Merge pull request #261 from ouyangshi/v2.3.0release

增加注册IP 登陆IP+用户IP限制策略

internal/api/auth/auth.go

@@ -3,6 +3,7 @@ package apiAuth
 import (
 	api "Open_IM/pkg/base_info"
 	"Open_IM/pkg/common/config"
+	"Open_IM/pkg/common/constant"
 	"Open_IM/pkg/common/log"
 	"Open_IM/pkg/common/token_verify"
 	"Open_IM/pkg/grpc-etcdv3/getcdv3"
@@ -10,10 +11,11 @@ import (
 	open_im_sdk "Open_IM/pkg/proto/sdk_ws"
 	"Open_IM/pkg/utils"
 	"context"
-	"github.com/fatih/structs"
-	"github.com/gin-gonic/gin"
 	"net/http"
 	"strings"
+
+	"github.com/fatih/structs"
+	"github.com/gin-gonic/gin"
 )
 
 // @Summary 用户注册
@@ -65,11 +67,15 @@ func UserRegister(c *gin.Context) {
 	if reply.CommonResp.ErrCode != 0 {
 		errMsg := req.OperationID + " " + " UserRegister failed " + reply.CommonResp.ErrMsg + req.String()
 		log.NewError(req.OperationID, errMsg)
-		c.JSON(http.StatusInternalServerError, gin.H{"errCode": 500, "errMsg": errMsg})
+		if reply.CommonResp.ErrCode == constant.RegisterLimit {
+			c.JSON(http.StatusOK, gin.H{"errCode": constant.RegisterLimit, "errMsg": "用户注册被限制"})
+		} else {
+			c.JSON(http.StatusInternalServerError, gin.H{"errCode": 500, "errMsg": errMsg})
+		}
 		return
 	}
 
-	pbDataToken := &rpc.UserTokenReq{Platform: params.Platform, FromUserID: params.UserID, OperationID: params.OperationID}
+	pbDataToken := &rpc.UserTokenReq{Platform: params.Platform, FromUserID: params.UserID, OperationID: params.OperationID, LoginIp: params.CreateIp}
 	replyToken, err := client.UserToken(context.Background(), pbDataToken)
 	if err != nil {
 		errMsg := req.OperationID + " " + " client.UserToken failed " + err.Error() + pbDataToken.String()
@@ -110,7 +116,7 @@ func UserToken(c *gin.Context) {
 		c.JSON(http.StatusBadRequest, gin.H{"errCode": 401, "errMsg": errMsg})
 		return
 	}
-	req := &rpc.UserTokenReq{Platform: params.Platform, FromUserID: params.UserID, OperationID: params.OperationID}
+	req := &rpc.UserTokenReq{Platform: params.Platform, FromUserID: params.UserID, OperationID: params.OperationID, LoginIp: params.LoginIp}
 	log.NewInfo(req.OperationID, "UserToken args ", req.String())
 	etcdConn := getcdv3.GetConn(config.Config.Etcd.EtcdSchema, strings.Join(config.Config.Etcd.EtcdAddr, ","), config.Config.RpcRegisterName.OpenImAuthName, req.OperationID)
 	if etcdConn == nil {

internal/demo/register/login.go

@@ -10,8 +10,9 @@ import (
 	"Open_IM/pkg/utils"
 	"encoding/json"
 	"fmt"
-	"github.com/gin-gonic/gin"
 	"net/http"
+
+	"github.com/gin-gonic/gin"
 )
 
