123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299 |
- package bootstrap
- import (
- "crypto/md5"
- "encoding/hex"
- "fmt"
- "io"
- "io/fs"
- "os"
- "path/filepath"
- "rtzh_elec_temperature/enum"
- "rtzh_elec_temperature/test"
- "net"
- "net/url"
- "rtzh_elec_temperature/arrayex"
- "rtzh_elec_temperature/conf"
- "rtzh_elec_temperature/controllers"
- "rtzh_elec_temperature/db"
- "rtzh_elec_temperature/global"
- "rtzh_elec_temperature/logger"
- "rtzh_elec_temperature/models/bo"
- "rtzh_elec_temperature/monitor"
- "rtzh_elec_temperature/mqtt"
- "rtzh_elec_temperature/rtelec_app_public_lib/service"
- "rtzh_elec_temperature/sms"
- "rtzh_elec_temperature/tools"
- "rtzh_elec_temperature/upgrade"
- "runtime"
- "sort"
- "strconv"
- "strings"
- "time"
- "github.com/astaxie/beego/context"
- "github.com/astaxie/beego"
- "github.com/gin-gonic/gin"
- )
- func Run() {
- logger.Logger.Init()
- logger.Logger.Println("****** 当前操作系统:" + string(runtime.GOOS) + " " + runtime.GOARCH + " ******")
- conf.LoadAppConf()
- dbtype := tools.IsEmpty(conf.GlobalConfig["dbtype"])
- runmode := tools.IsEmpty(conf.GlobalConfig["runmode"])
- if dbtype == "" || dbtype == "mysql" {
- db.ConnDB("conf/mysql-" + runmode + ".cnf")
- } else if dbtype == "sqlite" {
- db.ConnSqlite("conf/sqlite-" + runmode + ".cnf")
- }
- //连接mqtt
- go mqtt.Start()
- go bo.LoadSysParam()
- go monitor.StartDataMonitor()
- //初始化短信对象
- go sms.StartSms()
- //启动与管理app的服务
- service.RtelecManageApp()
- //启动WS数据接收进程
- go controllers.ReceiveData()
- //启动WS数据发送进程
- go controllers.SendData()
- if conf.GlobalConfig["wsport"] != "" {
- logger.Logger.Println("WS服务 Listen:" + conf.GlobalConfig["wsport"])
- var g1 = func() {
- r := gin.New()
- r.GET("/", controllers.WebSocketBase)
- err := r.Run(":" + conf.GlobalConfig["wsport"])
- if err != nil {
- return
- }
- }
- go g1()
- }
- beego.SetLevel(beego.LevelDebug)
- //启动web服务
- beego.SetStaticPath("/", "static/login.html")
- beego.SetStaticPath("/login", "static/login.html")
- beego.SetStaticPath("/logout", "static/login.html")
- beego.SetStaticPath("/swagger", "/static/swagger/index.html")
- beego.InsertFilter("/api/*", beego.BeforeRouter, AuthFilter)
- logger.Logger.Println("****** 当前程序运行版本:" + upgrade.GetVersion() + " 运行环境:" + runmode + " ******")
- logger.Logger.Println("如果需要重新生成api接口文档,终端运行生成命令:bee run -gendoc=true -downdoc=true")
- go func() {
- //将生成的swagger文件复制到web目录下
- dirchar := string(os.PathSeparator)
- swaggerdir, err := os.Stat("." + dirchar + "swagger")
- if os.IsNotExist(err) {
- //项目中没有启用swagger时,不处理
- return
- }
- if swaggerdir.IsDir() {
- filepath.Walk("."+dirchar+"swagger", func(pathitem string, info fs.FileInfo, err error) error {
- if info.IsDir() {
- return nil
- }
- src, _ := os.Open(pathitem)
- defer src.Close()
