119 lines
3.1 KiB
Go
119 lines
3.1 KiB
Go
package jwt
|
|
|
|
import (
|
|
"atom/container"
|
|
"atom/providers/config"
|
|
"errors"
|
|
"log"
|
|
"time"
|
|
|
|
jwt "github.com/golang-jwt/jwt/v4"
|
|
uuid "github.com/satori/go.uuid"
|
|
"golang.org/x/sync/singleflight"
|
|
)
|
|
|
|
func init() {
|
|
if err := container.Container.Provide(NewJWT); err != nil {
|
|
log.Fatal(err)
|
|
}
|
|
}
|
|
|
|
// Custom claims structure
|
|
type CustomClaims struct {
|
|
BaseClaims
|
|
BufferTime int64
|
|
jwt.StandardClaims
|
|
}
|
|
|
|
type BaseClaims struct {
|
|
UUID uuid.UUID
|
|
ID uint
|
|
Username string
|
|
NickName string
|
|
AuthorityId uint
|
|
}
|
|
|
|
type JWT struct {
|
|
config *config.Config
|
|
singleflight *singleflight.Group
|
|
SigningKey []byte
|
|
}
|
|
|
|
var (
|
|
TokenExpired = errors.New("Token is expired")
|
|
TokenNotValidYet = errors.New("Token not active yet")
|
|
TokenMalformed = errors.New("That's not even a token")
|
|
TokenInvalid = errors.New("Couldn't handle this token:")
|
|
)
|
|
|
|
func NewJWT(config *config.Config) (*JWT, error) {
|
|
return &JWT{
|
|
config: config,
|
|
SigningKey: []byte(config.Http.JWT.SigningKey),
|
|
}, nil
|
|
}
|
|
|
|
func (j *JWT) CreateClaims(baseClaims BaseClaims) CustomClaims {
|
|
bf, _ := time.ParseDuration(j.config.Http.JWT.BufferTime)
|
|
ep, _ := time.ParseDuration(j.config.Http.JWT.ExpiresTime)
|
|
claims := CustomClaims{
|
|
BaseClaims: baseClaims,
|
|
BufferTime: int64(bf / time.Second), // 缓冲时间1天 缓冲时间内会获得新的token刷新令牌 此时一个用户会存在两个有效令牌 但是前端只留一个 另一个会丢失
|
|
StandardClaims: jwt.StandardClaims{
|
|
NotBefore: time.Now().Unix() - 1000, // 签名生效时间
|
|
ExpiresAt: time.Now().Add(ep).Unix(), // 过期时间 7天 配置文件
|
|
Issuer: j.config.Http.JWT.Issuer, // 签名的发行者
|
|
},
|
|
}
|
|
return claims
|
|
}
|
|
|
|
// 创建一个token
|
|
func (j *JWT) CreateToken(claims CustomClaims) (string, error) {
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
|
return token.SignedString(j.SigningKey)
|
|
}
|
|
|
|
// CreateTokenByOldToken 旧token 换新token 使用归并回源避免并发问题
|
|
func (j *JWT) CreateTokenByOldToken(oldToken string, claims CustomClaims) (string, error) {
|
|
v, err, _ := j.singleflight.Do("JWT:"+oldToken, func() (interface{}, error) {
|
|
return j.CreateToken(claims)
|
|
})
|
|
return v.(string), err
|
|
}
|
|
|
|
// 解析 token
|
|
func (j *JWT) ParseToken(tokenString string) (*CustomClaims, error) {
|
|
token, err := jwt.ParseWithClaims(tokenString, &CustomClaims{}, func(token *jwt.Token) (i interface{}, e error) {
|
|
return j.SigningKey, nil
|
|
})
|
|
if err != nil {
|
|
if ve, ok := err.(*jwt.ValidationError); ok {
|
|
if ve.Errors&jwt.ValidationErrorMalformed != 0 {
|
|
return nil, TokenMalformed
|
|
} else if ve.Errors&jwt.ValidationErrorExpired != 0 {
|
|
// Token is expired
|
|
return nil, TokenExpired
|
|
} else if ve.Errors&jwt.ValidationErrorNotValidYet != 0 {
|
|
return nil, TokenNotValidYet
|
|
} else {
|
|
return nil, TokenInvalid
|
|
}
|
|
}
|
|
}
|
|
if token != nil {
|
|
if claims, ok := token.Claims.(*CustomClaims); ok && token.Valid {
|
|
return claims, nil
|
|
}
|
|
return nil, TokenInvalid
|
|
|
|
} else {
|
|
return nil, TokenInvalid
|
|
}
|
|
}
|
|
|
|
// 解析 token
|
|
func (j *JWT) ParseCliam(claim string) (*CustomClaims, error) {
|
|
|
|
}
|