 type ParamsLogin struct {
@@ -62,6 +63,11 @@ func Login(c *gin.Context) {
 	openIMGetUserToken.Platform = params.Platform
 	openIMGetUserToken.Secret = config.Config.Secret
 	openIMGetUserToken.UserID = userID
+	loginIp := c.Request.Header.Get("X-Forward-For")
+	if loginIp == "" {
+		loginIp = c.ClientIP()
+	}
+	openIMGetUserToken.LoginIp = loginIp
 	openIMGetUserTokenResp := api.UserTokenResp{}
 	bMsg, err := http2.Post(url, openIMGetUserToken, 2)
 	if err != nil {
@@ -72,7 +78,11 @@ func Login(c *gin.Context) {
 	err = json.Unmarshal(bMsg, &openIMGetUserTokenResp)
 	if err != nil || openIMGetUserTokenResp.ErrCode != 0 {
 		log.NewError(params.OperationID, "request get user token", account, "err", "")
-		c.JSON(http.StatusOK, gin.H{"errCode": constant.GetIMTokenErr, "errMsg": ""})
+		if openIMGetUserTokenResp.ErrCode == constant.LoginLimit {
+			c.JSON(http.StatusOK, gin.H{"errCode": constant.LoginLimit, "errMsg": "用户登录被限制"})
+		} else {
+			c.JSON(http.StatusOK, gin.H{"errCode": constant.GetIMTokenErr, "errMsg": ""})
+		}
 		return
 	}
 	c.JSON(http.StatusOK, gin.H{"errCode": constant.NoError, "errMsg": "", "data": openIMGetUserTokenResp.UserToken})

internal/demo/register/set_password.go

@@ -10,11 +10,12 @@ import (
 	"Open_IM/pkg/common/log"
 	"Open_IM/pkg/utils"
 	"encoding/json"
-	"github.com/gin-gonic/gin"
 	"math/big"
 	"net/http"
 	"strconv"
 	"time"
+
+	"github.com/gin-gonic/gin"
 )
 
 type ParamsSetPassword struct {
@@ -81,6 +82,11 @@ func SetPassword(c *gin.Context) {
 	openIMRegisterReq.Nickname = params.Nickname
 	openIMRegisterReq.Secret = config.Config.Secret
 	openIMRegisterReq.FaceURL = params.FaceURL
+	createIp := c.Request.Header.Get("X-Forward-For")
+	if createIp == "" {
+		createIp = c.ClientIP()
+	}
+	openIMRegisterReq.CreateIp = createIp
 	openIMRegisterResp := api.UserRegisterResp{}
 	log.NewDebug(params.OperationID, utils.GetSelfFuncName(), "register req:", openIMRegisterReq)
 	bMsg, err := http2.Post(url, openIMRegisterReq, 2)
@@ -95,7 +101,11 @@ func SetPassword(c *gin.Context) {
 		if err != nil {
 			log.NewError(params.OperationID, utils.GetSelfFuncName(), err.Error())
 		}
-		c.JSON(http.StatusOK, gin.H{"errCode": constant.RegisterFailed, "errMsg": "register failed: " + openIMRegisterResp.ErrMsg})
+		if openIMRegisterResp.ErrCode == constant.RegisterLimit {
+			c.JSON(http.StatusOK, gin.H{"errCode": constant.RegisterLimit, "errMsg": "用户注册被限制"})
+		} else {
+			c.JSON(http.StatusOK, gin.H{"errCode": constant.RegisterFailed, "errMsg": "register failed: " + openIMRegisterResp.ErrMsg})
+		}
 		return
 	}
 	log.Info(params.OperationID, "begin store mysql", account, params.Password, "info", params.FaceURL, params.Nickname)

internal/rpc/auth/auth.go

@@ -15,6 +15,7 @@ import (
 	"net"
 	"strconv"
 	"strings"
+	"time"
 
 	"Open_IM/pkg/common/config"
 
@@ -29,6 +30,13 @@ func (rpc *rpcAuth) UserRegister(_ context.Context, req *pbAuth.UserRegisterReq)
 		user.Birth = utils.UnixSecondToTime(int64(req.UserInfo.Birth))
 	}
 	log.Debug(req.OperationID, "copy ", user, req.UserInfo)
+	Limited, LimitError := imdb.IsLimitRegisterIp(req.UserInfo.CreateIp)
+	if LimitError != nil {
+		return &pbAuth.UserRegisterResp{CommonResp: &pbAuth.CommonResp{ErrCode: constant.ErrDB.ErrCode, ErrMsg: LimitError.Error()}}, nil
+	}
+	if Limited {
+		return &pbAuth.UserRegisterResp{CommonResp: &pbAuth.CommonResp{ErrCode: constant.RegisterLimit, ErrMsg: "Register Limit"}}, nil
+	}
 	err := imdb.UserRegister(user)
 	if err != nil {
 		errMsg := req.OperationID + " imdb.UserRegister failed " + err.Error() + user.UserID
@@ -42,20 +50,43 @@ func (rpc *rpcAuth) UserRegister(_ context.Context, req *pbAuth.UserRegisterReq)
 
