From 25c58d9988026fb73dd5bba6f62d357c44a5b2f4 Mon Sep 17 00:00:00 2001 From: LawyZHENG Date: Tue, 16 Mar 2021 13:28:38 +0800 Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E4=B8=B4=E6=97=B6Token?= =?UTF-8?q?=E7=99=BB=E5=BD=95=E6=8E=A5=E5=8F=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- controllers/AccountController.go | 68 +++++++++++++++++++++++++++++++- models/BookModel.go | 1 + models/comment_vote.go | 3 +- routers/router.go | 46 ++++++++++----------- 4 files changed, 91 insertions(+), 27 deletions(-) diff --git a/controllers/AccountController.go b/controllers/AccountController.go index a9153bde..18c78a55 100644 --- a/controllers/AccountController.go +++ b/controllers/AccountController.go @@ -1,18 +1,23 @@ package controllers import ( + "crypto/hmac" + "crypto/sha1" + "encoding/base64" + "fmt" "net/url" "regexp" "strings" "time" + "html/template" + "github.com/astaxie/beego" "github.com/lifei6671/gocaptcha" "github.com/lifei6671/mindoc/conf" "github.com/lifei6671/mindoc/mail" "github.com/lifei6671/mindoc/models" "github.com/lifei6671/mindoc/utils" - "html/template" ) // AccountController 用户登录与注册 @@ -131,6 +136,67 @@ func (c *AccountController) Login() { } } +// 临时登录 +func (c *AccountController) TmpLogin() { + if c.Member != nil { + c.Redirect(conf.URLFor("HomeController.Index"), 302) + } + + tmpToken := c.GetString("tmpToken") + if tmpToken == "" { + c.Redirect(conf.URLFor("AccountController.Login"), 302) + } + + tmp, err := base64.URLEncoding.DecodeString(tmpToken) + if err != nil { + c.Redirect(conf.URLFor("AccountController.Login"), 302) + } + + tmpToken = string(tmp) + var remember CookieRemember + // 如果 Cookie 中存在登录信息 + cookie, ok := c.GetSecureCookie(conf.GetAppKey(), "login") + if !ok { + cookie, ok = parseHelper(tmpToken) + } + + // 解析用户,并登录 + if ok { + if err := utils.Decode(cookie, &remember); err == nil { + if member, err := models.NewMember().Find(remember.MemberId); err == nil { + c.SetMember(*member) + c.LoggedIn(false) + c.StopRun() + } + } + } + c.Redirect(conf.URLFor("AccountController.Login"), 302) + +} + +func parseHelper(value string) (string, bool) { + + parts := strings.SplitN(value, "|", 3) + + if len(parts) != 3 { + return "", false + } + + vs := parts[0] + timestamp := parts[1] + sig := parts[2] + + h := hmac.New(sha1.New, []byte(conf.GetAppKey())) + fmt.Fprintf(h, "%s%s", vs, timestamp) + + if fmt.Sprintf("%02x", h.Sum(nil)) != sig { + return "", false + } + res, _ := base64.URLEncoding.DecodeString(vs) + return string(res), true + +} + // 登录成功后的操作,如重定向到原始请求页面 func (c *AccountController) LoggedIn(isPost bool) interface{} { diff --git a/models/BookModel.go b/models/BookModel.go index 7fdffb14..7b60dde9 100644 --- a/models/BookModel.go +++ b/models/BookModel.go @@ -15,6 +15,7 @@ import ( "time" "encoding/json" + "github.com/astaxie/beego" "github.com/astaxie/beego/logs" "github.com/astaxie/beego/orm" diff --git a/models/comment_vote.go b/models/comment_vote.go index f55638de..26630310 100644 --- a/models/comment_vote.go +++ b/models/comment_vote.go @@ -1,9 +1,10 @@ package models import ( + "time" + "github.com/astaxie/beego/orm" "github.com/lifei6671/mindoc/conf" - "time" ) type CommentVote struct { diff --git a/routers/router.go b/routers/router.go index 95a83836..441c1274 100644 --- a/routers/router.go +++ b/routers/router.go @@ -9,6 +9,7 @@ func init() { beego.Router("/", &controllers.HomeController{}, "*:Index") beego.Router("/login", &controllers.AccountController{}, "*:Login") + beego.Router("/token", &controllers.AccountController{}, "get:TmpLogin") beego.Router("/logout", &controllers.AccountController{}, "*:Logout") beego.Router("/register", &controllers.AccountController{}, "*:Register") beego.Router("/find_password", &controllers.AccountController{}, "*:FindPassword") @@ -35,8 +36,8 @@ func init() { beego.Router("/manager/attach/list", &controllers.ManagerController{}, "*:AttachList") beego.Router("/manager/attach/detailed/:id", &controllers.ManagerController{}, "*:AttachDetailed") beego.Router("/manager/attach/delete", &controllers.ManagerController{}, "post:AttachDelete") - beego.Router("/manager/label/list", &controllers.ManagerController{},"get:LabelList") - beego.Router("/manager/label/delete/:id", &controllers.ManagerController{},"post:LabelDelete") + beego.Router("/manager/label/list", &controllers.ManagerController{}, "get:LabelList") + beego.Router("/manager/label/delete/:id", &controllers.ManagerController{}, "post:LabelDelete") //beego.Router("/manager/config", &controllers.ManagerController{}, "*:Config") @@ -51,16 +52,14 @@ func