Compare commits
3 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 8aafcbd91c | |||
| 7e91109bce | |||
| d451eb3eff |
@@ -54,7 +54,10 @@ func (t *tokenJwt) GenerateJwt(id uint, identity, client, role string, owner any
|
||||
// 使用HS256签名算法
|
||||
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
||||
s, err := token.SignedString([]byte(t.SecretKey))
|
||||
return s, errcode.String(errcode.ErrTokenGenerate, err.Error())
|
||||
if err != nil {
|
||||
return "", errcode.String(errcode.ErrTokenGenerate, err.Error())
|
||||
}
|
||||
return s, nil
|
||||
}
|
||||
|
||||
// 解析JWT
|
||||
@@ -74,19 +77,19 @@ func (t *tokenJwt) IsExpired(tokenstring string) (bool, error) {
|
||||
// 分割JWT的三个部分
|
||||
parts := strings.Split(tokenstring, ".")
|
||||
if len(parts) != 3 {
|
||||
return false, errcode.ErrTokenDataInvalid
|
||||
return true, errcode.ErrTokenDataInvalid
|
||||
}
|
||||
|
||||
// 解码Payload部分
|
||||
payload, err := base64.RawURLEncoding.DecodeString(parts[1])
|
||||
if err != nil {
|
||||
return false, errcode.String(errcode.ErrTokenBase64Decode, err.Error())
|
||||
return true, errcode.String(errcode.ErrTokenBase64Decode, err.Error())
|
||||
}
|
||||
|
||||
// 解析JSON
|
||||
var claims jwt.RegisteredClaims
|
||||
if err := json.Unmarshal(payload, &claims); err != nil {
|
||||
return false, errcode.String(errcode.ErrTokenJsonDecode, err.Error())
|
||||
return true, errcode.String(errcode.ErrTokenJsonDecode, err.Error())
|
||||
}
|
||||
|
||||
// 检查过期时间
|
||||
|
||||
@@ -6,9 +6,9 @@ import (
|
||||
"encoding/json"
|
||||
"log"
|
||||
"net/http"
|
||||
"time"
|
||||
|
||||
"git.apinb.com/bsm-sdk/core/crypto/encipher"
|
||||
"git.apinb.com/bsm-sdk/core/crypto/token"
|
||||
"git.apinb.com/bsm-sdk/core/env"
|
||||
"git.apinb.com/bsm-sdk/core/errcode"
|
||||
"git.apinb.com/bsm-sdk/core/types"
|
||||
"github.com/gin-gonic/gin"
|
||||
@@ -27,19 +27,18 @@ func JwtAuth(time_verify bool) gin.HandlerFunc {
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
// 提取Token
|
||||
claims, err := encipher.ParseTokenAes(authHeader)
|
||||
if err != nil || claims == nil {
|
||||
log.Printf("提取token异常:%v\n", err)
|
||||
c.JSON(http.StatusUnauthorized, gin.H{"error": "Token is required"})
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
|
||||
// 检测是否需要验证token时间
|
||||
if time_verify {
|
||||
// 判断时间claims.ExpiresAt
|
||||
if time.Now().Unix() > claims.ExpiresAt {
|
||||
isExpire, err := token.New(env.Runtime.JwtSecretKey).IsExpired(authHeader)
|
||||
if err != nil {
|
||||
log.Println("token解析异常:", err)
|
||||
c.JSON(http.StatusUnauthorized, gin.H{"error": "Token is required"})
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
if isExpire {
|
||||
log.Println("token过期,请重新获取:", "Token has expired")
|
||||
c.JSON(http.StatusUnauthorized, gin.H{"error": "Token has expired"})
|
||||
c.Abort()
|
||||
@@ -47,6 +46,15 @@ func JwtAuth(time_verify bool) gin.HandlerFunc {
|
||||
}
|
||||
}
|
||||
|
||||
// 提取Token
|
||||
claims, err := token.New(env.Runtime.JwtSecretKey).ParseJwt(authHeader)
|
||||
if err != nil || claims == nil {
|
||||
log.Printf("提取token异常:%v\n", err)
|
||||
c.JSON(http.StatusUnauthorized, gin.H{"error": "Token is required"})
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
|
||||
// 将解析后的 Token 存储到上下文中
|
||||
c.Set("Auth", claims)
|
||||
// 如果 Token 有效,继续处理请求
|
||||
|
||||
@@ -3,9 +3,9 @@ package service
|
||||
import (
|
||||
"context"
|
||||
|
||||
"git.apinb.com/bsm-sdk/core/crypto/encipher"
|
||||
"git.apinb.com/bsm-sdk/core/crypto/token"
|
||||
"git.apinb.com/bsm-sdk/core/env"
|
||||
"git.apinb.com/bsm-sdk/core/errcode"
|
||||
"git.apinb.com/bsm-sdk/core/types"
|
||||
"git.apinb.com/bsm-sdk/core/utils"
|
||||
"google.golang.org/grpc/metadata"
|
||||
)
|
||||
@@ -16,7 +16,7 @@ type ParseOptions struct {
|
||||
MustPrivateAllow bool // 是否只允许私有IP访问
|
||||
}
|
||||
|
||||
func ParseMetaCtx(ctx context.Context, opts *ParseOptions) (*types.JwtClaims, error) {
|
||||
func ParseMetaCtx(ctx context.Context, opts *ParseOptions) (*token.Claims, error) {
|
||||
// 解析metada中的信息并验证
|
||||
md, ok := metadata.FromIncomingContext(ctx)
|
||||
if !ok {
|
||||
@@ -28,7 +28,7 @@ func ParseMetaCtx(ctx context.Context, opts *ParseOptions) (*types.JwtClaims, er
|
||||
return nil, errcode.ErrTokenAuthNotFound
|
||||
}
|
||||
|
||||
claims, err := encipher.ParseTokenAes(Authorizations[0])
|
||||
claims, err := token.New(env.Runtime.JwtSecretKey).ParseJwt(Authorizations[0])
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -48,7 +48,7 @@ func ParseMetaCtx(ctx context.Context, opts *ParseOptions) (*types.JwtClaims, er
|
||||
|
||||
}
|
||||
|
||||
func checkRole(claims *types.JwtClaims, roleKey, roleValue string) bool {
|
||||
func checkRole(claims *token.Claims, roleKey, roleValue string) bool {
|
||||
if roleValue == "" {
|
||||
return true
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user