From 49220ccfbfc38e781fb940e452f60dbce5c1263e Mon Sep 17 00:00:00 2001 From: Gordon <1432970085@qq.com> Date: Wed, 26 Jul 2023 17:51:55 +0800 Subject: [PATCH] fix: token update Signed-off-by: Gordon <1432970085@qq.com> --- internal/api/msg.go | 6 +++--- internal/api/route.go | 3 ++- internal/msggateway/hub_server.go | 5 ++--- internal/msggateway/n_ws_server.go | 4 ++-- internal/rpc/auth/auth.go | 5 +++-- internal/rpc/friend/black.go | 4 ++-- internal/rpc/friend/friend.go | 8 ++++---- internal/rpc/msg/delete.go | 10 +++++----- internal/rpc/msg/revoke.go | 8 ++++---- internal/rpc/msg/sync_msg.go | 4 ++-- internal/rpc/third/tool.go | 4 ++-- internal/rpc/user/user.go | 11 ++++++++--- pkg/authverify/token.go | 6 +++--- pkg/common/db/controller/auth.go | 3 ++- pkg/rpcclient/user.go | 4 ++-- 15 files changed, 46 insertions(+), 39 deletions(-) diff --git a/internal/api/msg.go b/internal/api/msg.go index f98cdef89..8480ac7d3 100644 --- a/internal/api/msg.go +++ b/internal/api/msg.go @@ -15,6 +15,7 @@ package api import ( + "github.com/OpenIMSDK/Open-IM-Server/pkg/authverify" "github.com/gin-gonic/gin" "github.com/go-playground/validator/v10" "github.com/mitchellh/mapstructure" @@ -29,7 +30,6 @@ import ( "github.com/OpenIMSDK/tools/apiresp" "github.com/OpenIMSDK/tools/errs" "github.com/OpenIMSDK/tools/log" - "github.com/OpenIMSDK/tools/tokenverify" "github.com/OpenIMSDK/tools/utils" ) @@ -205,7 +205,7 @@ func (m *MessageApi) SendMessage(c *gin.Context) { return } log.ZInfo(c, "SendMessage", "req", req) - if !tokenverify.IsAppManagerUid(c) { + if !authverify.IsAppManagerUid(c) { apiresp.GinError(c, errs.ErrNoPermission.Wrap("only app manager can send message")) return } @@ -245,7 +245,7 @@ func (m *MessageApi) BatchSendMsg(c *gin.Context) { return } log.ZInfo(c, "BatchSendMsg", "req", req) - if err := tokenverify.CheckAdmin(c); err != nil { + if err := authverify.CheckAdmin(c); err != nil { apiresp.GinError(c, errs.ErrNoPermission.Wrap("only app manager can send message")) return } diff --git a/internal/api/route.go b/internal/api/route.go index ee7a9493c..262283019 100644 --- a/internal/api/route.go +++ b/internal/api/route.go @@ -16,6 +16,7 @@ package api import ( "context" + "github.com/OpenIMSDK/Open-IM-Server/pkg/authverify" "github.com/OpenIMSDK/Open-IM-Server/pkg/common/db/cache" "github.com/OpenIMSDK/Open-IM-Server/pkg/common/db/controller" "github.com/OpenIMSDK/protocol/constant" @@ -210,7 +211,7 @@ func GinParseToken(rdb redis.UniversalClient) gin.HandlerFunc { c.Abort() return } - claims, err := tokenverify.GetClaimFromToken(token) + claims, err := tokenverify.GetClaimFromToken(token, authverify.Secret()) if err != nil { log.ZWarn(c, "jwt get token error", errs.ErrTokenUnknown.Wrap()) apiresp.GinError(c, errs.ErrTokenUnknown.Wrap()) diff --git a/internal/msggateway/hub_server.go b/internal/msggateway/hub_server.go index 62b5b200c..e9a53cbf7 100644 --- a/internal/msggateway/hub_server.go +++ b/internal/msggateway/hub_server.go @@ -16,11 +16,10 @@ package msggateway import ( "context" + "github.com/OpenIMSDK/Open-IM-Server/pkg/authverify" "github.com/OpenIMSDK/Open-IM-Server/pkg/common/db/cache" "github.com/OpenIMSDK/tools/errs" - "github.com/OpenIMSDK/tools/tokenverify" - "google.golang.org/grpc" "github.com/OpenIMSDK/Open-IM-Server/pkg/common/config" @@ -84,7 +83,7 @@ func (s *Server) GetUsersOnlineStatus( ctx context.Context, req *msggateway.GetUsersOnlineStatusReq, ) (*msggateway.GetUsersOnlineStatusResp, error) { - if !tokenverify.IsAppManagerUid(ctx) { + if !authverify.IsAppManagerUid(ctx) { return nil, errs.ErrNoPermission.Wrap("only app manager") } var resp msggateway.GetUsersOnlineStatusResp diff --git a/internal/msggateway/n_ws_server.go b/internal/msggateway/n_ws_server.go index d19e23b83..c324f8a22 100644 --- a/internal/msggateway/n_ws_server.go +++ b/internal/msggateway/n_ws_server.go @@ -17,6 +17,7 @@ package msggateway import ( "context" "errors" + "github.com/OpenIMSDK/Open-IM-Server/pkg/authverify" "net/http" "strconv" "sync" @@ -35,7 +36,6 @@ import ( "github.com/OpenIMSDK/tools/errs" "github.com/OpenIMSDK/tools/log" - "github.com/OpenIMSDK/tools/tokenverify" "github.com/OpenIMSDK/tools/utils" ) @@ -338,7 +338,7 @@ func (ws *WsServer) wsHandler(w http.ResponseWriter, r *http.Request) { httpError(connContext, errs.ErrConnArgsErr) return } - if err := tokenverify.WsVerifyToken(token, userID, platformID); err != nil { + if err := authverify.WsVerifyToken(token, userID, platformID); err != nil { httpError(connContext, err) return } diff --git a/internal/rpc/auth/auth.go b/internal/rpc/auth/auth.go index f89ba263d..1abfc9771 100644 --- a/internal/rpc/auth/auth.go +++ b/internal/rpc/auth/auth.go @@ -16,6 +16,7 @@ package auth import ( "context" + "github.com/OpenIMSDK/Open-IM-Server/pkg/authverify" "google.golang.org/grpc" @@ -76,7 +77,7 @@ func (s *authServer) UserToken(ctx context.Context, req *pbAuth.UserTokenReq) (* } func (s *authServer) parseToken(ctx context.Context, tokensString string) (claims *tokenverify.Claims, err error) { - claims, err = tokenverify.GetClaimFromToken(tokensString) + claims, err = tokenverify.GetClaimFromToken(tokensString, authverify.Secret()) if err != nil { return nil, utils.Wrap(err, "") } @@ -116,7 +117,7 @@ func (s *authServer) ParseToken( } func (s *authServer) ForceLogout(ctx context.Context, req *pbAuth.ForceLogoutReq) (*pbAuth.ForceLogoutResp, error) { - if err := tokenverify.CheckAdmin(ctx); err != nil { + if err := authverify.CheckAdmin(ctx); err != nil { return nil, err } if err := s.forceKickOff(ctx, req.UserID, req.PlatformID, mcontext.GetOperationID(ctx)); err != nil { diff --git a/internal/rpc/friend/black.go b/internal/rpc/friend/black.go index 6f7ed58dd..9df5abb33 100644 --- a/internal/rpc/friend/black.go +++ b/internal/rpc/friend/black.go @@ -16,13 +16,13 @@ package friend import ( "context" + "github.com/OpenIMSDK/Open-IM-Server/pkg/authverify" "time" "github.com/OpenIMSDK/Open-IM-Server/pkg/common/convert" "github.com/OpenIMSDK/Open-IM-Server/pkg/common/db/table/relation" pbFriend "github.com/OpenIMSDK/protocol/friend" "github.com/OpenIMSDK/tools/mcontext" - "github.com/OpenIMSDK/tools/tokenverify" ) func (s *friendServer) GetPaginationBlacks( @@ -76,7 +76,7 @@ func (s *friendServer) RemoveBlack( } func (s *friendServer) AddBlack(ctx context.Context, req *pbFriend.AddBlackReq) (*pbFriend.AddBlackResp, error) { - if err := tokenverify.CheckAccessV3(ctx, req.OwnerUserID); err != nil { + if err := authverify.CheckAccessV3(ctx, req.OwnerUserID); err != nil { return nil, err } _, err := s.userRpcClient.GetUsersInfo(ctx, []string{req.OwnerUserID, req.BlackUserID}) diff --git a/internal/rpc/friend/friend.go b/internal/rpc/friend/friend.go index 8ab2a9267..9ef38ef3c 100644 --- a/internal/rpc/friend/friend.go +++ b/internal/rpc/friend/friend.go @@ -16,6 +16,7 @@ package friend import ( "context" + "github.com/OpenIMSDK/Open-IM-Server/pkg/authverify" "github.com/OpenIMSDK/Open-IM-Server/pkg/common/convert" "github.com/OpenIMSDK/Open-IM-Server/pkg/rpcclient" @@ -32,7 +33,6 @@ import ( pbfriend "github.com/OpenIMSDK/protocol/friend" registry "github.com/OpenIMSDK/tools/discoveryregistry" "github.com/OpenIMSDK/tools/errs" - "github.com/OpenIMSDK/tools/tokenverify" "github.com/OpenIMSDK/tools/tx" "github.com/OpenIMSDK/tools/utils" ) @@ -95,7 +95,7 @@ func (s *friendServer) ApplyToAddFriend( ) (resp *pbfriend.ApplyToAddFriendResp, err error) { defer log.ZInfo(ctx, utils.GetFuncName()+" Return") resp = &pbfriend.ApplyToAddFriendResp{} - if err := tokenverify.CheckAccessV3(ctx, req.FromUserID); err != nil { + if err := authverify.CheckAccessV3(ctx, req.FromUserID); err != nil { return nil, err } if req.ToUserID == req.FromUserID { @@ -127,7 +127,7 @@ func (s *friendServer) ImportFriends( req *pbfriend.ImportFriendReq, ) (resp *pbfriend.ImportFriendResp, err error) { defer log.ZInfo(ctx, utils.GetFuncName()+" Return") - if err := tokenverify.CheckAdmin(ctx); err != nil { + if err := authverify.CheckAdmin(ctx); err != nil { return nil, err } if _, err := s.userRpcClient.GetUsersInfo(ctx, append([]string{req.OwnerUserID}, req.FriendUserIDs...)); err != nil { @@ -154,7 +154,7 @@ func (s *friendServer) RespondFriendApply( ) (resp *pbfriend.RespondFriendApplyResp, err error) { defer log.ZInfo(ctx, utils.GetFuncName()+" Return") resp = &pbfriend.RespondFriendApplyResp{} - if err := tokenverify.CheckAccessV3(ctx, req.ToUserID); err != nil { + if err := authverify.CheckAccessV3(ctx, req.ToUserID); err != nil { return nil, err } diff --git a/internal/rpc/msg/delete.go b/internal/rpc/msg/delete.go index 1523beb73..cdee8bdb5 100644 --- a/internal/rpc/msg/delete.go +++ b/internal/rpc/msg/delete.go @@ -16,13 +16,13 @@ package msg import ( "context" + "github.com/OpenIMSDK/Open-IM-Server/pkg/authverify" "github.com/OpenIMSDK/protocol/constant" "github.com/OpenIMSDK/protocol/conversation" "github.com/OpenIMSDK/protocol/msg" "github.com/OpenIMSDK/protocol/sdkws" "github.com/OpenIMSDK/tools/log" - "github.com/OpenIMSDK/tools/tokenverify" "github.com/OpenIMSDK/tools/utils" ) @@ -45,7 +45,7 @@ func (m *msgServer) ClearConversationsMsg( ctx context.Context, req *msg.ClearConversationsMsgReq, ) (*msg.ClearConversationsMsgResp, error) { - if err := tokenverify.CheckAccessV3(ctx, req.UserID); err != nil { + if err := authverify.CheckAccessV3(ctx, req.UserID); err != nil { return nil, err } if err := m.clearConversation(ctx, req.ConversationIDs, req.UserID, req.DeleteSyncOpt); err != nil { @@ -58,7 +58,7 @@ func (m *msgServer) UserClearAllMsg( ctx context.Context, req *msg.UserClearAllMsgReq, ) (*msg.UserClearAllMsgResp, error) { - if err := tokenverify.CheckAccessV3(ctx, req.UserID); err != nil { + if err := authverify.CheckAccessV3(ctx, req.UserID); err != nil { return nil, err } conversationIDs, err := m.ConversationLocalCache.GetConversationIDs(ctx, req.UserID) @@ -73,7 +73,7 @@ func (m *msgServer) UserClearAllMsg( } func (m *msgServer) DeleteMsgs(ctx context.Context, req *msg.DeleteMsgsReq) (*msg.DeleteMsgsResp, error) { - if err := tokenverify.CheckAccessV3(ctx, req.UserID); err != nil { + if err := authverify.CheckAccessV3(ctx, req.UserID); err != nil { return nil, err } isSyncSelf, isSyncOther := m.validateDeleteSyncOpt(req.DeleteSyncOpt) @@ -121,7 +121,7 @@ func (m *msgServer) DeleteMsgPhysical( ctx context.Context, req *msg.DeleteMsgPhysicalReq, ) (*msg.DeleteMsgPhysicalResp, error) { - if err := tokenverify.CheckAdmin(ctx); err != nil { + if err := authverify.CheckAdmin(ctx); err != nil { return nil, err } remainTime := utils.GetCurrentTimestampBySecond() - req.Timestamp diff --git a/internal/rpc/msg/revoke.go b/internal/rpc/msg/revoke.go index de86c540f..18066c1a2 100644 --- a/internal/rpc/msg/revoke.go +++ b/internal/rpc/msg/revoke.go @@ -17,6 +17,7 @@ package msg import ( "context" "encoding/json" + "github.com/OpenIMSDK/Open-IM-Server/pkg/authverify" "time" unRelationTb "github.com/OpenIMSDK/Open-IM-Server/pkg/common/db/table/unrelation" @@ -25,7 +26,6 @@ import ( "github.com/OpenIMSDK/protocol/sdkws" "github.com/OpenIMSDK/tools/errs" "github.com/OpenIMSDK/tools/log" - "github.com/OpenIMSDK/tools/tokenverify" "github.com/OpenIMSDK/tools/utils" ) @@ -40,7 +40,7 @@ func (m *msgServer) RevokeMsg(ctx context.Context, req *msg.RevokeMsgReq) (*msg. if req.Seq < 0 { return nil, errs.ErrArgs.Wrap("seq is invalid") } - if err := tokenverify.CheckAccessV3(ctx, req.UserID); err != nil { + if err := authverify.CheckAccessV3(ctx, req.UserID); err != nil { return nil, err } user, err := m.User.GetUserInfo(ctx, req.UserID) @@ -60,10 +60,10 @@ func (m *msgServer) RevokeMsg(ctx context.Context, req *msg.RevokeMsgReq) (*msg. data, _ := json.Marshal(msgs[0]) log.ZInfo(ctx, "GetMsgBySeqs", "conversationID", req.ConversationID, "seq", req.Seq, "msg", string(data)) var role int32 - if !tokenverify.IsAppManagerUid(ctx) { + if !authverify.IsAppManagerUid(ctx) { switch