From 27606704e55949f642ff2e25b60f32bf23ab0ea4 Mon Sep 17 00:00:00 2001
From: dongth <dongth@daymele.com>
Date: Wed, 31 Jul 2024 15:47:50 +0800
Subject: [PATCH] =?UTF-8?q?=E4=B8=8A=E4=BC=A0=E6=96=87=E4=BB=B6=E8=87=B3?=
 =?UTF-8?q?=20route?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 route/jwt.go   | 100 +++++++++++++++++++
 route/url.go   |  51 ++++++++++
 route/wxapp.go | 260 +++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 411 insertions(+)
 create mode 100644 route/jwt.go
 create mode 100644 route/url.go
 create mode 100644 route/wxapp.go

diff --git a/route/jwt.go b/route/jwt.go
new file mode 100644
index 0000000..7cbe8b0
--- /dev/null
+++ b/route/jwt.go
@@ -0,0 +1,100 @@
+package route
+
+import (
+	"errors"
+	"net/http"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"github.com/golang-jwt/jwt"
+	"github.com/shockliu/logger"
+)
+
+var (
+	jwtSecret = []byte("www.cnrehab.cn")
+)
+
+type devClaims struct {
+	User int `json:"user"` // 用户
+	jwt.StandardClaims
+}
+
+func CreateToken(user int) string {
+	// 生成token
+	claims := devClaims{
+		User: user,
+		StandardClaims: jwt.StandardClaims{
+			NotBefore: int64(time.Now().Unix() - 10), // 签名生效时间
+			// ExpiresAt: int64(time.Now().Unix() + 14*24*3600), // 签名过期时间
+			ExpiresAt: int64(time.Now().Unix() + 6*3600), // 签名过期时间
+			Issuer:    "cnrehab.cn",                     // 签名颁发者
+		},
+	}
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	ts, err := token.SignedString(jwtSecret)
+	if err != nil {
+		logger.Error(err.Error())
+		return ""
+	}
+	return ts
+}
+
+// midware for token-auth
+func TokenAuth() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		ts := c.Request.Header.Get("Token")
+		if ts == "" {
+			logger.Warnf("请求未携带Token,无访问权限")
+			c.JSON(http.StatusOK, gin.H{
+				"code": 90001,
+				"msg":  "请求未携带Token,无访问权限",
+			})
+			c.Abort()
+			return
+		}
+		// 解析token
+		claims, err := parseToken(ts)
+		if err == nil {
+			//fmt.Println("ParseToken:",claims)
+			c.Set("TK_User", claims.User)
+			return
+		} else {
+			// expired
+			logger.Warnf("Token失效,请重新登录")
+			logger.Debugf("测试token-1:%s\n", CreateToken(1))
+			c.JSON(http.StatusOK, gin.H{
+				"code": 90001,
+				"msg":  "Token失效,请重新登录",
+			})
+			c.Abort()
+		}
+	}
+}
+
+/*
+   解析token
+*/
+func parseToken(tokenstring string) (*devClaims, error) {
+	token, err := jwt.ParseWithClaims(tokenstring, &devClaims{}, func(token *jwt.Token) (any, error) {
+		return jwtSecret, nil
+	})
+	if err != nil {
+		return nil, errors.New("Token不可用")
+	}
+	if claims, ok := token.Claims.(*devClaims); ok && token.Valid {
+		//fmt.Println("ParseToken:",claims,ok)
+		return claims, nil
+	}
+	return nil, errors.New("token无效")
+}
+
+func FreshToken(c *gin.Context) {
+	user := c.MustGet("TK_User").(int)
+	ts := CreateToken(user)