init() { beego.Router("/manager/team/member/change_role", &controllers.ManagerController{}, "POST:TeamChangeMemberRole") beego.Router("/manager/team/member/search", &controllers.ManagerController{}, "*:TeamSearchMember") - beego.Router("/manager/team/book/list/:id", &controllers.ManagerController{}, "*:TeamBookList") beego.Router("/manager/team/book/add", &controllers.ManagerController{}, "POST:TeamBookAdd") beego.Router("/manager/team/book/delete", &controllers.ManagerController{}, "POST:TeamBookDelete") beego.Router("/manager/team/book/search", &controllers.ManagerController{}, "*:TeamSearchBook") - beego.Router("/manager/itemsets", &controllers.ManagerController{},"*:Itemsets") - beego.Router("/manager/itemsets/edit", &controllers.ManagerController{},"post:ItemsetsEdit") - beego.Router("/manager/itemsets/delete", &controllers.ManagerController{},"post:ItemsetsDelete") - + beego.Router("/manager/itemsets", &controllers.ManagerController{}, "*:Itemsets") + beego.Router("/manager/itemsets/edit", &controllers.ManagerController{}, "post:ItemsetsEdit") + beego.Router("/manager/itemsets/delete", &controllers.ManagerController{}, "post:ItemsetsDelete") beego.Router("/setting", &controllers.SettingController{}, "*:Index") beego.Router("/setting/password", &controllers.SettingController{}, "*:Password") @@ -74,15 +73,14 @@ func init() { beego.Router("/book/:key/sort", &controllers.BookController{}, "post:SaveSort") beego.Router("/book/:key/teams", &controllers.BookController{}, "*:Team") - beego.Router("/book/create", &controllers.BookController{}, "*:Create") beego.Router("/book/itemsets/search", &controllers.BookController{}, "*:ItemsetsSearch") beego.Router("/book/users/create", &controllers.BookMemberController{}, "post:AddMember") beego.Router("/book/users/change", &controllers.BookMemberController{}, "post:ChangeRole") beego.Router("/book/users/delete", &controllers.BookMemberController{}, "post:RemoveMember") - beego.Router("/book/users/import", &controllers.BookController{},"post:Import") - beego.Router("/book/users/copy", &controllers.BookController{},"post:Copy") + beego.Router("/book/users/import", &controllers.BookController{}, "post:Import") + beego.Router("/book/users/copy", &controllers.BookController{}, "post:Copy") beego.Router("/book/setting/save", &controllers.BookController{}, "post:SaveBook") beego.Router("/book/setting/open", &controllers.BookController{}, "post:PrivatelyOwned") @@ -94,26 +92,24 @@ func init() { beego.Router("/book/team/delete", &controllers.BookController{}, "POST:TeamDelete") beego.Router("/book/team/search", &controllers.BookController{}, "*:TeamSearch") - //管理文章的路由 - beego.Router("/manage/blogs", &controllers.BlogController{},"*:ManageList") + beego.Router("/manage/blogs", &controllers.BlogController{}, "*:ManageList") beego.Router("/manage/blogs/setting/?:id", &controllers.BlogController{}, "*:ManageSetting") - beego.Router("/manage/blogs/edit/?:id",&controllers.BlogController{}, "*:ManageEdit") - beego.Router("/manage/blogs/delete",&controllers.BlogController{}, "post:ManageDelete") - beego.Router("/manage/blogs/upload",&controllers.BlogController{}, "post:Upload") - beego.Router("/manage/blogs/attach/:id",&controllers.BlogController{}, "post:RemoveAttachment") - + beego.Router("/manage/blogs/edit/?:id", &controllers.BlogController{}, "*:ManageEdit") + beego.Router("/manage/blogs/delete", &controllers.BlogController{}, "post:ManageDelete") + beego.Router("/manage/blogs/upload", &controllers.BlogController{}, "post:Upload") + beego.Router("/manage/blogs/attach/:id", &controllers.BlogController{}, "post:RemoveAttachment") //读文章的路由 beego.Router("/blogs", &controllers.BlogController{}, "*:List") - beego.Router("/blog-attach/:id:int/:attach_id:int", &controllers.BlogController{},"get:Download") - beego.Router("/blog-:id([0-9]+).html",&controllers.BlogController{}, "*:Index") + beego.Router("/blog-attach/:id:int/:attach_id:int", &controllers.BlogController{}, "get:Download") + beego.Router("/blog-:id([0-9]+).html", &controllers.BlogController{}, "*:Index") //模板相关接口 - beego.Router("/api/template/get", &controllers.TemplateController{},"get:Get") - beego.Router("/api/template/list", &controllers.TemplateController{},"post:List") - beego.Router("/api/template/add", &controllers.TemplateController{},"post:Add") - beego.Router("/api/template/remove", &controllers.TemplateController{},"post:Delete") + beego.Router("/api/template/get", &controllers.TemplateController{}, "get:Get") + beego.Router("/api/template/list", &controllers.TemplateController{}, "post:List") + beego.Router("/api/template/add", &controllers.TemplateController{}, "post:Add") + beego.Router("/api/template/remove", &controllers.TemplateController{}, "post:Delete") beego.Router("/api/attach/remove/", &controllers.DocumentController{}, "post:RemoveAttachment") beego.Router("/api/:key/edit/?:id", &controllers.DocumentController{}, "*:Edit") @@ -145,7 +141,7 @@ func init() { beego.Router("/tag/:key", &controllers.LabelController{}, "get:Index") beego.Router("/tags", &controllers.LabelController{}, "get:List") - beego.Router("/items", &controllers.ItemsetsController{},"get:Index") - beego.Router("/items/:key", &controllers.ItemsetsController{},"get:List") + beego.Router("/items", &controllers.ItemsetsController{}, "get:Index") + beego.Router("/items/:key", &controllers.ItemsetsController{}, "get:List") }