jwt.go 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149
  1. package middleware
  2. import (
  3. "errors"
  4. "fmt"
  5. "github.com/dgrijalva/jwt-go"
  6. "github.com/gin-gonic/gin"
  7. uuid "github.com/satori/go.uuid"
  8. "main/controller/servers"
  9. "main/init/qmsql"
  10. "time"
  11. )
  12. type SqlRes struct {
  13. Path string
  14. AuthorityId string
  15. ApiId uint
  16. Id uint
  17. }
  18. func JWTAuth() gin.HandlerFunc {
  19. return func(c *gin.Context) {
  20. // 我们这里jwt鉴权取头部信息 x-token 登录时回返回token信息 这里前端需要把token存储到cookie或者本地localSstorage中 不过需要跟后端协商过期时间 可以约定刷新令牌或者重新登录
  21. token := c.Request.Header.Get("x-token")
  22. if token == "" {
  23. servers.ReportFormat(c, false, "未登录或非法访问", gin.H{})
  24. c.Abort()
  25. return
  26. }
  27. j := NewJWT()
  28. // parseToken 解析token包含的信息
  29. claims, err := j.ParseToken(token)
  30. if err != nil {
  31. if err == TokenExpired {
  32. servers.ReportFormat(c, false, "授权已过期", gin.H{
  33. "reload": true,
  34. })
  35. c.Abort()
  36. return
  37. }
  38. servers.ReportFormat(c, false, err.Error(), gin.H{})
  39. c.Abort()
  40. return
  41. }
  42. var sqlRes SqlRes
  43. row := qmsql.DEFAULTDB.Raw("SELECT apis.path,api_authorities.authority_id,api_authorities.api_id,apis.id FROM apis INNER JOIN api_authorities ON api_authorities.api_id = apis.id WHERE apis.path = ? AND api_authorities.authority_id = ?", c.Request.RequestURI, claims.AuthorityId)
  44. err = row.Scan(&sqlRes).Error
  45. if fmt.Sprintf("%v", err) == "record not found" {
  46. servers.ReportFormat(c, false, "没有Api操作权限", gin.H{})
  47. c.Abort()
  48. return
  49. }
  50. c.Set("claims", claims)
  51. }
  52. }
  53. type JWT struct {
  54. SigningKey []byte
  55. }
  56. var (
  57. TokenExpired error = errors.New("Token is expired")
  58. TokenNotValidYet error = errors.New("Token not active yet")
  59. TokenMalformed error = errors.New("That's not even a token")
  60. TokenInvalid error = errors.New("Couldn't handle this token:")
  61. SignKey string = "qmPlus"
  62. )
  63. type CustomClaims struct {
  64. UUID uuid.UUID
  65. ID uint
  66. NickName string
  67. AuthorityId string
  68. jwt.StandardClaims
  69. }
  70. func NewJWT() *JWT {
  71. return &JWT{
  72. []byte(GetSignKey()),
  73. }
  74. }
  75. //获取token
  76. func GetSignKey() string {
  77. return SignKey
  78. }
  79. // 这是SignKey
  80. func SetSignKey(key string) string {
  81. SignKey = key
  82. return SignKey
  83. }
  84. //创建一个token
  85. func (j *JWT) CreateToken(claims CustomClaims) (string, error) {
  86. token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
  87. return token.SignedString(j.SigningKey)
  88. }
  89. //解析 token
  90. func (j *JWT) ParseToken(tokenString string) (*CustomClaims, error) {
  91. token, err := jwt.ParseWithClaims(tokenString, &CustomClaims{}, func(token *jwt.Token) (i interface{}, e error) {
  92. return j.SigningKey, nil
  93. })
  94. if err != nil {
  95. if ve, ok := err.(*jwt.ValidationError); ok {
  96. if ve.Errors&jwt.ValidationErrorMalformed != 0 {
  97. return nil, TokenMalformed
  98. } else if ve.Errors&jwt.ValidationErrorExpired != 0 {
  99. // Token is expired
  100. return nil, TokenExpired
  101. } else if ve.Errors&jwt.ValidationErrorNotValidYet != 0 {
  102. return nil, TokenNotValidYet
  103. } else {
  104. return nil, TokenInvalid
  105. }
  106. }
  107. }
  108. if token != nil {
  109. if claims, ok := token.Claims.(*CustomClaims); ok && token.Valid {
  110. return claims, nil
  111. }
  112. return nil, TokenInvalid
  113. } else {
  114. return nil, TokenInvalid
  115. }
  116. }
  117. // 更新token
  118. func (j *JWT) RefreshToken(tokenString string) (string, error) {
  119. jwt.TimeFunc = func() time.Time {
  120. return time.Unix(0, 0)
  121. }
  122. token, err := jwt.ParseWithClaims(tokenString, &CustomClaims{}, func(token *jwt.Token) (interface{}, error) {
  123. return j.SigningKey, nil
  124. })
  125. if err != nil {
  126. return "", err
  127. }
  128. if claims, ok := token.Claims.(*CustomClaims); ok && token.Valid {
  129. jwt.TimeFunc = time.Now
  130. claims.StandardClaims.ExpiresAt = time.Now().Add(1 * time.Hour).Unix()
  131. return j.CreateToken(*claims)
  132. }
  133. return "", TokenInvalid
  134. }