diff --git a/constant/constant.go b/constant/constant.go index c1bbf5d..bb1a830 100644 --- a/constant/constant.go +++ b/constant/constant.go @@ -24,3 +24,5 @@ const ( BeKicked int = -5 BeBanned int = -6 ) + +const DefaultSecondAuthValue = "DefaultSecondAuthValue" diff --git a/enforcer.go b/enforcer.go index 590346e..17911de 100644 --- a/enforcer.go +++ b/enforcer.go @@ -422,9 +422,21 @@ func (e *Enforcer) CheckLogin(ctx ctx.Context) error { return nil } +func (e *Enforcer) CheckLoginByToken(token string) error { + _, err := e.GetLoginIdByToken(token) + if err != nil { + return err + } + return nil +} + func (e *Enforcer) GetLoginId(ctx ctx.Context) (string, error) { tokenValue := e.GetRequestToken(ctx) - str := e.GetIdByToken(tokenValue) + return e.GetLoginIdByToken(tokenValue) +} + +func (e *Enforcer) GetLoginIdByToken(token string) (string, error) { + str := e.GetIdByToken(token) if str == "" { return "", errors.New("GetLoginId() failed: not logged in") } @@ -620,3 +632,51 @@ func (e *Enforcer) UpdateSession(id string, session *model.Session) error { func (e *Enforcer) GetTokenConfig() config.TokenConfig { return e.config } + +func (e *Enforcer) OpenSafe(token string, service string, time int64) error { + if time == 0 { + return nil + } + err := e.CheckLoginByToken(token) + if err != nil { + return err + } + err = e.adapter.SetStr(e.spliceSecSafeKey(token, service), constant.DefaultSecondAuthValue, time) + if err != nil { + return err + } + if e.watcher != nil { + e.watcher.OpenSafe(e.loginType, token, service, time) + } + return nil +} + +func (e *Enforcer) IsSafe(token string, service string) bool { + if token == "" { + return false + } + str := e.adapter.GetStr(e.spliceSecSafeKey(token, service)) + return str != "" +} + +func (e *Enforcer) GetSafeTime(token string, service string) int64 { + if token == "" { + return 0 + } + timeout := e.adapter.GetTimeout(e.spliceSecSafeKey(token, service)) + return timeout +} + +func (e *Enforcer) CloseSafe(token string, service string) error { + if token == "" { + return nil + } + err := e.adapter.DeleteStr(e.spliceSecSafeKey(token, service)) + if err != nil { + return err + } + if e.watcher != nil { + e.watcher.CloseSafe(e.loginType, token, service) + } + return nil +} diff --git a/enforcer_interface.go b/enforcer_interface.go index a3b6aad..ee84e2d 100644 --- a/enforcer_interface.go +++ b/enforcer_interface.go @@ -37,8 +37,10 @@ type IEnforcer interface { IsLoginByToken(token string) (bool, error) IsLoginById(id string) (bool, error) CheckLogin(ctx ctx.Context) error + CheckLoginByToken(token string) error GetLoginId(ctx ctx.Context) (string, error) + GetLoginIdByToken(token string) (string, error) GetIdByToken(token string) string GetLoginCount(id string) int @@ -52,6 +54,12 @@ type IEnforcer interface { GetBannedLevel(id string, service string) (int64, error) GetBannedTime(id string, service string) int64 + // Second auth api + OpenSafe(token string, service string, time int64) error + IsSafe(token string, service string) bool + GetSafeTime(token string, service string) int64 + CloseSafe(token string, service string) error + GetRequestToken(ctx ctx.Context) string AddTokenGenerateFun(tokenStyle string, f model.GenerateFunc) error diff --git a/enforcer_internal_api.go b/enforcer_internal_api.go index 819b5be..882de6a 100644 --- a/enforcer_internal_api.go +++ b/enforcer_internal_api.go @@ -125,6 +125,10 @@ func (e *Enforcer) spliceBannedKey(id string, service string) string { return e.config.TokenName + ":" + e.loginType + ":ban:" + service + ":" + id } +func (e *Enforcer) spliceSecSafeKey(token string, service string) string { + return e.config.TokenName + ":" + e.loginType + ":safe:" + service + ":" + token +} + func (e *Enforcer) SetJwtSecretKey(key string) { e.config.JwtSecretKey = key } diff --git a/enforcer_test.go b/enforcer_test.go index 3816331..722ce9c 100644 --- a/enforcer_test.go +++ b/enforcer_test.go @@ -471,3 +471,31 @@ func TestEnforcer_GetBannedTime(t *testing.T) { t.Logf("banned time = %v", enforcer.GetBannedTime("1", "comment")) } + +func TestEnforcer_SecSafe(t *testing.T) { + err, enforcer, _ := NewTestEnforcer(t) + if err != nil { + t.Fatalf("NewTestEnforcer() failed: %v", err) + } + tokenValue, err := enforcer.LoginById("1") + if err != nil { + t.Fatalf("LoginById() failed: %v", err) + } + service := "default_service" + err = enforcer.OpenSafe(tokenValue, service, 600000) + if err != nil { + t.Fatalf("OpenSafe() failed: %v", err) + } + isSafe := enforcer.IsSafe(tokenValue, service) + if !isSafe { + t.Fatalf("IsSafe() failed, unexpected return value: %v", isSafe) + } + err = enforcer.CloseSafe(tokenValue, service) + if err != nil { + t.Fatalf("CloseSafe() failed: %v", err) + } + isSafe = enforcer.IsSafe(tokenValue, service) + if isSafe { + t.Fatalf("IsSafe() failed, unexpected return value: %v", isSafe) + } +} diff --git a/log/default_logger.go b/log/default_logger.go index 8e92041..5eb77da 100644 --- a/log/default_logger.go +++ b/log/default_logger.go @@ -73,3 +73,17 @@ func (d *DefaultLogger) RefreshToken(tokenValue string, id interface{}, timeout } log.Printf("RefreshToken: loginId = %v, tokenValue = %v, timeout = %v", id, tokenValue, timeout) } + +func (d *DefaultLogger) OpenSafe(loginType string, token string, service string, time int64) { + if !d.enable { + return + } + log.Printf("OpenSafe: loginType = %v, tokenValue = %v, service = %v, timeout = %v ", loginType, token, service, time) +} + +func (d *DefaultLogger) CloseSafe(loginType string, token string, service string) { + if !d.enable { + return + } + log.Printf("CloseSafe: loginType = %v, tokenValue = %v, service = %v ", loginType, token, service) +} diff --git a/persist/watcher.go b/persist/watcher.go index b50365d..63786a5 100644 --- a/persist/watcher.go +++ b/persist/watcher.go @@ -18,4 +18,8 @@ type Watcher interface { UnBan(loginType string, id interface{}, service string) // RefreshToken called when renew token timeout RefreshToken(tokenValue string, id interface{}, timeout int64) + // OpenSafe called when open second auth + OpenSafe(loginType string, token string, service string, time int64) + // CloseSafe called when close second auth + CloseSafe(loginType string, token string, service string) }