fix: wechat verify

2025-01-10 19:44:24 +08:00
parent ab576706e7
commit 52c17b63bb
13 changed files with 83 additions and 92 deletions
--- a/backend/app/http/auth/controller_wechat.go
+++ b/backend/app/http/auth/controller_wechat.go
@@ -100,3 +100,14 @@ func (ctl *Controller) Login(ctx fiber.Ctx, code, state, redirectUri string) err
 	return ctx.Redirect().To(redirectUri)
 }
 // @Router /MP_verify_:uuid.txt [get]
 // @Bind uuid path
 func (ctl *Controller) Verify(ctx fiber.Ctx, uuid string) error {
 	v, err := ctl.wechat.VerifySite(uuid)
 	if err != nil {
 		return err
 	}
 	return ctx.SendString(v)
 }
--- a/backend/app/http/auth/routes.gen.go
+++ b/backend/app/http/auth/routes.gen.go
@@ -40,4 +40,9 @@ func (r *Routes) Register(router fiber.Router) {
 		QueryParam[string]("redirectUri"),
 	))
 	router.Get("/MP_verify_:uuid.txt", Func1(
 		r.controller.Verify,
 		PathParam[string]("uuid"),
 	))
 }
--- a/backend/app/http/tenants/controller.go
+++ b/backend/app/http/tenants/controller.go
@@ -1,6 +1,9 @@
 package tenants
 import (
 	"time"
 	"backend/app/consts"
 	"backend/providers/jwt"
 	"backend/providers/otel"
@@ -11,6 +14,7 @@ import (
 // @provider
 type Controller struct {
 	svc *Service
 	jwt *jwt.JWT
 	log *log.Entry `inject:"false"`
 }
@@ -36,6 +40,21 @@ func (c *Controller) Index(ctx fiber.Ctx, tenant string, claim *jwt.Claims) erro
 		return err
 	}
 	if claim.TenantID == nil {
 		claim.TenantID = &tenantModel.ID
 		token, err := c.jwt.CreateToken(claim)
 		if err != nil {
 			return err
 		}
 		ctx.Cookie(&fiber.Cookie{
 			Name:     consts.TokenTypeUser.String(),
 			Value:    token,
 			Expires:  time.Now().Add(6 * time.Hour),
 			HTTPOnly: true,
 		})
 	}
 	// TODO:  render page
 	return nil
 }
--- a/backend/app/http/tenants/provider.gen.go
+++ b/backend/app/http/tenants/provider.gen.go
@@ -3,6 +3,8 @@ package tenants
 import (
 	"database/sql"
 	"backend/providers/jwt"
 	"git.ipao.vip/rogeecn/atom"
 	"git.ipao.vip/rogeecn/atom/container"
 	"git.ipao.vip/rogeecn/atom/contracts"
@@ -11,9 +13,11 @@ import (
 func Provide(opts ...opt.Option) error {
 	if err := container.Container.Provide(func(
 		jwt *jwt.JWT,
 		svc *Service,
 	) (*Controller, error) {
 		obj := &Controller{
 			jwt: jwt,
 			svc: svc,
 		}
 		if err := obj.Prepare(); err != nil {
--- a/backend/app/middlewares/m_check_ua.go
+++ b/backend/app/middlewares/m_check_ua.go
@@ -7,10 +7,14 @@ import (
 )
 func (m *Middlewares) CheckUA(ctx fiber.Ctx) error {
 	if m.app.IsDevMode() {
 		return ctx.Next()
 	}
 	keyword := strings.ToLower("MicroMessenger")
 	userAgent := ctx.GetReqHeaders()["User-Agent"][0]
-	if strings.Contains(userAgent, keyword) {
+	if !strings.Contains(userAgent, keyword) {
 		return ctx.SendString("")
 	}
 	return ctx.Next()
--- a/backend/app/middlewares/m_jwt_parse.go
+++ b/backend/app/middlewares/m_jwt_parse.go
@@ -1,37 +1,27 @@
 package middlewares
 import (
-	"time"
+	"backend/app/consts"
 	"backend/app/errorx"
 	"github.com/gofiber/fiber/v3"
 	log "github.com/sirupsen/logrus"
 )
 func (f *Middlewares) ParseJWT(c fiber.Ctx) error {
-	tokens := c.GetReqHeaders()["Authorization"]
+	token := c.Cookies(consts.TokenTypeUser.String())
-	if len(tokens) == 0 {
+	if token == "" {
-		queryToken := c.Query("token")
