add token
This commit is contained in:
@@ -28,7 +28,7 @@ func New(secret string) {
|
||||
|
||||
func GenerateTokenAes(id uint, identity, client, role string, owner any, extend map[string]string) (string, error) {
|
||||
if !(JwtSecretLen == 16 || JwtSecretLen == 24 || JwtSecretLen == 32) {
|
||||
return "", errcode.ErrJWTSecretKey
|
||||
return "", errcode.ErrTokenSecretKey
|
||||
}
|
||||
expireTime := time.Now().Add(vars.JwtExpire)
|
||||
claims := types.JwtClaims{
|
||||
@@ -43,7 +43,7 @@ func GenerateTokenAes(id uint, identity, client, role string, owner any, extend
|
||||
|
||||
byte, err := json.Marshal(claims)
|
||||
if err != nil {
|
||||
return "", errcode.ErrJWTJsonEncode
|
||||
return "", errcode.ErrTokenJsonEncode
|
||||
}
|
||||
|
||||
token, err := AesEncryptCBC(byte)
|
||||
@@ -59,7 +59,7 @@ func AesEncryptCBC(plan []byte) (string, error) {
|
||||
// NewCipher该函数限制了输入k的长度必须为16, 24或者32
|
||||
block, err := aes.NewCipher(JwtSecret)
|
||||
if err != nil {
|
||||
return "", errcode.ErrJWTSecretKey
|
||||
return "", errcode.ErrTokenSecretKey
|
||||
}
|
||||
// 获取秘钥块的长度
|
||||
blockSize := block.BlockSize()
|
||||
@@ -76,17 +76,17 @@ func AesEncryptCBC(plan []byte) (string, error) {
|
||||
|
||||
func AesDecryptCBC(cryted string) (b []byte, err error) {
|
||||
if (JwtSecretLen == 16 || JwtSecretLen == 24 || JwtSecretLen == 32) == false {
|
||||
return nil, errcode.ErrJWTSecretKey
|
||||
return nil, errcode.ErrTokenSecretKey
|
||||
}
|
||||
// 转成字节数组
|
||||
crytedByte, err := base64.StdEncoding.DecodeString(cryted)
|
||||
if err != nil {
|
||||
return nil, errcode.ErrJWTBase64Decode
|
||||
return nil, errcode.ErrTokenBase64Decode
|
||||
}
|
||||
// 分组秘钥
|
||||
block, err := aes.NewCipher(JwtSecret)
|
||||
if err != nil {
|
||||
return nil, errcode.ErrJWTSecretKey
|
||||
return nil, errcode.ErrTokenSecretKey
|
||||
}
|
||||
// 获取秘钥块的长度
|
||||
blockSize := block.BlockSize()
|
||||
@@ -99,7 +99,7 @@ func AesDecryptCBC(cryted string) (b []byte, err error) {
|
||||
// 去补全码
|
||||
orig = PKCS7UnPadding(orig, blockSize)
|
||||
if orig == nil {
|
||||
return nil, errcode.ErrJWTAuthParseFail
|
||||
return nil, errcode.ErrTokenAuthParseFail
|
||||
}
|
||||
return orig, nil
|
||||
}
|
||||
@@ -152,12 +152,12 @@ func ParseTokenAes(token string) (*types.JwtClaims, error) {
|
||||
var ac *types.JwtClaims
|
||||
err = json.Unmarshal(data, &ac)
|
||||
if err != nil {
|
||||
return nil, errcode.ErrJWTAuthParseFail
|
||||
return nil, errcode.ErrTokenAuthParseFail
|
||||
}
|
||||
|
||||
expireTime := time.Now().Unix()
|
||||
if expireTime > ac.ExpiresAt {
|
||||
return nil, errcode.ErrJWTAuthExpire
|
||||
return nil, errcode.ErrTokenAuthExpire
|
||||
}
|
||||
|
||||
return ac, nil
|
||||
|
||||
95
crypto/token/jwt.go
Normal file
95
crypto/token/jwt.go
Normal file
@@ -0,0 +1,95 @@
|
||||
package token
