leanote/app/controllers/api/init.go

package api

import (
	"github.com/leanote/leanote/app/info"
	"github.com/leanote/leanote/app/service"
//		. "github.com/leanote/leanote/app/lea"
	"github.com/revel/revel"
	"strings"
)

var userService *service.UserService
var noteService *service.NoteService
var trashService *service.TrashService
var notebookService *service.NotebookService
var noteContentHistoryService *service.NoteContentHistoryService
var authService *service.AuthService
var shareService *service.ShareService
var blogService *service.BlogService
var tagService *service.TagService
var pwdService *service.PwdService
var tokenService *service.TokenService
var suggestionService *service.SuggestionService
var albumService *service.AlbumService
var noteImageService *service.NoteImageService
var fileService *service.FileService
var attachService *service.AttachService
var configService *service.ConfigService
var emailService *service.EmailService
var sessionService *service.SessionService

var pageSize = 1000
var defaultSortField = "UpdatedTime"
var leanoteUserId = "admin" // 不能更改

// 状态
const (
	S_DEFAULT                 = iota // 0
	S_NOT_LOGIN                      // 1
	S_WRONG_USERNAME_PASSWORD        // 2
	S_WRONG_CAPTCHA                  // 3
	S_NEED_CAPTCHA                   // 4
	S_NOT_OPEN_REGISTER              // 4
)

// 拦截器
// 不需要拦截的url
var commonUrl = map[string]map[string]bool{"ApiAuth": map[string]bool{"Login": true,
	"Register": true,
	},
	// 文件的操作也不用登录, userId会从session中获取
	"ApiFile": map[string]bool{"GetImage": true,
		"GetAttach": true,
		"GetAllAttachs": true,
	},
}

func needValidate(controller, method string) bool {
	// 在里面
	if v, ok := commonUrl[controller]; ok {
		// 在commonUrl里
		if _, ok2 := v[method]; ok2 {
			return false
		}
		return true
	} else {
		// controller不在这里的, 肯定要验证
		return true
	}
}

// 这里得到token, 若不是login, logout等公用操作, 必须验证是否已登录
func AuthInterceptor(c *revel.Controller) revel.Result {
	// 得到token /api/user/info?userId=xxx&token=xxxxx
	token := c.Params.Values.Get("token")
	noToken := false
	if token == "" {
		// 若无, 则取sessionId
		token = c.Session.Id()
		noToken = true
	}
	c.Session["_token"] = token

	// 全部变成首字大写
	var controller = strings.Title(c.Name)
	var method = strings.Title(c.MethodName)

	// 验证是否已登录
	// 通过sessionService判断该token下是否有userId, 并返回userId
	userId := sessionService.GetUserId(token)
	if noToken && userId == "" {
		// 从session中获取, api/file/getImage, api/file/getAttach, api/file/getAllAttach
		// 客户端
		userId, _ = c.Session["UserId"];
	}
	c.Session["_userId"] = userId
	
	// 是否需要验证?
	if !needValidate(controller, method) {
		return nil
	}
	
	if userId != "" {
		return nil // 已登录
	}

	// 没有登录, 返回错误的信息, 需要登录
	re := info.NewApiRe()
	re.Msg = "NOTLOGIN"
	return c.RenderJson(re)
}

func init() {
	// interceptors
	revel.InterceptFunc(AuthInterceptor, revel.BEFORE, &ApiAuth{})
	revel.InterceptFunc(AuthInterceptor, revel.BEFORE, &ApiUser{})
	revel.InterceptFunc(AuthInterceptor, revel.BEFORE, &ApiFile{})
	revel.InterceptFunc(AuthInterceptor, revel.BEFORE, &ApiNote{})
	revel.InterceptFunc(AuthInterceptor, revel.BEFORE, &ApiTag{})
	revel.InterceptFunc(AuthInterceptor, revel.BEFORE, &ApiNotebook{})
}

// 最外层init.go调用
// 获取service, 单例
func InitService() {
	notebookService = service.NotebookS
	noteService = service.NoteS
	noteContentHistoryService = service.NoteContentHistoryS
	trashService = service.TrashS
	shareService = service.ShareS
	userService = service.UserS
	tagService = service.TagS
	blogService = service.BlogS
	tokenService = service.TokenS
	noteImageService = service.NoteImageS
	fileService = service.FileS
	albumService = service.AlbumS
	attachService = service.AttachS
	pwdService = service.PwdS
	suggestionService = service.SuggestionS
	authService = service.AuthS
	configService = service.ConfigS
	emailService = service.EmailS
	sessionService = service.SessionS
}