- dst, _ := os.Create("." + dirchar + "static" + dirchar + "swagger" + dirchar + info.Name())
- defer dst.Close()
- io.Copy(dst, src)
- return nil
- })
- }
- }()
- //根据配置的运行模型启动单元测试
- test.Start("testtoken")
- if conf.GlobalConfig["enablehttps"] == "true" {
- logger.Logger.Println("启动应用" + conf.GlobalConfig["appname"] + "端口号:" + conf.GlobalConfig["httpsport"])
- beego.Run()
- } else {
- if conf.GlobalConfig["appport"] != "" {
- logger.Logger.Println("启动应用" + conf.GlobalConfig["appname"] + "端口号:" + conf.GlobalConfig["appport"])
- beego.Run(":" + conf.GlobalConfig["appport"])
- }
- }
- }
- var AuthFilter = func(ctx *context.Context) {
- ip := ctx.Request.Header.Get("X-Real-IP")
- if net.ParseIP(ip) == nil {
- ips := ctx.Request.Header.Get("X-Forward-For")
- for _, i := range strings.Split(ips, ",") {
- if net.ParseIP(i) != nil {
- ip = i
- break
- }
- }
- if ip == "" {
- ip, _, _ = net.SplitHostPort(ctx.Request.RemoteAddr)
- }
- }
- if ip != "" {
- //当前IP是否需要检查访问授权,默认为需要
- isCheckThisIP := true
- if _, exist := global.AccessedIpsList.Load(ip); exist {
- //IP已经访问过系统,则无需检查
- isCheckThisIP = false
- }
- if isCheckThisIP && global.AllowAccessIps != "*" {
- //判断当前客户端是否在允许范围内
- ips := strings.Split(global.AllowAccessIps, ",")
- allowLogin := false
- for _, iplimt := range ips {
- if iplimt == ip {
- allowLogin = true
- break
- }
- tmppos := strings.Index(iplimt, ".*")
- if tmppos > 1 {
- //ip段
- if len(ip) < tmppos {
- continue
- }
- if ip[:tmppos] == iplimt[:tmppos] {
- allowLogin = true
- break
- }
- }
- }
- if !allowLogin {
- userInfo := map[string]interface{}{}
- userInfo["ip"] = ip
- userInfo["name"] = "访问控制"
- new(bo.SystemLog).Fail(enum.AuditType_Client, enum.LogType_commit, enum.OptEventType_System, enum.OptEventLevel_Hight, fmt.Sprintf("未授权终端(IP:%s)尝试访问系统被拦截", ip), userInfo)
- //c.Data["json"] = c.WarpError("系统限制:未授权的访问!")
- //c.ServeJSON()
- ctx.Redirect(430, "/static/430.html")
- return
- }
- }
- //将IP缓存到允许队列中,如果更改了允许访问的IP配置时,需要重新初始化该队列
- global.AccessedIpsList.Store(ip, "allow")
- }
- logger.Logger.Debug(fmt.Sprintf("接收到请求URL:%s", ctx.Request.RequestURI))
- u, err := url.Parse(strings.ReplaceAll(ctx.Request.RequestURI, "//", "/"))
- if err != nil {
- ctx.Redirect(500, "/error")
- return
- }
- uri := strings.ToLower(u.Path)
- if uri == "/api/logout" || uri == "/api/version" || arrayex.IndexOf(global.NoAuthRouter, uri) > -1 {
- return
- }
- var token string
- token = ctx.Request.Header.Get("Authorization")
- if token == "" {
- logger.Logger.Println("token标识缺失")
- ctx.ResponseWriter.WriteHeader(401)
- //ctx.Redirect(401, "/login")
- return
- }
- //单元测试模式时,不做校验
- if conf.GlobalConfig["unittest"] == "true" && token == test.UnitTestToken {
- return
- }
- token = strings.ReplaceAll(strings.ReplaceAll(token, "Bearer ", ""), " ", "")
