添加ldap。

dmhao · Aug 16, 2020 · 4589936 · 4589936
1 parent 9802420
commit 4589936
Show file tree

Hide file tree

Showing 7 changed files with 179 additions and 57 deletions.
diff --git a/config/db.sql b/config/db.sql
@@ -78,6 +78,17 @@ INSERT INTO `casbin_rule`(`p_type`, `v0`, `v1`, `v2`, `v3`, `v4`, `v5`) VALUES (
 INSERT INTO `casbin_rule`(`p_type`, `v0`, `v1`, `v2`, `v3`, `v4`, `v5`) VALUES ('p', 'admin', '/api/v1/work-order/inversion', 'POST', NULL, NULL, NULL);
 INSERT INTO `casbin_rule`(`p_type`, `v0`, `v1`, `v2`, `v3`, `v4`, `v5`) VALUES ('p', 'admin', '/api/v1/dashboard', 'GET', NULL, NULL, NULL);
 INSERT INTO `casbin_rule`(`p_type`, `v0`, `v1`, `v2`, `v3`, `v4`, `v5`) VALUES ('p', 'admin', '/api/v1/work-order/urge', 'GET', NULL, NULL, NULL);
+INSERT INTO `casbin_rule`(`p_type`, `v0`, `v1`, `v2`, `v3`, `v4`, `v5`) VALUES ('p', 'common', '/api/v1/user/profile', 'GET', NULL, NULL, NULL);
+INSERT INTO `casbin_rule`(`p_type`, `v0`, `v1`, `v2`, `v3`, `v4`, `v5`) VALUES ('p', 'common', '/api/v1/menurole', 'GET', NULL, NULL, NULL);
+INSERT INTO `casbin_rule`(`p_type`, `v0`, `v1`, `v2`, `v3`, `v4`, `v5`) VALUES ('p', 'common', '/api/v1/menuTreeselect', 'GET', NULL, NULL, NULL);
+INSERT INTO `casbin_rule`(`p_type`, `v0`, `v1`, `v2`, `v3`, `v4`, `v5`) VALUES ('p', 'common', '/api/v1/menuids', 'GET', NULL, NULL, NULL);
+INSERT INTO `casbin_rule`(`p_type`, `v0`, `v1`, `v2`, `v3`, `v4`, `v5`) VALUES ('p', 'common', '/api/v1/getinfo', 'GET', NULL, NULL, NULL);
+INSERT INTO `casbin_rule`(`p_type`, `v0`, `v1`, `v2`, `v3`, `v4`, `v5`) VALUES ('p', 'common', '/api/v1/roleDeptTreeselect/:id', 'GET', NULL, NULL, NULL);
+INSERT INTO `casbin_rule`(`p_type`, `v0`, `v1`, `v2`, `v3`, `v4`, `v5`) VALUES ('p', 'common', '/api/v1/deptTree', 'GET', NULL, NULL, NULL);
+INSERT INTO `casbin_rule`(`p_type`, `v0`, `v1`, `v2`, `v3`, `v4`, `v5`) VALUES ('p', 'common', '/api/v1/logout', 'POST', NULL, NULL, NULL);
+INSERT INTO `casbin_rule`(`p_type`, `v0`, `v1`, `v2`, `v3`, `v4`, `v5`) VALUES ('p', 'common', '/api/v1/user/avatar', 'POST', NULL, NULL, NULL);
+INSERT INTO `casbin_rule`(`p_type`, `v0`, `v1`, `v2`, `v3`, `v4`, `v5`) VALUES ('p', 'common', '/api/v1/user/pwd', 'PUT', NULL, NULL, NULL;
+INSERT INTO `casbin_rule`(`p_type`, `v0`, `v1`, `v2`, `v3`, `v4`, `v5`) VALUES ('p', 'common', '/api/v1/dashboard', 'GET', NULL, NULL, NULL);
 COMMIT;
 
