|
@ -3,9 +3,9 @@ package middleware |
|
|
import ( |
|
|
import ( |
|
|
"errors" |
|
|
"errors" |
|
|
"gin-vue-admin/global" |
|
|
"gin-vue-admin/global" |
|
|
"gin-vue-admin/global/response" |
|
|
|
|
|
"gin-vue-admin/model" |
|
|
"gin-vue-admin/model" |
|
|
"gin-vue-admin/model/request" |
|
|
"gin-vue-admin/model/request" |
|
|
|
|
|
"gin-vue-admin/model/response" |
|
|
"gin-vue-admin/service" |
|
|
"gin-vue-admin/service" |
|
|
"github.com/dgrijalva/jwt-go" |
|
|
"github.com/dgrijalva/jwt-go" |
|
|
"github.com/gin-gonic/gin" |
|
|
"github.com/gin-gonic/gin" |
|
@ -19,16 +19,12 @@ func JWTAuth() gin.HandlerFunc { |
|
|
// 我们这里jwt鉴权取头部信息 x-token 登录时回返回token信息 这里前端需要把token存储到cookie或者本地localStorage中 不过需要跟后端协商过期时间 可以约定刷新令牌或者重新登录
|
|
|
// 我们这里jwt鉴权取头部信息 x-token 登录时回返回token信息 这里前端需要把token存储到cookie或者本地localStorage中 不过需要跟后端协商过期时间 可以约定刷新令牌或者重新登录
|
|
|
token := c.Request.Header.Get("x-token") |
|
|
token := c.Request.Header.Get("x-token") |
|
|
if token == "" { |
|
|
if token == "" { |
|
|
response.Result(response.ERROR, gin.H{ |
|
|
|
|
|
"reload": true, |
|
|
|
|
|
}, "未登录或非法访问", c) |
|
|
|
|
|
|
|
|
response.FailWithDetailed(gin.H{"reload": true}, "未登录或非法访问", c) |
|
|
c.Abort() |
|
|
c.Abort() |
|
|
return |
|
|
return |
|
|
} |
|
|
} |
|
|
if service.IsBlacklist(token) { |
|
|
if service.IsBlacklist(token) { |
|
|
response.Result(response.ERROR, gin.H{ |
|
|
|
|
|
"reload": true, |
|
|
|
|
|
}, "您的帐户异地登陆或令牌失效", c) |
|
|
|
|
|
|
|
|
response.FailWithDetailed(gin.H{"reload": true}, "您的帐户异地登陆或令牌失效", c) |
|
|
c.Abort() |
|
|
c.Abort() |
|
|
return |
|
|
return |
|
|
} |
|
|
} |
|
@ -37,40 +33,33 @@ func JWTAuth() gin.HandlerFunc { |
|
|
claims, err := j.ParseToken(token) |
|
|
claims, err := j.ParseToken(token) |
|
|
if err != nil { |
|
|
if err != nil { |
|
|
if err == TokenExpired { |
|
|
if err == TokenExpired { |
|
|
response.Result(response.ERROR, gin.H{ |
|
|
|
|
|
"reload": true, |
|
|
|
|
|
}, "授权已过期", c) |
|
|
|
|
|
|
|
|
response.FailWithDetailed(gin.H{"reload": true}, "授权已过期", c) |
|
|
c.Abort() |
|
|
c.Abort() |
|
|
return |
|
|
return |
|
|
} |
|
|
} |
|
|
response.Result(response.ERROR, gin.H{ |
|
|
|
|
|
"reload": true, |
|
|
|
|
|
}, err.Error(), c) |
|
|
|
|
|
|
|
|
response.FailWithDetailed(gin.H{"reload": true}, err.Error(), c) |
|
|
c.Abort() |
|
|
c.Abort() |
|
|
return |
|
|
return |
|
|
} |
|
|
} |
|
|
if err, _ = service.FindUserByUuid(claims.UUID.String()); err != nil{ |
|
|
|
|
|
response.Result(response.ERROR, gin.H{ |
|
|
|
|
|
"reload": true, |
|
|
|
|
|
}, err.Error(), c) |
|
|
|
|
|
|
|
|
if err, _ = service.FindUserByUuid(claims.UUID.String()); err != nil { |
|
|
|
|
|
response.FailWithDetailed(gin.H{"reload": true}, err.Error(), c) |
|
|
c.Abort() |
|
|
c.Abort() |
|
|
} |
|
|
} |
|
|
if claims.ExpiresAt - time.Now().Unix()<claims.BufferTime { |
|
|
|
|
|
|
|
|
if claims.ExpiresAt-time.Now().Unix() < claims.BufferTime { |
|
|
claims.ExpiresAt = time.Now().Unix() + 60*60*24*7 |
|
|
claims.ExpiresAt = time.Now().Unix() + 60*60*24*7 |
|
|
newToken,_ := j.CreateToken(*claims) |
|
|
|
|
|
newClaims,_ := j.ParseToken(newToken) |
|
|
|
|
|
c.Header("new-token",newToken) |
|
|
|
|
|
c.Header("new-expires-at",strconv.FormatInt(newClaims.ExpiresAt,10)) |
|
|
|
|
|
|
|
|
newToken, _ := j.CreateToken(*claims) |
|
|
|
|
|
newClaims, _ := j.ParseToken(newToken) |
|
|
|
|
|
c.Header("new-token", newToken) |
|
|
|
|
|
c.Header("new-expires-at", strconv.FormatInt(newClaims.ExpiresAt, 10)) |
|
|
if global.GVA_CONFIG.System.UseMultipoint { |
|
|
if global.GVA_CONFIG.System.UseMultipoint { |
|
|
err,RedisJwtToken := service.GetRedisJWT(newClaims.Username) |
|
|
|
|
|
if err!=nil { |
|
|
|
|
|
|
|
|
err, RedisJwtToken := service.GetRedisJWT(newClaims.Username) |
|
|
|
|
|
if err != nil { |
|
|
global.GVA_LOG.Error("get redis jwt failed", zap.Any("err", err)) |
|
|
global.GVA_LOG.Error("get redis jwt failed", zap.Any("err", err)) |
|
|
}else{ |
|
|
|
|
|
|
|
|
} else { // 当之前的取成功时才进行拉黑操作
|
|
|
_ = service.JsonInBlacklist(model.JwtBlacklist{Jwt: RedisJwtToken}) |
|
|
_ = service.JsonInBlacklist(model.JwtBlacklist{Jwt: RedisJwtToken}) |
|
|
//当之前的取成功时才进行拉黑操作
|
|
|
|
|
|
} |
|
|
} |
|
|
// 无论如何都要记录当前的活跃状态
|
|
|
// 无论如何都要记录当前的活跃状态
|
|
|
_ = service.SetRedisJWT(newToken,newClaims.Username) |
|
|
|
|
|
|
|
|
_ = service.SetRedisJWT(newToken, newClaims.Username) |
|
|
} |
|
|
} |
|
|
} |
|
|
} |
|
|
c.Set("claims", claims) |
|
|
c.Set("claims", claims) |
|
|