c.Send(m); e != nil { logs.Error("发送邮件失败:" + e.Error()) } else { logs.Info("邮件发送成功:" + email) } //auth := smtp.PlainAuth( // "", // mail_conf.SmtpUserName, // mail_conf.SmtpPassword, // mail_conf.SmtpHost, //) // //mime := "MIME-version: 1.0;\nContent-Type: text/html; charset=\"UTF-8\";\n\n" //subject := "Subject: 找回密码!\n" // //err = smtp.SendMail( // mail_conf.SmtpHost+":"+strconv.Itoa(mail_conf.SmtpPort), // auth, // mail_conf.FormUserName, // []string{email}, // []byte(subject+mime+"\n"+body), //) //if err != nil { // logs.Error("邮件发送失败 => ", email, err) //} }(mailConf, email, body) c.JsonResult(0, "ok", conf.URLFor("AccountController.Login")) } token := c.GetString("token") email := c.GetString("mail") if token != "" && email != "" { memberToken, err := models.NewMemberToken().FindByFieldFirst("token", token) if err != nil { logs.Error(err) c.Data["ErrorMessage"] = i18n.Tr(c.Lang, "message.mail_expired") c.TplName = "errors/error.tpl" return } subTime := time.Until(memberToken.SendTime) if !strings.EqualFold(memberToken.Email, email) || subTime.Minutes() > float64(mailConf.MailExpired) || !memberToken.ValidTime.IsZero() { c.Data["ErrorMessage"] = i18n.Tr(c.Lang, "message.captcha_expired") c.TplName = "errors/error.tpl" return } c.Data["Email"] = memberToken.Email c.Data["Token"] = memberToken.Token c.TplName = "account/find_password_setp2.tpl" } } // 校验邮件并修改密码 func (c *AccountController) ValidEmail() { password1 := c.GetString("password1") password2 := c.GetString("password2") captcha := c.GetString("code") token := c.GetString("token") email := c.GetString("mail") if password1 == "" { c.JsonResult(6001, i18n.Tr(c.Lang, "message.password_empty")) } if l := strings.Count(password1, ""); l < 6 || l > 50 { c.JsonResult(6001, i18n.Tr(c.Lang, "message.password_length_invalid")) } if password2 == "" { c.JsonResult(6002, i18n.Tr(c.Lang, "message.confirm_password_empty")) } if password1 != password2 { c.JsonResult(6003, i18n.Tr(c.Lang, "message.incorrect_confirm_password")) } if captcha == "" { c.JsonResult(6004, i18n.Tr(c.Lang, "message.captcha_empty")) } v, ok := c.GetSession(conf.CaptchaSessionName).(string) if !ok || !strings.EqualFold(v, captcha) { c.JsonResult(6001, i18n.Tr(c.Lang, "message.captcha_wrong")) } mailConf := conf.GetMailConfig() memberToken, err := models.NewMemberToken().FindByFieldFirst("token", token) if err != nil { logs.Error(err) c.JsonResult(6007, i18n.Tr(c.Lang, "message.mail_expired")) } subTime := time.Until(memberToken.SendTime) if !strings.EqualFold(memberToken.Email, email) || subTime.Minutes() > float64(mailConf.MailExpired) || !memberToken.ValidTime.IsZero() { c.JsonResult(6008, i18n.Tr(c.Lang, "message.captcha_expired")) } member, err := models.NewMember().Find(memberToken.MemberId) if err != nil { logs.Error(err) c.JsonResult(6005, i18n.Tr(c.Lang, "message.user_not_existed")) } hash, err := utils.PasswordHash(password1) if err != nil { logs.Error(err) c.JsonResult(6006, i18n.Tr(c.Lang, "message.failed_save_password")) } member.Password = hash err = member.Update("password") memberToken.ValidTime = time.Now() memberToken.IsValid = true memberToken.InsertOrUpdate() if err != nil { logs.Error(err) c.JsonResult(6006, i18n.Tr(c.Lang, "message.failed_save_password")) } c.JsonResult(0, "ok", conf.URLFor("AccountController.Login")) } // Logout 退出登录 func (c *AccountController) Logout() { c.SetMember(models.Member{}) c.SetSecureCookie(conf.GetAppKey(), "login", "", -3600) u := c.Ctx.Request.Header.Get("Referer") c.Redirect(conf.URLFor("AccountController.Login", "url", u), 302) } // 验证码 func (c *AccountController) Captcha() { captchaImage := gocaptcha.NewCaptchaImage(140, 40, gocaptcha.RandLightColor()) captchaImage.DrawNoise(gocaptcha.CaptchaComplexLower) // captchaImage.DrawTextNoise(gocaptcha.CaptchaComplexHigh) txt := gocaptcha.RandText(4) c.SetSession(conf.CaptchaSessionName, txt) captchaImage.DrawText(txt) // captchaImage.Drawline(3); captchaImage.DrawBorder(gocaptcha.ColorToRGB(0x17A7A7A)) // captchaImage.DrawHollowLine() captchaImage.SaveImage(c.Ctx.ResponseWriter, gocaptcha.ImageFormatJpeg) c.StopRun() }