+		token = c.Query("token")
-		tokens = []string{queryToken}
+		if token == "" {
 		if len(tokens) == 0 {
 			return c.Next()
 		}
 	}
 	token := tokens[0]
 	claim, err := f.jwt.Parse(token)
 	if err != nil {
-		c.Cookie(&fiber.Cookie{
+		c.ClearCookie(consts.TokenTypeUser.String())
 			Name:     "token",
 			Value:    "",
 			Expires:  time.Now().Add(-1 * time.Hour),
 			HTTPOnly: true,
 		})
 		log.Errorf("failed to parse jwt from token: %s", token)
 		return errorx.Unauthorized
 	}
-	_ = claim
+	c.Locals("claim", claim)
 	return c.Next()
 }
--- a/backend/app/middlewares/m_wechat_auth.go
+++ b/backend/app/middlewares/m_wechat_auth.go
@@ -1,66 +0,0 @@
 package middlewares
 import (
 	"fmt"
 	"strings"
 	"time"
 	"backend/providers/wechat"
 	"github.com/gofiber/fiber/v3"
 	"github.com/pkg/errors"
 	log "github.com/sirupsen/logrus"
 )
 const StatePrefix = "sns_basic_auth"
 func (f *Middlewares) WeChatAuth(c fiber.Ctx) error {
 	log := log.WithField("module", "middleware.AuthUserInfo")
 	log.Debugf("%s, query: %v", c.OriginalURL(), c.Queries())
 	state := c.Query("state")
 	code := c.Query("code")
 	log.Debugf("code: %s, state: %s", code, state)
 	jwtToken := c.Cookies("token")
 	if jwtToken != "" {
 		log.Debugf("jwtToken: %s", jwtToken)
 		if _, err := f.jwt.Parse(jwtToken); err != nil {
 			log.WithError(err).Error("failed to parse jwt token")
 			c.Cookie(&fiber.Cookie{
 				Name:     "token",
 				Value:    "",
 				Expires:  time.Now().Add(-1 * time.Hour),
 				HTTPOnly: true,
 			})
 			return c.Redirect().To(c.Path())
 		}
 	}
 	if state == "" && code == "" {
 		url := string(c.Request().URI().FullURI())
 		url = strings.ReplaceAll(url, "http", "https")
 		url = strings.ReplaceAll(url, c.BaseURL(), *f.app.BaseURI)
 		log.WithField("module", "middleware.SilentAuth").Debug("redirect_uri: ", url)
 		to, err := f.client.ScopeAuthorizeURL(
 			wechat.ScopeAuthorizeURLWithRedirectURI(url),
 			wechat.ScopeAuthorizeURLWithState(fmt.Sprintf("%s_%d", StatePrefix, time.Now().UnixNano())),
 		)
 		if err != nil {
 			return errors.Wrap(err, "failed to get wechat auth url")
 		}
 		log.WithField("module", "middleware.SilentAuth").Debug("redirectTo: ", to.String())
 		return c.Redirect().To(to.String())
 	}
 	if !strings.HasPrefix(state, StatePrefix) || code == "" {
 		return errors.New("invalid request")
 	}
 	return c.Next()
 }
--- a/backend/app/service/http/http.go
+++ b/backend/app/service/http/http.go
@@ -2,11 +2,13 @@ package http
 import (
 	"backend/app/errorx"
 	"backend/app/events/subscribers"
 	"backend/app/jobs"
 	"backend/app/middlewares"
 	"backend/app/service"
 	_ "backend/docs"
 	"backend/providers/app"
 	"backend/providers/event"
 	"backend/providers/hashids"
 	"backend/providers/http"
 	"backend/providers/http/swagger"
@@ -17,7 +19,6 @@ import (
 	"git.ipao.vip/rogeecn/atom"
 	"git.ipao.vip/rogeecn/atom/container"
 	"git.ipao.vip/rogeecn/atom/contracts"
 	"github.com/gofiber/fiber/v3"
 	"github.com/gofiber/fiber/v3/middleware/favicon"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
@@ -31,6 +32,7 @@ func defaultProviders() container.Providers {
 		jwt.DefaultProvider(),
 		hashids.DefaultProvider(),
 		job.DefaultProvider(),
 		event.DefaultProvider(),
 	}...)