 func (rpc *rpcAuth) UserToken(_ context.Context, req *pbAuth.UserTokenReq) (*pbAuth.UserTokenResp, error) {
 	log.NewInfo(req.OperationID, utils.GetSelfFuncName(), " rpc args ", req.String())
-	_, err := imdb.GetUserByUserID(req.FromUserID)
+	user, err := imdb.GetUserByUserID(req.FromUserID)
 	if err != nil {
 		errMsg := req.OperationID + " imdb.GetUserByUserID failed " + err.Error() + req.FromUserID
 		log.NewError(req.OperationID, errMsg)
 		return &pbAuth.UserTokenResp{CommonResp: &pbAuth.CommonResp{ErrCode: constant.ErrDB.ErrCode, ErrMsg: errMsg}}, nil
 	}
-
+	var Limited bool
+	var LimitError error
+	if user.LoginLimit == 0 {
+		Limited, LimitError = imdb.IsLimitLoginIp(req.LoginIp)
+	} else if user.LoginLimit == 1 {
+		Limited, LimitError = imdb.IsLimitUserLoginIp(user.UserID, req.LoginIp)
+	} else if user.LoginLimit == 2 {
+		Limited, LimitError = imdb.UserIsBlock(user.UserID)
+	}
+	if LimitError != nil {
+		return &pbAuth.UserTokenResp{CommonResp: &pbAuth.CommonResp{ErrCode: constant.ErrDB.ErrCode, ErrMsg: LimitError.Error()}}, nil
+	}
+	if Limited {
+		return &pbAuth.UserTokenResp{CommonResp: &pbAuth.CommonResp{ErrCode: constant.LoginLimit, ErrMsg: "用户被限制"}}, nil
+	}
 	tokens, expTime, err := token_verify.CreateToken(req.FromUserID, int(req.Platform))
 	if err != nil {
 		errMsg := req.OperationID + " token_verify.CreateToken failed " + err.Error() + req.FromUserID + utils.Int32ToString(req.Platform)
 		log.NewError(req.OperationID, errMsg)
 		return &pbAuth.UserTokenResp{CommonResp: &pbAuth.CommonResp{ErrCode: constant.ErrDB.ErrCode, ErrMsg: errMsg}}, nil
 	}
-
+	//增加用户登录信息
+	user.LoginTimes = user.LoginTimes + 1
+	user.LastLoginIp = req.LoginIp
+	user.LastLoginTime = time.Now()
+	err = imdb.UpdateUserInfo(*user)
+	if err != nil {
+		errMsg := req.OperationID + " imdb.UpdateUserInfo failed " + err.Error() + req.FromUserID
+		log.NewError(req.OperationID, errMsg)
+		return &pbAuth.UserTokenResp{CommonResp: &pbAuth.CommonResp{ErrCode: constant.ErrDB.ErrCode, ErrMsg: errMsg}}, nil
+	}
 	log.NewInfo(req.OperationID, utils.GetSelfFuncName(), " rpc return ", pbAuth.UserTokenResp{CommonResp: &pbAuth.CommonResp{}, Token: tokens, ExpiredTime: expTime})
 	return &pbAuth.UserTokenResp{CommonResp: &pbAuth.CommonResp{}, Token: tokens, ExpiredTime: expTime}, nil
 }

