root
/
yibu
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1734 Commits
3 Branches
29 Tags
39 MiB
Tree: 9b8fd0a342
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9b8fd0a342'
${ noResults }
yibu/server/middleware/jwt.go

155 lines
4.8 KiB
Raw Normal View History

项目基本构成
5 years ago
feat:增加singleFlight并发控制jwt颁发
3 years ago
修改包名称定为至server为插件化提供便利
3 years ago
feat:fix go mod
3 years ago
项目基本构成
5 years ago
go-logging(停止维护了)替换成zap, zap的配置完善优化,gva的日志更换zap后的处理
4 years ago
项目基本构成
5 years ago
基础架构变更 增加模块化
3 years ago
项目基本构成
5 years ago
jwt.go: fix localStorage spell error
4 years ago
项目基本构成
5 years ago
修复中间件导包错误及代码优化,更新swagger文档
4 years ago
项目基本构成
5 years ago
基础架构变更 增加模块化
3 years ago
修复中间件导包错误及代码优化,更新swagger文档
4 years ago
增加jwt主动失效功能(next:多点登录限制
5 years ago
项目基本构成
5 years ago
修复中间件导包错误及代码优化,更新swagger文档
4 years ago
项目基本构成
5 years ago
修复中间件导包错误及代码优化,更新swagger文档
4 years ago
项目基本构成
5 years ago
基础架构变更 增加模块化
3 years ago
修复中间件导包错误及代码优化,更新swagger文档
4 years ago
修复用户不存在的时jwt可使用的问题
4 years ago
修复中间件导包错误及代码优化,更新swagger文档
4 years ago
将JWT过期时间 刷新时间 放置进入config
4 years ago
feat:增加singleFlight并发控制jwt颁发
3 years ago
修复中间件导包错误及代码优化,更新swagger文档
4 years ago
增加令牌自动续期功能
4 years ago
基础架构变更 增加模块化
3 years ago
修复中间件导包错误及代码优化,更新swagger文档
4 years ago
基础架构变更 增加模块化
3 years ago
增加令牌自动续期功能
4 years ago
基础架构变更 增加模块化
3 years ago
增加令牌自动续期功能
4 years ago
项目基本构成
5 years ago
后台格式规范化 引入casbin做鉴权
5 years ago
项目基本构成
5 years ago
修复格式问题,重构嵌套层数过深的函数
4 years ago
项目基本构成
5 years ago
gin-vue-admin 2.0代码重构
5 years ago
项目基本构成
5 years ago
修复格式问题,重构嵌套层数过深的函数
4 years ago
jwt异地登陆bug修复
5 years ago
项目基本构成
5 years ago
feat:增加singleFlight并发控制jwt颁发
3 years ago
修复格式问题,重构嵌套层数过深的函数
4 years ago
Migrate all methods in the model package to the service package
5 years ago
项目基本构成
5 years ago
Migrate all methods in the model package to the service package
5 years ago
项目基本构成
5 years ago
增加令牌自动续期功能
4 years ago
  1. package middleware
  3. import (
  4. "errors"
  5. "strconv"
  6. "time"
  8. "github.com/flipped-aurora/gin-vue-admin/server/global"
  9. "github.com/flipped-aurora/gin-vue-admin/server/model/common/response"
  10. "github.com/flipped-aurora/gin-vue-admin/server/model/system"
  11. "github.com/flipped-aurora/gin-vue-admin/server/model/system/request"
  12. "github.com/flipped-aurora/gin-vue-admin/server/service"
  14. "github.com/dgrijalva/jwt-go"
  15. "github.com/gin-gonic/gin"
  16. "go.uber.org/zap"
  17. )
  19. var jwtService = service.ServiceGroupApp.SystemServiceGroup.JwtService
  21. func JWTAuth() gin.HandlerFunc {
  22. return func(c *gin.Context) {
  23. // 我们这里jwt鉴权取头部信息 x-token 登录时回返回token信息 这里前端需要把token存储到cookie或者本地localStorage中 不过需要跟后端协商过期时间 可以约定刷新令牌或者重新登录
  24. token := c.Request.Header.Get("x-token")
  25. if token == "" {
  26. response.FailWithDetailed(gin.H{"reload": true}, "未登录或非法访问", c)
  27. c.Abort()
  28. return
  29. }
  30. if jwtService.IsBlacklist(token) {
  31. response.FailWithDetailed(gin.H{"reload": true}, "您的帐户异地登陆或令牌失效", c)
  32. c.Abort()
  33. return
  34. }
  35. j := NewJWT()
  36. // parseToken 解析token包含的信息
  37. claims, err := j.ParseToken(token)
  38. if err != nil {
  39. if err == TokenExpired {
  40. response.FailWithDetailed(gin.H{"reload": true}, "授权已过期", c)
  41. c.Abort()
  42. return
  43. }
  44. response.FailWithDetailed(gin.H{"reload": true}, err.Error(), c)
  45. c.Abort()
  46. return
  47. }
  48. if err, _ = userService.FindUserByUuid(claims.UUID.String()); err != nil {
  49. _ = jwtService.JsonInBlacklist(system.JwtBlacklist{Jwt: token})
  50. response.FailWithDetailed(gin.H{"reload": true}, err.Error(), c)