 }
@@ -43,6 +45,7 @@ func Command() atom.Option {
 			defaultProviders().
 				With(
 					jobs.Provide,
 					subscribers.Provide,
 				),
 		),
 	)
@@ -70,16 +73,15 @@ func Serve(cmd *cobra.Command, args []string) error {
 			svc.Http.Engine.Get("/swagger/*", swagger.HandlerDefault)
 		}
-		svc.Http.Engine.Get("MP_verify_dEF9kn8rJlBsuLKk.txt", func(c fiber.Ctx) error {
+		// core
 			return c.SendString("dEF9kn8rJlBsuLKk")
 		})
 		svc.Http.Engine.Use(svc.Middlewares.WeChatVerify)
 		svc.Http.Engine.Use(errorx.Middleware)
 		svc.Http.Engine.Use(favicon.New(favicon.Config{
 			Data: []byte{},
 		}))
 		svc.Http.Engine.Use(svc.Middlewares.WeChatVerify)
 		svc.Http.Engine.Use(svc.Middlewares.CheckUA)
 		group := svc.Http.Engine.Group("")
 		for _, route := range svc.Routes {
 			route.Register(group)
--- a/backend/app/service/service.go
+++ b/backend/app/service/service.go
@@ -2,7 +2,6 @@ package service
 import (
 	"backend/providers/app"
 	"backend/providers/event"
 	"git.ipao.vip/rogeecn/atom/container"
 )
@@ -10,6 +9,5 @@ import (
 func Default(providers ...container.ProviderContainer) container.Providers {
 	return append(container.Providers{
 		app.DefaultProvider(),
 		event.DefaultProvider(),
 	}, providers...)
 }
--- a/backend/pkg/f/func.go
+++ b/backend/pkg/f/func.go
@@ -4,6 +4,8 @@ import (
 	"github.com/gofiber/fiber/v3"
 )
 var Func0 = Func
 func Func(f fiber.Handler) fiber.Handler {
 	return f
 }
--- a/backend/providers/wechat/options.go
+++ b/backend/providers/wechat/options.go
@@ -67,3 +67,10 @@ func ScopeAuthorizeURLWithForcePopup() ScopeAuthorizeURLOptions {
 		v.Set("forcePopup", "true")
 	}
 }
 func WithVerifySiteKeyPair(key, value string) Options {
 	return func(we *Client) {
 		we.verifyKey = key
 		we.verifyValue = value
 	}
 }
--- a/backend/providers/wechat/provider.go
+++ b/backend/providers/wechat/provider.go
@@ -22,6 +22,10 @@ type Config struct {
 	Token     string
 	AesKey    string
 	DevMode   bool
 	Verify    struct {
 		Key   string
 		Value string
 	}
 }
 func Provide(opts ...opt.Option) error {
@@ -42,6 +46,7 @@ func Provide(opts ...opt.Option) error {
 			WithAESKey(config.AesKey),
 			WithToken(config.Token),
 			WithClient(httpClient),
 			WithVerifySiteKeyPair(config.Verify.Key, config.Verify.Value),
 		), nil
 	}, o.DiOptions()...)
 }
--- a/backend/providers/wechat/wechat.go
+++ b/backend/providers/wechat/wechat.go
@@ -39,6 +39,9 @@ type Client struct {
 	appSecret string
 	token     string
 	aesKey    string
 	verifyKey   string
 	verifyValue string
 }
 func New(options ...Options) *Client {
@@ -53,6 +56,13 @@ func New(options ...Options) *Client {
 	return we
 }
 func (we *Client) VerifySite(key string) (string, error) {
 	if key == we.verifyKey {
 		return we.verifyValue, nil
 	}
 	return "", errors.New("verify failed")
 }
 func (we *Client) Verify(signature, timestamp, nonce string) error {
 	params := []string{signature, timestamp, nonce, we.token}
 	sort.Strings(params)