msgs[0].SessionType { case constant.SingleChatType: - if err := tokenverify.CheckAccessV3(ctx, msgs[0].SendID); err != nil { + if err := authverify.CheckAccessV3(ctx, msgs[0].SendID); err != nil { return nil, err } role = user.AppMangerLevel diff --git a/internal/rpc/msg/sync_msg.go b/internal/rpc/msg/sync_msg.go index 4aaa2bb13..e91138d6c 100644 --- a/internal/rpc/msg/sync_msg.go +++ b/internal/rpc/msg/sync_msg.go @@ -16,6 +16,7 @@ package msg import ( "context" + "github.com/OpenIMSDK/Open-IM-Server/pkg/authverify" "github.com/OpenIMSDK/Open-IM-Server/pkg/msgprocessor" "github.com/OpenIMSDK/protocol/constant" @@ -23,7 +24,6 @@ import ( "github.com/OpenIMSDK/protocol/sdkws" "github.com/OpenIMSDK/tools/log" - "github.com/OpenIMSDK/tools/tokenverify" "github.com/OpenIMSDK/tools/utils" ) @@ -86,7 +86,7 @@ func (m *msgServer) PullMessageBySeqs( } func (m *msgServer) GetMaxSeq(ctx context.Context, req *sdkws.GetMaxSeqReq) (*sdkws.GetMaxSeqResp, error) { - if err := tokenverify.CheckAccessV3(ctx, req.UserID); err != nil { + if err := authverify.CheckAccessV3(ctx, req.UserID); err != nil { return nil, err } conversationIDs, err := m.ConversationLocalCache.GetConversationIDs(ctx, req.UserID) diff --git a/internal/rpc/third/tool.go b/internal/rpc/third/tool.go index 5a7d1697b..3034de674 100644 --- a/internal/rpc/third/tool.go +++ b/internal/rpc/third/tool.go @@ -18,13 +18,13 @@ import ( "context" "errors" "fmt" + "github.com/OpenIMSDK/Open-IM-Server/pkg/authverify" "strings" "unicode/utf8" "github.com/OpenIMSDK/protocol/third" "github.com/OpenIMSDK/tools/errs" "github.com/OpenIMSDK/tools/mcontext" - "github.com/OpenIMSDK/tools/tokenverify" ) func toPbMapArray(m map[string][]string) []*third.KeyValues { @@ -52,7 +52,7 @@ func checkUploadName(ctx context.Context, name string) error { if opUserID == "" { return errs.ErrNoPermission.Wrap("opUserID is empty") } - if !tokenverify.IsManagerUserID(opUserID) { + if !authverify.IsManagerUserID(opUserID) { if !strings.HasPrefix(name, opUserID+"/") { return errs.ErrNoPermission.Wrap(fmt.Sprintf("name must start with `%s/`", opUserID)) } diff --git a/internal/rpc/user/user.go b/internal/rpc/user/user.go index 3961f1ce0..f95e66c0d 100644 --- a/internal/rpc/user/user.go +++ b/internal/rpc/user/user.go @@ -17,6 +17,7 @@ package user import ( "context" "errors" + "github.com/OpenIMSDK/Open-IM-Server/pkg/authverify" "strings" "time" @@ -35,7 +36,6 @@ import ( pbuser "github.com/OpenIMSDK/protocol/user" registry "github.com/OpenIMSDK/tools/discoveryregistry" "github.com/OpenIMSDK/tools/errs" - "github.com/OpenIMSDK/tools/tokenverify" "github.com/OpenIMSDK/tools/tx" "google.golang.org/grpc" @@ -50,6 +50,11 @@ type userServer struct { RegisterCenter registry.SvcDiscoveryRegistry } +func (s *userServer) SubscribeOrCancelUsersStatus(ctx context.Context, req *pbuser.SubscribeOrCancelUsersStatusReq) (*pbuser.SubscribeOrCancelUsersStatusResp, error) { + //TODO implement me + panic("implement me") +} + func Start(client