+	logger.Debugf("刷新Token成功:%d-%s\n", user, ts)
+	c.JSON(http.StatusOK, gin.H{
+		"code":  0,
+		"token": ts,
+	})
+}
diff --git a/route/url.go b/route/url.go
new file mode 100644
index 0000000..289dbb3
--- /dev/null
+++ b/route/url.go
@@ -0,0 +1,51 @@
+package route
+
+import (
+	"hc/weapp"
+
+	"github.com/gin-gonic/gin"
+)
+
+func Route(r *gin.Engine) {
+	/*
+		r.POST("/wxlogin", WxLogin) // 小程序登录
+		r.POST("/getUser", GetUserInfo)
+		r.POST("/updateUser", UpdateUser)
+		r.POST("/unlinkdev", weapp.UnlinkDev)
+		r.POST("/binddev", weapp.BindDev)
+		r.POST("/devlist", weapp.DevList)
+		r.POST("/getPlan", weapp.PlanList)
+		r.POST("/trainHistory", weapp.TrainHistory)
+		r.POST("/updatePlan", weapp.UpdatePlan)
+		r.POST("/trainResult", weapp.TrainResult)
+		r.POST("/actionList", weapp.ActionList)
+		r.POST("/actionDetail", weapp.ActionDetail)
+	*/
+	r.POST("/wxlogin", WxLogin) // 小程序登录
+	r.POST("/opt", weapp.Opt)   // 数据库操作
+
+	r.POST("/anayResult", weapp.AnalyseResult)
+	r.POST("notify", weapp.ReportNotify)
+	// 鉴权接口
+	r.Use(TokenAuth())
+	{
+		// user
+		r.POST("/modifyPwd", ModifyPasswd)
+		r.POST("/freshToken", FreshToken)
+		r.POST("/wxlogout", WxLogout) // 维护小程序退出登录
+
+		r.POST("/getUser", GetUserInfo)
+		r.POST("/updateUser", UpdateUser)
+		r.POST("/unlinkdev", weapp.UnlinkDev)
+		r.POST("/binddev", weapp.BindDev)
+		r.POST("/devlist", weapp.DevList)
+		r.POST("/getPlan", weapp.PlanList)
+		r.POST("/trainHistory", weapp.TrainHistory)
+		r.POST("/updatePlan", weapp.UpdatePlan)
+		r.POST("/trainResult", weapp.TrainResult)
+		r.POST("/actionList", weapp.ActionList)
+		r.POST("/actionDetail", weapp.ActionDetail)
+		r.POST("/createTrain", weapp.CreateTrain)
+		r.POST("/uploadAction", weapp.UploadAction)
+	}
+}
diff --git a/route/wxapp.go b/route/wxapp.go
new file mode 100644
index 0000000..dcdc312
--- /dev/null
+++ b/route/wxapp.go
@@ -0,0 +1,260 @@
+package route
+
+import (
+	"fmt"
+	"hc/dbop"
+	"hc/weapp"
+	"net/http"
+	"strconv"
+
+	"github.com/gin-gonic/gin"
+	"github.com/shockliu/logger"
+)
+
+func WxLogin(c *gin.Context) {
+	type tmp struct {
+		Code string `json:"code"`
+	}
+	var data tmp
+
+	if err := c.ShouldBindJSON(&data); err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"code": -1,
+			"msg":  err.Error(),
+		})
+		return
+	}
+	session, openid, unionid, ok := weapp.GetAuth(data.Code)
+	//logger.Debugf("openid:%s , unionid:%s", openid, unionid)
+	if !ok {
+		c.JSON(http.StatusOK, gin.H{
+			"code": -1,
+			"msg":  "鉴权失败",
+		})
+		return
+	}
+
+	id := dbop.GetUserId(openid, unionid)
+
+	if id < 0 { //新用户
+
+		ts, err := dbop.MDb.Begin()
+
+		_, err = ts.Exec("insert into user_account (open_id,user_name,opendate,dept_id) values (?,?,now(),100)", openid, "小程序用户")
+		if err != nil {
+			c.JSON(http.StatusOK, gin.H{