- if token == "" {
- logger.Logger.Println("token标识无效")
- ctx.ResponseWriter.WriteHeader(401)
- //ctx.Redirect(301, "/login")
- return
- }
- //验证请求时间戳和随机数,防数据重放
- tim := ctx.Request.Header.Get("auth_time")
- if tim == "" {
- logger.Logger.Println("auth_time标识缺失")
- ctx.ResponseWriter.WriteHeader(401)
- //ctx.Redirect(301, "/login")
- return
- }
- nowhaomiao := time.Now().Unix()
- tim2 := tim[0:10]
- timint, er := strconv.Atoi(tim2)
- //接口请求有效时长为10秒内
- if er != nil || (int(nowhaomiao)-timint) > 10000 {
- logger.Logger.Println("接口请求超时" + tim2 + ":" + strconv.Itoa(int(nowhaomiao)))
- ctx.ResponseWriter.WriteHeader(401)
- //ctx.Redirect(301, "/login")
- return
- }
- nonce := ctx.Request.Header.Get("auth_nonce")
- if nonce == "" {
- logger.Logger.Println("auth_nonce标识缺失")
- ctx.ResponseWriter.WriteHeader(401)
- //ctx.Redirect(301, "/login")
- return
- }
- kv, has := global.GoCahce.Get(nonce)
- if has == true || kv != nil {
- logger.Logger.Println("auth_nonce已存在,本次请求可能是接口重放攻击")
- ctx.ResponseWriter.WriteHeader(401)
- //ctx.Redirect(301, "/login")
- return
- }
- sign := ctx.Request.Header.Get("sign")
- if sign == "" {
- logger.Logger.Println("签名缺失")
- ctx.ResponseWriter.WriteHeader(401)
- //ctx.Redirect(301, "/login")
- return
- }
- //获取请求的所有参数,并进行签名对比,防数据篡改
- //获取请求的所有参数,并进行签名对比,防数据篡改
- signParalist := map[string]string{"auth_time": tim, "auth_nonce": nonce}
- reqPara1 := ctx.Request.URL.Query()
- for k, _ := range reqPara1 {
- signParalist[(k)] = tools.IsEmpty(reqPara1[k][0])
- }
- if ctx.Request.MultipartForm == nil || len(ctx.Request.MultipartForm.File) == 0 {
- reqPara2 := ctx.Request.PostForm
- for k, _ := range reqPara2 {
- signParalist[(k)] = tools.IsEmpty(reqPara2[k][0])
- }
- }
- var entiy []string
- var keys []string
- for key := range signParalist {
- keys = append(keys, (key))
- }
- sort.Stable(sort.StringSlice(keys))
- for _, name := range keys {
- /*tmpStr := url.QueryEscape(signParalist[name])
- tmpStr = strings.ReplaceAll(tmpStr, "%28", "(")
- tmpStr = strings.ReplaceAll(tmpStr, "%29", ")")*/
- entiy = append(entiy, name+"="+signParalist[name])
- }
- newParalist := strings.Join(entiy, "&") // + token
- h := md5.New()
- h.Write([]byte(newParalist))
- cipherStr := h.Sum(nil)
- signstr := hex.EncodeToString(cipherStr) // 输出加密结果
- if sign != signstr {
- logger.Logger.Println("签名不一致。原始签名:" + sign + " 后台签名:" + signstr)
- logger.Logger.Println(fmt.Sprintf("签名参数:%+v", newParalist))
- ctx.ResponseWriter.WriteHeader(401)
- //ctx.Redirect(401, "/login")
- return
- }
- //请求验证全部通过,更新session
- /*
- err = bo.UpdateSession(token)
- if err != nil {
- if uri != "/login" {
- ctx.ResponseWriter.WriteHeader(401)
- //ctx.Redirect(401, "/login")
- }
- return
- }*/
- //本次接口分配的随机数,10秒内过期
- global.GoCahce.Set(nonce, nonce, 10*time.Second)
- }
|