| | |
| | | package auth |
| | | |
| | | import ( |
| | | "encoding/json" |
| | | jwtLib "github.com/dgrijalva/jwt-go" |
| | | "github.com/dgrijalva/jwt-go/request" |
| | | "github.com/gin-gonic/gin" |
| | | "net/http" |
| | | "strings" |
| | | "time" |
| | | ) |
| | | |
| | | type jwtAuthManager struct { |
| | | secret string |
| | | expire time.Duration |
| | | alg string |
| | | } |
| | | |
| | | func NewJwtAuthDriver() *jwtAuthManager { |
| | | return &jwtAuthManager{ |
| | | secret: TokenKey, |
| | | expire: time.Hour * 8, |
| | | alg: "HS256", |
| | | } |
| | | } |
| | | |
| | | func (jwtAuth *jwtAuthManager) Check(c *gin.Context) bool { |
| | | token := c.Request.Header.Get("Authorization") |
| | | b := "Bearer " |
| | | if !strings.Contains(token, b) { |
| | | return false |
| | | } |
| | | t := strings.Split(token, b) |
| | | if len(t) < 2 { |
| | | return false |
| | | } |
| | | var keyFunc = func(token *jwtLib.Token) (interface{}, error) { |
| | | b := []byte(jwtAuth.secret) |
| | | return b, nil |
| | | } |
| | | authJwtToken, err := request.ParseFromRequest(c.Request, request.OAuth2Extractor, keyFunc) |
| | | if err != nil { |
| | | return false |
| | | } |
| | | |
| | | c.Set("User", map[string]interface{}{ |
| | | "token": authJwtToken, |
| | | }) |
| | | |
| | | return authJwtToken.Valid |
| | | } |
| | | |
| | | func (jwtAuth *jwtAuthManager) RefreshToken(tokenStr string) (bool,string,string) { |
| | | tokenStr := strings.Replace(tokenStr, "Bearer ", "") |
| | | if tokenStr != "" { |
| | | jwtToken, err := jwtLib.Parse(tokenStr, func(token *jwtLib.Token) (interface{}, error) { |
| | | b := []byte(jwtAuth.secret) |
| | | return b, nil |
| | | }) |
| | | if err == nil { |
| | | if claims, ok := jwtToken.Claims.(jwtLib.MapClaims); ok && jwtToken.Valid { |
| | | var user map[string]interface{} |
| | | if err := json.Unmarshal([]byte(claims["user"].(string)), &user); err == nil { |
| | | //生成一个新的token和refresh_token值 |
| | | userStr, _ := json.Marshal(user) |
| | | jwtToken.Claims = jwtLib.MapClaims{ |
| | | "user": string(userStr), |
| | | "exp": time.Now().Add(jwtAuth.expire).Unix(), |
| | | } |
| | | token,e1 := jwtToken.SignedString([]byte(jwtAuth.secret)) |
| | | jwtToken.Claims = jwtLib.MapClaims{ |
| | | "user": string(userStr), |
| | | "exp": time.Now().Add(jwtAuth.expire + time.Hour * 4).Unix(), |
| | | } |
| | | refreshToken,e2 := jwtToken.SignedString([]byte(jwtAuth.secret)) |
| | | if e1 ==nil && e2 == nil { |
| | | return true, token, refreshToken |
| | | } |
| | | } |
| | | } |
| | | } |
| | | } |
| | | return false,"","" |
| | | } |
| | | |
| | | func (jwtAuth *jwtAuthManager) User(c *gin.Context) map[string]interface{} { |
| | | var jwtToken *jwtLib.Token |
| | | if jwtUser, exist := c.Get("User"); !exist { |
| | | tokenStr := strings.Replace(c.Request.Header.Get("Authorization"), "Bearer ", "", -1) |
| | | if tokenStr == "" { |
| | | return nil |
| | | } |
| | | var err error |
| | | jwtToken, err = jwtLib.Parse(tokenStr, func(token *jwtLib.Token) (interface{}, error) { |
| | | b := []byte(jwtAuth.secret) |
| | | return b, nil |
| | | }) |
| | | if err != nil { |
| | | return nil |
| | | } |
| | | } else { |
| | | jwtToken = jwtUser.(map[string]interface{})["token"].(*jwtLib.Token) |
| | | } |
| | | if claims, ok := jwtToken.Claims.(jwtLib.MapClaims); ok && jwtToken.Valid { |
| | | var user map[string]interface{} |
| | | if err := json.Unmarshal([]byte(claims["user"].(string)), &user); err != nil { |
| | | return nil |
| | | } |
| | | c.Set("User", map[string]interface{}{ |
| | | "token": jwtToken, |
| | | "user": user, |
| | | }) |
| | | return user |
| | | } else { |
| | | return nil |
| | | } |
| | | } |
| | | |
| | | func (jwtAuth *jwtAuthManager) Login(http *http.Request, w http.ResponseWriter, user map[string]interface{}) (bool,string,string) { |
| | | |
| | | jwtToken := jwtLib.New(jwtLib.GetSigningMethod(jwtAuth.alg)) |
| | | |
| | | userStr, _ := json.Marshal(user) |
| | | jwtToken.Claims = jwtLib.MapClaims{ |
| | | "user": string(userStr), |
| | | "exp": time.Now().Add(jwtAuth.expire).Unix(), |
| | | } |
| | | token,e1 := jwtToken.SignedString([]byte(jwtAuth.secret)) |
| | | jwtToken.Claims = jwtLib.MapClaims{ |
| | | "user": string(userStr), |
| | | "exp": time.Now().Add(jwtAuth.expire + time.Hour * 4).Unix(), |
| | | } |
| | | refreshToken,e2 := jwtToken.SignedString([]byte(jwtAuth.secret)) |
| | | if e1 ==nil && e2 ==nil { |
| | | return true, token, refreshToken |
| | | } |
| | | return false, "", "" |
| | | } |
| | | |
| | | func (jwtAuth *jwtAuthManager) Logout(http *http.Request, w http.ResponseWriter) bool { |
| | | |
| | | return true |
| | | } |