diff --git a/oa/api/token/token.go b/oa/api/token/token.go index 69b77e5..a68642b 100644 --- a/oa/api/token/token.go +++ b/oa/api/token/token.go @@ -68,10 +68,21 @@ func tokenPost(x *rest.X) (any, error) { } if oldClaim.AID == *opts.AppID { // refresh token + claim.AID = oldClaim.AID + claim.UID = oldClaim.UID + claim.Name = oldClaim.Name + claim.Icon = oldClaim.Icon + claim.ExpiresAt = jwt.NewNumericDate(time.Now().Add(time.Minute * 10)) + acList := make(auth.Access, 0, 10) + logv.AssertError(cfg.DB().Table("accesses a"). + Select("a.name, a.t_id, a.level"). + Joins("INNER JOIN user_roles ur ON ur.role_id = a.role_id AND ur.user_id = ?", oldClaim.UID). + Scan(&acList).Error) + claim.Access = acList } else { // gen other app token } - } else if opts.Salt != nil && opts.Code != nil && aid == cfg.Config.ID { + } else if opts.Code != nil && aid == cfg.Config.ID { // for oa login user := &M.User{} err = cfg.DB().Where("id = ?", opts.UserID).Find(user).Error @@ -82,8 +93,6 @@ func tokenPost(x *rest.X) (any, error) { code := *opts.Code salt := logv.AssertFuncErr(hex.DecodeString(*opts.Salt)) key := logv.AssertFuncErr(hex.DecodeString(user.Code)) - logv.Warn().Msgf("%d: %d", len(key), len(salt)) - logv.Warn().Msgf("%s: %s", user.Code, *opts.Salt) de, err := utils.AesDecrypt([]byte(code), key, salt) if err != nil || de != user.ID { return nil, errs.AuthInvalid @@ -98,29 +107,26 @@ func tokenPost(x *rest.X) (any, error) { if opts.OverPerm != nil { data.OverPerm = *opts.OverPerm } - // logv.AssertError(cfg.DB().Create(data).Error) + if opts.Device != nil { + data.Device = *opts.Device + } + data.ExpiredAt = time.Now().Add(time.Hour) + logv.AssertError(cfg.DB().Create(data).Error) + claim.ID = data.ID claim.AID = aid claim.UID = user.ID claim.Name = user.Username claim.Icon = user.Icon + claim.ExpiresAt = jwt.NewNumericDate(data.ExpiredAt) if user.Nickname != "" { claim.Name = user.Nickname } - acList := make(auth.Access, 0, 10) - logv.AssertError(cfg.DB().Debug().Table("accesses a"). - Select("a.name, a.t_id, a.level"). - Joins("INNER JOIN user_roles ur ON ur.role_id = a.role_id AND ur.user_id = ?", user.ID). - Scan(&acList).Error) - claim.Access = acList - token := logv.AssertFuncErr(auth.GenJwt(claim)) - return map[string]string{"refresh": token, "token": token}, err } else { return nil, errs.ArgsInvalid } - claim.ExpiresAt = jwt.NewNumericDate(data.ExpiredAt) - err = cfg.DB().Create(data).Error - return data, err + token := logv.AssertFuncErr(auth.GenJwt(claim)) + return token, err } func tokenGet(x *rest.X) (any, error) { diff --git a/oa/models/token.gen.go b/oa/models/token.gen.go index 8de012e..71b094b 100644 --- a/oa/models/token.gen.go +++ b/oa/models/token.gen.go @@ -12,12 +12,14 @@ type TokenPost struct { // 两种获取token方式,一种用token换取(应用登录),一种用密码加密code换(oa登录) Token *string `json:"token" parse:"json"` - Salt *string `json:"salt" parse:"json"` - Code *string `json:"code" parse:"json"` + // 登录方随机生成的salt,非用户salt + Salt *string `json:"salt" parse:"json"` + Code *string `json:"code" parse:"json"` AppID *string `json:"app_id" gorm:"index;type:varchar(32)" parse:"json"` ExpiredAt *time.Time `json:"expired_at" parse:"json"` OverPerm *string `json:"over_perm" parse:"json"` + Device *string `json:"device" parse:"json"` } type TokenGet struct { diff --git a/oa/models/token.go b/oa/models/token.go index 86e4cdc..76655bd 100644 --- a/oa/models/token.go +++ b/oa/models/token.go @@ -13,4 +13,5 @@ type Token struct { App *App `json:"-"` ExpiredAt time.Time `json:"expired_at" methods:"*post,*patch" parse:"json"` OverPerm string `json:"over_perm" methods:"*post,*patch" parse:"json"` + Device string `json:"device" methods:"*post" parse:"json"` } diff --git a/oa/models/user.go b/oa/models/user.go index 4ba6688..5b6c6e3 100644 --- a/oa/models/user.go +++ b/oa/models/user.go @@ -18,7 +18,7 @@ type User struct { Status uint `json:"status" methods:"*patch,*list" parse:"json"` - Salt string `json:"-" gorm:"type:varchar(32)" methods:"post" parse:"json"` + Salt string `json:"-" gorm:"type:varchar(32)"` Code string `json:"-" gorm:"type:varchar(64)" methods:"post" parse:"json"` }