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"encoding/json"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"git.apinb.com/bsm-sdk/core/errcode"
|
||||
"git.apinb.com/bsm-sdk/core/vars"
|
||||
"github.com/golang-jwt/jwt/v5"
|
||||
)
|
||||
|
||||
type Claims struct {
|
||||
ID uint `json:"id"`
|
||||
Identity string `json:"identity"`
|
||||
Extend map[string]string `json:"extend"`
|
||||
Client string `json:"client"`
|
||||
Owner any `json:"owner"`
|
||||
Role string `json:"role"`
|
||||
jwt.RegisteredClaims // v5版本新加的方法
|
||||
}
|
||||
|
||||
type tokenJwt struct {
|
||||
SecretKey string
|
||||
}
|
||||
|
||||
func New(secretKey string) *tokenJwt {
|
||||
return &tokenJwt{SecretKey: secretKey}
|
||||
}
|
||||
|
||||
// 生成JWT
|
||||
func (t *tokenJwt) GenerateJwt(id uint, identity, client, role string, owner any, extend map[string]string) (string, error) {
|
||||
keyLen := len(t.SecretKey)
|
||||
if !(keyLen == 16 || keyLen == 24 || keyLen == 32) {
|
||||
return "", errcode.ErrTokenSecretKey
|
||||
}
|
||||
|
||||
now := time.Now()
|
||||
|
||||
claims := Claims{
|
||||
ID: id,
|
||||
Identity: identity,
|
||||
Client: client,
|
||||
Extend: extend,
|
||||
Owner: owner,
|
||||
Role: role,
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
ExpiresAt: jwt.NewNumericDate(now.Add(vars.JwtExpire)), // 过期时间24小时
|
||||
IssuedAt: jwt.NewNumericDate(now), // 签发时间
|
||||
NotBefore: jwt.NewNumericDate(now), // 生效时间
|
||||
},
|
||||
}
|
||||
// 使用HS256签名算法
|
||||
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
||||
s, err := token.SignedString([]byte(t.SecretKey))
|
||||
return s, errcode.String(errcode.ErrTokenGenerate, err.Error())
|
||||
}
|
||||
|
||||
// 解析JWT
|
||||
func (t *tokenJwt) ParseJwt(tokenstring string) (*Claims, error) {
|
||||
token, err := jwt.ParseWithClaims(tokenstring, &Claims{}, func(token *jwt.Token) (interface{}, error) {
|
||||
return []byte(t.SecretKey), nil
|
||||
})
|
||||
if claims, ok := token.Claims.(*Claims); ok && token.Valid {
|
||||
return claims, nil
|
||||
} else {
|
||||
return nil, errcode.String(errcode.ErrTokenParse, err.Error())
|
||||
}
|
||||
}
|
||||
|
||||
// 验证JWT是否过期
|
||||
func (t *tokenJwt) IsExpired(tokenstring string) (bool, error) {
|
||||
// 分割JWT的三个部分
|
||||
parts := strings.Split(tokenstring, ".")
|
||||
if len(parts) != 3 {
|
||||
return false, errcode.ErrTokenDataInvalid
|
||||
}
|
||||
|
||||
// 解码Payload部分
|
||||
payload, err := base64.RawURLEncoding.DecodeString(parts[1])
|
||||
if err != nil {
|
||||
return false, errcode.String(errcode.ErrTokenBase64Decode, err.Error())
|
||||
}
|
||||
|
||||
// 解析JSON
|
||||
var claims jwt.RegisteredClaims
|
||||
if err := json.Unmarshal(payload, &claims); err != nil {
|
||||
return false, errcode.String(errcode.ErrTokenJsonDecode, err.Error())
|
||||
}
|
||||
|
||||
// 检查过期时间
|
||||
currentTime := time.Now().Unix()
|
||||
return claims.ExpiresAt.Unix() < currentTime, nil
|
||||
}
|
||||
Reference in New Issue
Block a user