core/middleware/jwt.go

// Package middleware 提供HTTP中间件功能
// 包括JWT认证、CORS、运行模式等中间件
package middleware

import (
	"encoding/json"
	"log"
	"net/http"
	"time"

	"git.apinb.com/bsm-sdk/core/crypto/encipher"
	"git.apinb.com/bsm-sdk/core/errcode"
	"git.apinb.com/bsm-sdk/core/types"
	"github.com/gin-gonic/gin"
)

// JwtAuth JWT认证中间件
// time_verify: 是否验证token过期时间
// 返回: Gin中间件函数
func JwtAuth(time_verify bool) gin.HandlerFunc {
	return func(c *gin.Context) {
		// 从请求头中获取 Authorization
		authHeader := c.GetHeader("Authorization")
		if authHeader == "" {
			log.Printf("获取token异常:%v\n", "Authorization header is required")
			c.JSON(http.StatusUnauthorized, gin.H{"error": "Authorization header is required"})
			c.Abort()
			return
		}
		// 提取Token
		claims, err := encipher.ParseTokenAes(authHeader)
		if err != nil || claims == nil {
			log.Printf("提取token异常:%v\n", err)
			c.JSON(http.StatusUnauthorized, gin.H{"error": "Token is required"})
			c.Abort()
			return
		}

		// 检测是否需要验证token时间
		if time_verify {
			// 判断时间claims.ExpiresAt
			if time.Now().Unix() > claims.ExpiresAt {
				log.Println("token过期，请重新获取:", "Token has expired")
				c.JSON(http.StatusUnauthorized, gin.H{"error": "Token has expired"})
				c.Abort()
				return
			}
		}

		// 将解析后的 Token 存储到上下文中
		c.Set("Auth", claims)
		// 如果 Token 有效，继续处理请求
		c.Next()
	}
}

// ParseAuth 获取上下文用户登录信息
// c: Gin上下文
// 返回: JWT声明信息
func ParseAuth(c *gin.Context) (*types.JwtClaims, error) {
	claims, ok := c.Get("Auth")
	if !ok {
		log.Printf("获取登录信息异常: %v", errcode.ErrJWTAuthNotFound)
		return nil, errcode.ErrJWTAuthNotFound
	}

	json_claims, err := json.Marshal(claims)
	if err != nil {
		log.Printf("解析json异常: %v", err)
		return nil, errcode.ErrJsonMarshal
	}

	var auth *types.JwtClaims
	if err := json.Unmarshal(json_claims, &auth); err != nil {
		log.Printf("解析json异常: %v", err)
		return nil, errcode.ErrJsonUnmarshal
	}

	return auth, nil
}