You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
153 lines
4.2 KiB
153 lines
4.2 KiB
package middleware
|
|
|
|
import (
|
|
"errors"
|
|
"gin-vue-admin/global"
|
|
"gin-vue-admin/global/response"
|
|
"gin-vue-admin/model"
|
|
"gin-vue-admin/model/request"
|
|
"gin-vue-admin/service"
|
|
"github.com/dgrijalva/jwt-go"
|
|
"github.com/gin-gonic/gin"
|
|
"go.uber.org/zap"
|
|
"strconv"
|
|
"time"
|
|
)
|
|
|
|
func JWTAuth() gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
// 我们这里jwt鉴权取头部信息 x-token 登录时回返回token信息 这里前端需要把token存储到cookie或者本地localSstorage中 不过需要跟后端协商过期时间 可以约定刷新令牌或者重新登录
|
|
token := c.Request.Header.Get("x-token")
|
|
if token == "" {
|
|
response.Result(response.ERROR, gin.H{
|
|
"reload": true,
|
|
}, "未登录或非法访问", c)
|
|
c.Abort()
|
|
return
|
|
}
|
|
if service.IsBlacklist(token) {
|
|
response.Result(response.ERROR, gin.H{
|
|
"reload": true,
|
|
}, "您的帐户异地登陆或令牌失效", c)
|
|
c.Abort()
|
|
return
|
|
}
|
|
j := NewJWT()
|
|
// parseToken 解析token包含的信息
|
|
claims, err := j.ParseToken(token)
|
|
if err != nil {
|
|
if err == TokenExpired {
|
|
response.Result(response.ERROR, gin.H{
|
|
"reload": true,
|
|
}, "授权已过期", c)
|
|
c.Abort()
|
|
return
|
|
}
|
|
response.Result(response.ERROR, gin.H{
|
|
"reload": true,
|
|
}, err.Error(), c)
|
|
c.Abort()
|
|
return
|
|
}
|
|
if err, _ = service.FindUserByUuid(claims.UUID.String()); err != nil{
|
|
response.Result(response.ERROR, gin.H{
|
|
"reload": true,
|
|
}, err.Error(), c)
|
|
c.Abort()
|
|
}
|
|
if claims.ExpiresAt - time.Now().Unix()<claims.BufferTime {
|
|
claims.ExpiresAt = time.Now().Unix() + 60*60*24*7
|
|
newToken,_ := j.CreateToken(*claims)
|
|
newClaims,_ := j.ParseToken(newToken)
|
|
c.Header("new-token",newToken)
|
|
c.Header("new-expires-at",strconv.FormatInt(newClaims.ExpiresAt,10))
|
|
if global.GVA_CONFIG.System.UseMultipoint {
|
|
err,RedisJwtToken := service.GetRedisJWT(newClaims.Username)
|
|
if err!=nil {
|
|
global.GVA_LOG.Error("get redis jwt failed", zap.Any("err", err))
|
|
}else{
|
|
service.JsonInBlacklist(model.JwtBlacklist{Jwt: RedisJwtToken})
|
|
//当之前的取成功时才进行拉黑操作
|
|
}
|
|
// 无论如何都要记录当前的活跃状态
|
|
_ = service.SetRedisJWT(newToken,newClaims.Username)
|
|
}
|
|
}
|
|
c.Set("claims", claims)
|
|
c.Next()
|
|
}
|
|
}
|
|
|
|
type JWT struct {
|
|
SigningKey []byte
|
|
}
|
|
|
|
var (
|
|
TokenExpired = errors.New("Token is expired")
|
|
TokenNotValidYet = errors.New("Token not active yet")
|
|
TokenMalformed = errors.New("That's not even a token")
|
|
TokenInvalid = errors.New("Couldn't handle this token:")
|
|
)
|
|
|
|
func NewJWT() *JWT {
|
|
return &JWT{
|
|
[]byte(global.GVA_CONFIG.JWT.SigningKey),
|
|
}
|
|
}
|
|
|
|
// 创建一个token
|
|
func (j *JWT) CreateToken(claims request.CustomClaims) (string, error) {
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
|
return token.SignedString(j.SigningKey)
|
|
}
|
|
|
|
// 解析 token
|
|
func (j *JWT) ParseToken(tokenString string) (*request.CustomClaims, error) {
|
|
token, err := jwt.ParseWithClaims(tokenString, &request.CustomClaims{}, func(token *jwt.Token) (i interface{}, e error) {
|
|
return j.SigningKey, nil
|
|
})
|
|
if err != nil {
|
|
if ve, ok := err.(*jwt.ValidationError); ok {
|
|
if ve.Errors&jwt.ValidationErrorMalformed != 0 {
|
|
return nil, TokenMalformed
|
|
} else if ve.Errors&jwt.ValidationErrorExpired != 0 {
|
|
// Token is expired
|
|
return nil, TokenExpired
|
|
} else if ve.Errors&jwt.ValidationErrorNotValidYet != 0 {
|
|
return nil, TokenNotValidYet
|
|
} else {
|
|
return nil, TokenInvalid
|
|
}
|
|
}
|
|
}
|
|
if token != nil {
|
|
if claims, ok := token.Claims.(*request.CustomClaims); ok && token.Valid {
|
|
return claims, nil
|
|
}
|
|
return nil, TokenInvalid
|
|
|
|
} else {
|
|
return nil, TokenInvalid
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// 更新token
|
|
//func (j *JWT) RefreshToken(tokenString string) (string, error) {
|
|
// jwt.TimeFunc = func() time.Time {
|
|
// return time.Unix(0, 0)
|
|
// }
|
|
// token, err := jwt.ParseWithClaims(tokenString, &request.CustomClaims{}, func(token *jwt.Token) (interface{}, error) {
|
|
// return j.SigningKey, nil
|
|
// })
|
|
// if err != nil {
|
|
// return "", err
|
|
// }
|
|
// if claims, ok := token.Claims.(*request.CustomClaims); ok && token.Valid {
|
|
// jwt.TimeFunc = time.Now
|
|
// claims.StandardClaims.ExpiresAt = time.Now().Unix() + 60*60*24*7
|
|
// return j.CreateToken(*claims)
|
|
// }
|
|
// return "", TokenInvalid
|
|
//}
|