+				"code": -1,
+				"msg":  "用户访问失败",
+			})
+			return
+		}
+		id = dbop.GetUserId(openid, unionid)
+
+		//自动添加训练计划
+		_, err = ts.Exec("insert into user_plan (user_id,play_type,action_id,action_seri,creat_time,action_dur) values (?,2,?,?,now(),?), (?,2,?,?,now(),?), (?,2,?,?,now(),?) ,(?,2,?,?,now(),?), (?,2,?,?,now(),?);", id, 1, 1, 300, id, 5, 2, 300, id, 6, 3, 120, id, 7, 3, 120, id, 11, 5, 300)
+		if err != nil {
+			ts.Rollback()
+			c.JSON(http.StatusOK, gin.H{
+				"code": -1,
+				"msg":  err.Error(),
+			})
+			logger.Debugf(err.Error())
+			return
+		}
+
+		_, err = ts.Exec("insert into user_actplan (user_id,action_type,freq_type,relax_time,creat_time,modify_time,last_reviser) values (?,2,?,?,now(),now(),?);", id, "每周五次", 30, "系统")
+		if err != nil {
+			ts.Rollback()
+			c.JSON(http.StatusOK, gin.H{
+				"code": -1,
+				"msg":  err.Error(),
+			})
+			logger.Debugf(err.Error())
+			return
+		}
+		ts.Commit()
+
+	}
+
+	if id > 0 {
+		// 用户的session_key 需要保留，便于后续解密数据
+		dbop.SaveSessionKey(openid, session)
+		tk := CreateToken(id)
+
+		c.JSON(http.StatusOK, gin.H{
+			"code": 0,
+			"data": gin.H{
+				"userId": id,
+				"token":  tk,
+			},
+		})
+	} else { //新用户
+		c.JSON(http.StatusOK, gin.H{
+			"code": -1,
+			"msg":  "用户访问失败",
+		})
+	}
+}
+
+func WxLogout(c *gin.Context) {
+	user := c.MustGet("TK_User").(int)
+	var openid string
+	err := dbop.MDb.QueryRow("select openId from user_relation where id=? and channel=5;", user).Scan(&openid)
+	if err != nil {
+		logger.Debugf("获得用户openId失败%s\n", err)
+	} else {
+		dbop.ClearSessionKey(openid)
+	}
+	dbop.RDb.ZRem(dbop.Maintain, strconv.Itoa(user)) // 删除维护人员地理信息，不可派单
+	_, err = dbop.MDb.Exec("delete from user_relation where id=? and channel=5;", user)
+	if err != nil {
+		logger.Warnf("删除用户数据失败%s\n", err)
+	}
+	var cnt int
+	err = dbop.MDb.QueryRow("select count(1) from user_relation where id=?;", user).Scan(&cnt)
+	if err != nil {
+		logger.Warnf("获取用户数据失败%s\n", err)
+	}
+	if cnt == 0 {
+		_, err = dbop.MDb.Exec("delete from dqk_user where id=?;", user)
+		if err != nil {
+			logger.Warnf("删除用户数据失败%s\n", err)
+		}
+	} else {
+		_, err = dbop.MDb.Exec("update dqk_user set name='维护用户登出' where id=?;", user)
+		if err != nil {
+			logger.Warnf("用户登出失败%s\n", err)
+		}
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"code": 0,
+		"msg":  "success",
+	})
+}
+
+func GetUserInfo(c *gin.Context) {
+	uid := c.MustGet("TK_User").(int)
+
+	var uname, device, mobile, avatar string
+	var sex, user_id int
+	err := dbop.MDb.QueryRow("select a.user_id,ifnull(a.sex,0),ifnull(a.mobile,''),ifnull(a.user_name,'小程序用户'),ifnull(m.head_img_url,''), ifnull(d.device_sn,'') from user_account a LEFT JOIN wechat_member m on a.open_id=m.open_id left join user_device_bind b on a.user_id = b.user_id left join health_device d on b.device_id=d.device_id where a.user_id = ?", uid).Scan(&user_id, &sex, &mobile, &uname, &avatar, &device)