 BEGIN;
@@ -430,6 +441,22 @@ INSERT INTO `sys_role_menu`(`role_id`, `menu_id`, `role_name`, `create_by`, `upd
 INSERT INTO `sys_role_menu`(`role_id`, `menu_id`, `role_name`, `create_by`, `update_by`) VALUES (1, 344, 'admin', NULL, NULL);
 INSERT INTO `sys_role_menu`(`role_id`, `menu_id`, `role_name`, `create_by`, `update_by`) VALUES (1, 350, 'admin', NULL, NULL);
 INSERT INTO `sys_role_menu`(`role_id`, `menu_id`, `role_name`, `create_by`, `update_by`) VALUES (1, 351, 'admin', NULL, NULL);
+INSERT INTO `sys_role_menu`(`role_id`, `menu_id`, `role_name`, `create_by`, `update_by`) VALUES (2, 63, 'common', NULL, NULL);
+INSERT INTO `sys_role_menu`(`role_id`, `menu_id`, `role_name`, `create_by`, `update_by`) VALUES (2, 80, 'common', NULL, NULL);
+INSERT INTO `sys_role_menu`(`role_id`, `menu_id`, `role_name`, `create_by`, `update_by`) VALUES (2, 92, 'common', NULL, NULL);
+INSERT INTO `sys_role_menu`(`role_id`, `menu_id`, `role_name`, `create_by`, `update_by`) VALUES (2, 94, 'common', NULL, NULL);
+INSERT INTO `sys_role_menu`(`role_id`, `menu_id`, `role_name`, `create_by`, `update_by`) VALUES (2, 142, 'common', NULL, NULL);
+INSERT INTO `sys_role_menu`(`role_id`, `menu_id`, `role_name`, `create_by`, `update_by`) VALUES (2, 201, 'common', NULL, NULL);
+INSERT INTO `sys_role_menu`(`role_id`, `menu_id`, `role_name`, `create_by`, `update_by`) VALUES (2, 252, 'common', NULL, NULL);
+INSERT INTO `sys_role_menu`(`role_id`, `menu_id`, `role_name`, `create_by`, `update_by`) VALUES (2, 254, 'common', NULL, NULL);
+INSERT INTO `sys_role_menu`(`role_id`, `menu_id`, `role_name`, `create_by`, `update_by`) VALUES (2, 255, 'common', NULL, NULL);
+INSERT INTO `sys_role_menu`(`role_id`, `menu_id`, `role_name`, `create_by`, `update_by`) VALUES (2, 256, 'common', NULL, NULL);
+INSERT INTO `sys_role_menu`(`role_id`, `menu_id`, `role_name`, `create_by`, `update_by`) VALUES (2, 258, 'common', NULL, NULL);
+INSERT INTO `sys_role_menu`(`role_id`, `menu_id`, `role_name`, `create_by`, `update_by`) VALUES (2, 259, 'common', NULL, NULL);
+INSERT INTO `sys_role_menu`(`role_id`, `menu_id`, `role_name`, `create_by`, `update_by`) VALUES (2, 260, 'common', NULL, NULL);
+INSERT INTO `sys_role_menu`(`role_id`, `menu_id`, `role_name`, `create_by`, `update_by`) VALUES (2, 267, 'common', NULL, NULL);
+INSERT INTO `sys_role_menu`(`role_id`, `menu_id`, `role_name`, `create_by`, `update_by`) VALUES (2, 280, 'common', NULL, NULL);
+INSERT INTO `sys_role_menu`(`role_id`, `menu_id`, `role_name`, `create_by`, `update_by`) VALUES (2, 344, 'common', NULL, NULL);
 COMMIT;
 
 BEGIN;

diff --git a/config/settings.dev.yml b/config/settings.dev.yml
@@ -32,7 +32,8 @@ settings:
     secret: ferry
     timeout: 3600
   ldap:
-    host: 127.0.0.1
+    basedn: dc=fdevops,dc=com
+    host: localhost
     port: 389
   log:
     compress: 1

diff --git a/config/settings.yml b/config/settings.yml
@@ -40,6 +40,7 @@ settings:
   ldap:
     host: 127.0.0.1
     port: 389
+    basedn: dc=fdevops,dc=com
   log:
     compress: 1
     consolestdout: 1

diff --git a/pkg/jwtauth/jwtauth.go b/pkg/jwtauth/jwtauth.go
@@ -3,6 +3,8 @@ package jwtauth
 import (
 	"crypto/rsa"
 	"errors"
+	"ferry/global/orm"
+	"ferry/pkg/ldap"
 	config2 "ferry/tools/config"
 	"io/ioutil"
 	"net/http"
@@ -205,7 +207,6 @@ var (
 
 	NiceKey = "nice"
 
-	RKey      = "r"
 	RoleIdKey = "roleid"
 
 	RoleKey = "rolekey"
@@ -433,16 +434,79 @@ func (mw *GinJWTMiddleware) GetClaimsFromJWT(c *gin.Context) (MapClaims, error)
 // Payload needs to be json in the form of {"username": "USERNAME", "password": "PASSWORD"}.
 // Reply will be of the form {"token": "TOKEN"}.
 func (mw *GinJWTMiddleware) LoginHandler(c *gin.Context) {
-	if mw.Authenticator == nil {
-		mw.unauthorized(c, http.StatusInternalServerError, mw.HTTPStatusMessageFunc(ErrMissingAuthenticatorFunc, c))
-		return
-	}
+	var (
+		data interface{}
+		err  error
+	)
+
+	loginType := c.DefaultQuery("login_type", "0")
+
+	if loginType == "0" {
+		// 普通登陆
+		if mw.Authenticator == nil {
+			mw.unauthorized(c, http.StatusInternalServerError, mw.HTTPStatusMessageFunc(ErrMissingAuthenticatorFunc, c))
+			return
+		}
 
