chore: update auth and portal
This commit is contained in:
@@ -64,9 +64,6 @@ func (m *Middlewares) authenticate(ctx fiber.Ctx, requireToken bool) error {
|
||||
if user.Status == consts.UserStatusBanned {
|
||||
return errorx.ErrAccountDisabled
|
||||
}
|
||||
if user.Status == consts.UserStatusBanned {
|
||||
return errorx.ErrAccountDisabled
|
||||
}
|
||||
|
||||
// Set Context
|
||||
ctx.Locals(consts.CtxKeyUser, user)
|
||||
@@ -104,6 +101,9 @@ func (m *Middlewares) SuperAuth(ctx fiber.Ctx) error {
|
||||
if err != nil {
|
||||
return errorx.ErrUnauthorized.WithCause(err).WithMsg("UserNotFound")
|
||||
}
|
||||
if user.Status == consts.UserStatusBanned {
|
||||
return errorx.ErrAccountDisabled
|
||||
}
|
||||
|
||||
if !hasRole(user.Roles, consts.RoleSuperAdmin) {
|
||||
return errorx.ErrForbidden.WithMsg("无权限访问")
|
||||
|
||||
@@ -27,12 +27,22 @@ type super struct {
|
||||
}
|
||||
|
||||
func (s *super) Login(ctx context.Context, form *super_dto.LoginForm) (*super_dto.LoginResponse, error) {
|
||||
tbl, q := models.UserQuery.QueryContext(ctx)
|
||||
u, err := q.Where(tbl.Username.Eq(form.Username)).First()
|
||||
if err != nil {
|
||||
return nil, errorx.ErrInvalidCredentials.WithMsg("账号或密码错误")
|
||||
if form == nil {
|
||||
return nil, errorx.ErrInvalidParameter.WithMsg("登录参数不能为空")
|
||||
}
|
||||
if u.Password != form.Password {
|
||||
username := strings.TrimSpace(form.Username)
|
||||
password := strings.TrimSpace(form.Password)
|
||||
if username == "" || password == "" {
|
||||
return nil, errorx.ErrInvalidParameter.WithMsg("账号或密码不能为空")
|
||||
}
|
||||
|
||||
// 校验账号与权限。
|
||||
tbl, q := models.UserQuery.QueryContext(ctx)
|
||||
u, err := q.Where(tbl.Username.Eq(username)).First()
|
||||
if err != nil {
|
||||
return nil, errorx.ErrInvalidCredentials.WithCause(err).WithMsg("账号或密码错误")
|
||||
}
|
||||
if u.Password != password {
|
||||
return nil, errorx.ErrInvalidCredentials.WithMsg("账号或密码错误")
|
||||
}
|
||||
if u.Status == consts.UserStatusBanned {
|
||||
@@ -42,11 +52,12 @@ func (s *super) Login(ctx context.Context, form *super_dto.LoginForm) (*super_dt
|
||||
return nil, errorx.ErrForbidden.WithMsg("无权限访问")
|
||||
}
|
||||
|
||||
// 生成登录令牌。
|
||||
token, err := s.jwt.CreateToken(s.jwt.CreateClaims(jwt_provider.BaseClaims{
|
||||
UserID: u.ID,
|
||||
}))
|
||||
if err != nil {
|
||||
return nil, errorx.ErrInternalError.WithMsg("生成令牌失败")
|
||||
return nil, errorx.ErrInternalError.WithCause(err).WithMsg("生成令牌失败")
|
||||
}
|
||||
|
||||
return &super_dto.LoginResponse{
|
||||
@@ -68,7 +79,10 @@ func (s *super) CheckToken(ctx context.Context, token string) (*super_dto.LoginR
|
||||
tbl, q := models.UserQuery.QueryContext(ctx)
|
||||
u, err := q.Where(tbl.ID.Eq(claims.UserID)).First()
|
||||
if err != nil {
|
||||
return nil, errorx.ErrUnauthorized.WithMsg("UserNotFound")
|
||||