+	if err != nil {
+		logger.Debugf("获取用户%d信息失败%s\n", uid, err)
+		c.JSON(http.StatusOK, gin.H{
+			"code": -1,
+			"msg":  err.Error(),
+		})
+	}
+
+	c.JSON(http.StatusOK, gin.H{
+		"code": 0,
+		"data": gin.H{
+			"uid":    user_id,
+			"uname":  uname,
+			"sex":    sex,
+			"avatar": avatar,
+			"mobile": mobile,
+			"device": device,
+		},
+	})
+}
+
+func UpdateUser(c *gin.Context) {
+	uid := c.MustGet("TK_User").(int)
+	type tmp struct {
+		Name      string `json:"uname,omitempty"`
+		Mobile    string `json:"mobile,omitempty"`
+		Mail      string `json:"mail,omitempty"`
+		FocusCode string `json:"focus,omitempty"`
+	}
+	var data tmp
+	if err := c.ShouldBindJSON(&data); err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"code": -1,
+			"msg":  err.Error(),
+		})
+		return
+	}
+
+	var sqlstr string
+	if len(data.Name) > 0 {
+		sqlstr = fmt.Sprintf("update user_account set user_name = '%s'", data.Name)
+	}
+
+	if len(data.Mobile) > 0 {
+		if len(sqlstr) > 0 {
+			sqlstr = fmt.Sprintf("%s,mobile = '%s'", sqlstr, data.Mobile)
+		} else {
+			sqlstr = fmt.Sprintf("update user_account set mobile = '%s'", data.Mobile)
+		}
+	}
+
+	if len(sqlstr) > 0 {
+		sqlstr = fmt.Sprintf("%s where user_id = %d", sqlstr, uid)
+		_, err := dbop.MDb.Exec(sqlstr)
+		if err != nil {
+			logger.Debugf("获取用户%d信息失败%s\n", uid, err)
+			c.JSON(http.StatusOK, gin.H{
+				"code": -1,
+				"msg":  err.Error(),
+			})
+			return
+		}
+	}
+	c.JSON(http.StatusOK, gin.H{
+		"code": 0,
+		"msg":  "操作成功",
+	})
+
+}
+
+func ModifyPasswd(c *gin.Context) {
+	user := c.MustGet("TK_User").(int)
+	type tmp struct {
+		OldPwd string `json:"oldPassword"`
+		NewPwd string `json:"newPassword"`
+	}
+	var data tmp
+	if err := c.ShouldBindJSON(&data); err != nil {
+		c.JSON(http.StatusOK, gin.H{
+			"code": -1,
+			"msg":  err.Error(),
+		})
+		return
+	}
+	logger.Debugf("修改密码参数%#v\n", data)
+	var aid int
+	err := dbop.MDb.QueryRow("SELECT id FROM `aos_user` where account=(select name from dqk_user where id=?);", user).Scan(&aid)
+	if err != nil {
+		logger.Debugf("获取用户系统账号失败%s\n", err)
+		c.JSON(http.StatusOK, gin.H{
+			"code": -1,
+			"msg":  "获取用户系统账号失败，请联系客服",
+		})
+		return
+	}
+
+	if !dbop.PasswdAuth(aid, data.OldPwd) {
+		logger.Debugf("密码修改失败\n")
+		c.JSON(http.StatusOK, gin.H{
+			"code": -1,
+			"msg":  "密码校验失败，请联系客服",
+		})
+		return
+	}
+	if dbop.SavePasswd(aid, data.NewPwd) {
+		logger.Debugf("密码修改成功\n")
+		c.JSON(http.StatusOK, gin.H{
+			"code": 0,
+			"msg":  "密码修改成功",
+		})
+
+	} else {
+		logger.Debugf("密码修改失败\n")
+		c.JSON(http.StatusOK, gin.H{
+			"code": -1,
+			"msg":  "密码修改失败，请稍后再试",
+		})
+
+	}
+}