-	data, err := mw.Authenticator(c)
+		data, err = mw.Authenticator(c)
 
-	if err != nil {
-		mw.unauthorized(c, 400, mw.HTTPStatusMessageFunc(err, c))
-		return
+		if err != nil {
+			mw.unauthorized(c, 400, mw.HTTPStatusMessageFunc(err, c))
+			return
+		}
+	} else {
+		// ldap登陆
+		// 1. 获取ldap用户信息
+		var (
+			roleValue struct {
+				RoleId int `json:"role_id"`
+			}
+			authUserCount int
+			l             = ldap.Connection{}
+			userInfo      struct {
+				Username string `json:"username"`
+				Password string `json:"password"`
+			}
+			addUserInfo struct {
+				Username string `json:"username"`
+				RoleId   int    `json:"role_id"`
+			}
+		)
+		err = c.ShouldBind(&userInfo)
+		if err != nil {
+			mw.unauthorized(c, -1, mw.HTTPStatusMessageFunc(err, c))
+			return
+		}
+		err = l.LdapLogin(userInfo.Username, userInfo.Password)
+		if err != nil {
+			mw.unauthorized(c, -1, mw.HTTPStatusMessageFunc(err, c))
+			return
+		}
+		// 2. 将ldap用户信息写入到用户数据表中
+		err = orm.Eloquent.Table("sys_user").
+			Where("username = ?", userInfo.Username).
+			Count(&authUserCount).Error
+		if err != nil {
+			mw.unauthorized(c, -1, mw.HTTPStatusMessageFunc(err, c))
+			return
+		}
+		if authUserCount == 0 {
+			addUserInfo.Username = userInfo.Username
+			// 获取默认权限ID
+			err = orm.Eloquent.Table("sys_role").Where("role_key = 'common'").Scan(&roleValue).Error
+			if err != nil {
+				mw.unauthorized(c, -1, mw.HTTPStatusMessageFunc(err, c))
+				return
+			}
+			addUserInfo.RoleId = roleValue.RoleId // 绑定通用角色
+			err = orm.Eloquent.Table("sys_user").Create(&addUserInfo).Error
+			if err != nil {
+				mw.unauthorized(c, -1, mw.HTTPStatusMessageFunc(err, c))
+				return
+			}
+		}
+
+		// 3. 获取
 	}
 
 	// Create the token

diff --git a/pkg/ldap/connection.go b/pkg/ldap/connection.go
@@ -0,0 +1,48 @@
+package ldap
+
+import (
+	"crypto/tls"
+	"ferry/pkg/logger"
+	"fmt"
+	"time"
+
+	"github.com/spf13/viper"
+
+	"github.com/go-ldap/ldap/v3"
+)
+
+/*
+  @Author : lanyulei
+*/
+
+type Connection struct {
+	Conn *ldap.Conn
+}
+
+// ldap连接
+func (c *Connection) ldapConnection() (err error) {
+	var ldapConn = fmt.Sprintf("%v:%v", viper.GetString("settings.ldap.host"), viper.GetString("settings.ldap.port"))
+
+	if viper.GetInt("settings.ldap.port") == 636 {
+		c.Conn, err = ldap.DialTLS(
+			"tcp",
+			ldapConn,
+			&tls.Config{InsecureSkipVerify: true},
+		)
+	} else {
+		c.Conn, err = ldap.Dial(
+			"tcp",
+			ldapConn,
+		)
+	}
+
+	if err != nil {
+		logger.Errorf("无法连接到ldap服务器，%v", err)
+		return
+	}
+
+	//设置超时时间
+	c.Conn.SetTimeout(5 * time.Second)
+
+	return
+}
diff --git a/pkg/ldap/login.go b/pkg/ldap/login.go
@@ -0,0 +1,28 @@
+package ldap
+
+import (
+	"ferry/pkg/logger"
+	"fmt"
+
+	"github.com/spf13/viper"
+)
+
+/*
+  @Author : lanyulei
+*/
+
+func (c *Connection) LdapLogin(username string, password string) (err error) {
+	err = c.ldapConnection()
+	if err != nil {
+		return
+	}
+	defer c.Conn.Close()
+
+	err = c.Conn.Bind(fmt.Sprintf("cn=%v,%v", username, viper.GetString("settings.ldap.baseDn")), password)
+	if err != nil {
+		logger.Error("用户或密码错误。", err)
+		return
+	}
+
+	return
+}
diff --git a/test/gen_test.go b/test/gen_test.go