  51. c.Abort()
  52. }
  53. if claims.ExpiresAt-time.Now().Unix() < claims.BufferTime {
  54. claims.ExpiresAt = time.Now().Unix() + global.GVA_CONFIG.JWT.ExpiresTime
  55. newToken, _ := j.CreateTokenByOldToken(token, *claims)
  56. newClaims, _ := j.ParseToken(newToken)
  57. c.Header("new-token", newToken)
  58. c.Header("new-expires-at", strconv.FormatInt(newClaims.ExpiresAt, 10))
  59. if global.GVA_CONFIG.System.UseMultipoint {
  60. err, RedisJwtToken := jwtService.GetRedisJWT(newClaims.Username)
  61. if err != nil {
  62. global.GVA_LOG.Error("get redis jwt failed", zap.Any("err", err))
  63. } else { // 当之前的取成功时才进行拉黑操作
  64. _ = jwtService.JsonInBlacklist(system.JwtBlacklist{Jwt: RedisJwtToken})
  65. }
  66. // 无论如何都要记录当前的活跃状态
  67. _ = jwtService.SetRedisJWT(newToken, newClaims.Username)
  68. }
  69. }
  70. c.Set("claims", claims)
  71. c.Next()
  72. }
  73. }
  75. type JWT struct {
  76. SigningKey []byte
  77. }
  79. var (
  80. TokenExpired = errors.New("Token is expired")
  81. TokenNotValidYet = errors.New("Token not active yet")
  82. TokenMalformed = errors.New("That's not even a token")
  83. TokenInvalid = errors.New("Couldn't handle this token:")
  84. )
  86. func NewJWT() *JWT {
  87. return &JWT{
  88. []byte(global.GVA_CONFIG.JWT.SigningKey),
  89. }
  90. }
  92. // 创建一个token
  93. func (j *JWT) CreateToken(claims request.CustomClaims) (string, error) {
  94. token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
  95. return token.SignedString(j.SigningKey)
  96. }
  98. // CreateTokenByOldToken 旧token 换新token 使用归并回源避免并发问题
  99. func (j *JWT) CreateTokenByOldToken(oldToken string, claims request.CustomClaims) (string, error) {
  100. v, err, _ := global.GVA_Concurrency_Control.Do("JWT:"+oldToken, func() (interface{}, error) {
  101. return j.CreateToken(claims)
  102. })
  103. return v.(string), err
  104. }
  106. // 解析 token
  107. func (j *JWT) ParseToken(tokenString string) (*request.CustomClaims, error) {
  108. token, err := jwt.ParseWithClaims(tokenString, &request.CustomClaims{}, func(token *jwt.Token) (i interface{}, e error) {
  109. return j.SigningKey, nil
  110. })
  111. if err != nil {
  112. if ve, ok := err.(*jwt.ValidationError); ok {
  113. if ve.Errors&jwt.ValidationErrorMalformed != 0 {
  114. return nil, TokenMalformed
  115. } else if ve.Errors&jwt.ValidationErrorExpired != 0 {
  116. // Token is expired
  117. return nil, TokenExpired
  118. } else if ve.Errors&jwt.ValidationErrorNotValidYet != 0 {
  119. return nil, TokenNotValidYet
  120. } else {
  121. return nil, TokenInvalid
  122. }
  123. }
  124. }
  125. if token != nil {
  126. if claims, ok := token.Claims.(*request.CustomClaims); ok && token.Valid {
  127. return claims, nil
  128. }
  129. return nil, TokenInvalid
  131. } else {
  132. return nil, TokenInvalid
  134. }
  136. }
  138. // 更新token
  139. //func (j *JWT) RefreshToken(tokenString string) (string, error) {
  140. // jwt.TimeFunc = func() time.Time {
  141. // return time.Unix(0, 0)
  142. // }
  143. // token, err := jwt.ParseWithClaims(tokenString, &request.CustomClaims{}, func(token *jwt.Token) (interface{}, error) {
  144. // return j.SigningKey, nil
  145. // })
  146. // if err != nil {
  147. // return "", err
  148. // }
  149. // if claims, ok := token.Claims.(*request.CustomClaims); ok && token.Valid {
  150. // jwt.TimeFunc = time.Now
  151. // claims.StandardClaims.ExpiresAt = time.Now().Unix() + 60*60*24*7
  152. // return j.CreateToken(*claims)
  153. // }
  154. // return "", TokenInvalid
  155. //}