return nil, errorx.ErrUnauthorized.WithCause(err).WithMsg("UserNotFound")
|
||||
}
|
||||
if u.Status == consts.UserStatusBanned {
|
||||
return nil, errorx.ErrAccountDisabled
|
||||
}
|
||||
if !hasRole(u.Roles, consts.RoleSuperAdmin) {
|
||||
return nil, errorx.ErrForbidden.WithMsg("无权限访问")
|
||||
@@ -78,7 +92,7 @@ func (s *super) CheckToken(ctx context.Context, token string) (*super_dto.LoginR
|
||||
UserID: u.ID,
|
||||
}))
|
||||
if err != nil {
|
||||
return nil, errorx.ErrInternalError.WithMsg("生成令牌失败")
|
||||
return nil, errorx.ErrInternalError.WithCause(err).WithMsg("生成令牌失败")
|
||||
}
|
||||
|
||||
return &super_dto.LoginResponse{
|
||||
|
||||
@@ -16,6 +16,7 @@ import (
|
||||
. "github.com/smartystreets/goconvey/convey"
|
||||
"github.com/stretchr/testify/suite"
|
||||
"go.ipao.vip/atom/contracts"
|
||||
"go.ipao.vip/gen/types"
|
||||
"go.uber.org/dig"
|
||||
)
|
||||
|
||||
@@ -74,6 +75,60 @@ func (s *SuperTestSuite) Test_ListUsers() {
|
||||
})
|
||||
}
|
||||
|
||||
func (s *SuperTestSuite) Test_LoginAndCheckToken() {
|
||||
Convey("Login and CheckToken", s.T(), func() {
|
||||
ctx := s.T().Context()
|
||||
database.Truncate(ctx, s.DB, models.TableNameUser)
|
||||
|
||||
admin := &models.User{
|
||||
Username: "super_admin",
|
||||
Password: "pass123",
|
||||
Roles: types.Array[consts.Role]{consts.RoleSuperAdmin},
|
||||
Status: consts.UserStatusVerified,
|
||||
}
|
||||
normal := &models.User{
|
||||
Username: "normal_user",
|
||||
Password: "pass123",
|
||||
Status: consts.UserStatusVerified,
|
||||
}
|
||||
models.UserQuery.WithContext(ctx).Create(admin, normal)
|
||||
|
||||
Convey("should login as super admin", func() {
|
||||
res, err := Super.Login(ctx, &super_dto.LoginForm{
|
||||
Username: admin.Username,
|
||||
Password: admin.Password,
|
||||
})
|
||||
So(err, ShouldBeNil)
|
||||
So(res, ShouldNotBeNil)
|
||||
So(res.Token, ShouldNotBeBlank)
|
||||
So(res.User.ID, ShouldEqual, admin.ID)
|
||||
})
|
||||
|
||||
Convey("should reject non-super admin", func() {
|
||||
_, err := Super.Login(ctx, &super_dto.LoginForm{
|
||||
Username: normal.Username,
|
||||
Password: normal.Password,
|
||||
})
|
||||
So(err, ShouldNotBeNil)
|
||||
})
|
||||
|
||||
Convey("should refresh token", func() {
|
||||
loginRes, err := Super.Login(ctx, &super_dto.LoginForm{
|
||||
Username: admin.Username,
|
||||
Password: admin.Password,
|
||||
})
|
||||
So(err, ShouldBeNil)
|
||||
|
||||
token := "Bearer " + loginRes.Token
|
||||
checkRes, err := Super.CheckToken(ctx, token)
|
||||
So(err, ShouldBeNil)
|
||||
So(checkRes, ShouldNotBeNil)
|
||||
So(checkRes.Token, ShouldNotBeBlank)
|
||||
So(checkRes.User.ID, ShouldEqual, admin.ID)
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
func (s *SuperTestSuite) Test_CreateTenant() {
|
||||
Convey("CreateTenant", s.T(), func() {
|
||||
ctx := s.T().Context()
|
||||
|
||||
Reference in New Issue
Block a user