internal/rpc/user/user.go

@@ -6,7 +6,7 @@ import (
 	"Open_IM/pkg/common/constant"
 	"Open_IM/pkg/common/db"
 	imdb "Open_IM/pkg/common/db/mysql_model/im_mysql_model"
-	"Open_IM/pkg/common/db/rocks_cache"
+	rocksCache "Open_IM/pkg/common/db/rocks_cache"
 	errors "Open_IM/pkg/common/http"
 	"Open_IM/pkg/common/log"
 	"Open_IM/pkg/common/token_verify"
@@ -540,11 +540,20 @@ func (s *userServer) GetUsersByName(ctx context.Context, req *pbUser.GetUsersByN
 			continue
 		}
 		resp.Users = append(resp.Users, &pbUser.User{
-			ProfilePhoto: user.FaceURL,
-			Nickname:     user.Nickname,
-			UserId:       user.UserID,
-			CreateTime:   user.CreateTime.String(),
-			IsBlock:      isBlock,
+			ProfilePhoto:  user.FaceURL,
+			Nickname:      user.Nickname,
+			UserId:        user.UserID,
+			CreateTime:    user.CreateTime.Format("2006-01-02 15:04:05"),
+			CreateIp:      user.CreateIp,
+			IsBlock:       isBlock,
+			Birth:         user.Birth.Format("2006-01-02"),
+			PhoneNumber:   user.PhoneNumber,
+			Email:         user.Email,
+			LastLoginIp:   user.LastLoginIp,
+			LastLoginTime: user.LastLoginTime.Format("2006-01-02 15:04:05"),
+			LoginTimes:    user.LoginTimes,
+			Gender:        user.Gender,
+			LoginLimit:    user.LoginLimit,
 		})
 	}
 	user := db.User{Nickname: req.UserName}
@@ -576,11 +585,20 @@ func (s *userServer) GetUserById(ctx context.Context, req *pbUser.GetUserByIdReq
 		return resp, errors.WrapError(constant.ErrDB)
 	}
 	resp.User = &pbUser.User{
-		ProfilePhoto: user.FaceURL,
-		Nickname:     user.Nickname,
-		UserId:       user.UserID,
-		CreateTime:   user.CreateTime.String(),
-		IsBlock:      isBlock,
+		ProfilePhoto:  user.FaceURL,
+		Nickname:      user.Nickname,
+		UserId:        user.UserID,
+		CreateTime:    user.CreateTime.Format("2006-01-02 15:04:05"),
+		CreateIp:      user.CreateIp,
+		IsBlock:       isBlock,
+		Birth:         user.Birth.Format("2006-01-02"),
+		PhoneNumber:   user.PhoneNumber,
+		Email:         user.Email,
+		LastLoginIp:   user.LastLoginIp,
+		LastLoginTime: user.LastLoginTime.Format("2006-01-02 15:04:05"),
+		LoginTimes:    user.LoginTimes,
+		Gender:        user.Gender,
+		LoginLimit:    user.LoginLimit,
 	}
 	log.NewInfo(req.OperationID, utils.GetSelfFuncName(), "resp: ", resp.String())
 	return resp, nil
@@ -598,11 +616,20 @@ func (s *userServer) GetUsers(ctx context.Context, req *pbUser.GetUsersReq) (*pb
 		isBlock, err := imdb.UserIsBlock(v.UserID)
 		if err == nil {
 			user := &pbUser.User{
-				ProfilePhoto: v.FaceURL,
-				UserId:       v.UserID,
-				CreateTime:   v.CreateTime.String(),
-				Nickname:     v.Nickname,
-				IsBlock:      isBlock,
+				ProfilePhoto:  v.FaceURL,
+				UserId:        v.UserID,
+				CreateTime:    v.CreateTime.Format("2006-01-02 15:04:05"),
+				CreateIp:      v.CreateIp,
+				Nickname:      v.Nickname,
+				Birth:         v.Birth.Format("2006-01-02"),
+				PhoneNumber:   v.PhoneNumber,
+				Email:         v.Email,
+				IsBlock:       isBlock,
+				LastLoginIp:   v.LastLoginIp,
+				LastLoginTime: v.LastLoginTime.Format("2006-01-02 15:04:05"),
+				LoginTimes:    v.LoginTimes,
+				Gender:        v.Gender,
+				LoginLimit:    v.LoginLimit,
 			}
 			resp.User = append(resp.User, user)
 		} else {