registry.SvcDiscoveryRegistry, server *grpc.Server) error { db, err := relation.NewGormDB() if err != nil { @@ -99,7 +104,7 @@ func (s *userServer) GetDesignateUsers(ctx context.Context, req *pbuser.GetDesig func (s *userServer) UpdateUserInfo(ctx context.Context, req *pbuser.UpdateUserInfoReq) (resp *pbuser.UpdateUserInfoResp, err error) { resp = &pbuser.UpdateUserInfoResp{} - err = tokenverify.CheckAccessV3(ctx, req.UserInfo.UserID) + err = authverify.CheckAccessV3(ctx, req.UserInfo.UserID) if err != nil { return nil, err } @@ -141,7 +146,7 @@ func (s *userServer) AccountCheck(ctx context.Context, req *pbuser.AccountCheckR if utils.Duplicate(req.CheckUserIDs) { return nil, errs.ErrArgs.Wrap("userID repeated") } - err = tokenverify.CheckAdmin(ctx) + err = authverify.CheckAdmin(ctx) if err != nil { return nil, err } diff --git a/pkg/authverify/token.go b/pkg/authverify/token.go index 6df81cea0..d39b8e50b 100644 --- a/pkg/authverify/token.go +++ b/pkg/authverify/token.go @@ -11,7 +11,7 @@ import ( "github.com/golang-jwt/jwt/v4" ) -func secret() jwt.Keyfunc { +func Secret() jwt.Keyfunc { return func(token *jwt.Token) (interface{}, error) { return []byte(config.Config.Secret), nil } @@ -40,7 +40,7 @@ func CheckAdmin(ctx context.Context) error { } func ParseRedisInterfaceToken(redisToken interface{}) (*tokenverify.Claims, error) { - return tokenverify.GetClaimFromToken(string(redisToken.([]uint8)), secret()) + return tokenverify.GetClaimFromToken(string(redisToken.([]uint8)), Secret()) } func IsManagerUserID(opUserID string) bool { @@ -48,7 +48,7 @@ func IsManagerUserID(opUserID string) bool { } func WsVerifyToken(token, userID string, platformID int) error { - claim, err := tokenverify.GetClaimFromToken(token, secret()) + claim, err := tokenverify.GetClaimFromToken(token, Secret()) if err != nil { return err } diff --git a/pkg/common/db/controller/auth.go b/pkg/common/db/controller/auth.go index bb614438c..d864e078b 100644 --- a/pkg/common/db/controller/auth.go +++ b/pkg/common/db/controller/auth.go @@ -16,6 +16,7 @@ package controller import ( "context" + "github.com/OpenIMSDK/Open-IM-Server/pkg/authverify" "github.com/golang-jwt/jwt/v4" @@ -60,7 +61,7 @@ func (a *authDatabase) CreateToken(ctx context.Context, userID string, platformI } var deleteTokenKey []string for k, v := range tokens { - _, err = tokenverify.GetClaimFromToken(k) + _, err = tokenverify.GetClaimFromToken(k, authverify.Secret()) if err != nil || v != constant.NormalToken { deleteTokenKey = append(deleteTokenKey, k) } diff --git a/pkg/rpcclient/user.go b/pkg/rpcclient/user.go index 05cce5531..1ce4fd53c 100644 --- a/pkg/rpcclient/user.go +++ b/pkg/rpcclient/user.go @@ -16,6 +16,7 @@ package rpcclient import ( "context" + "github.com/OpenIMSDK/Open-IM-Server/pkg/authverify" "strings" "google.golang.org/grpc" @@ -25,7 +26,6 @@ import ( "github.com/OpenIMSDK/protocol/user" "github.com/OpenIMSDK/tools/discoveryregistry" "github.com/OpenIMSDK/tools/errs" - "github.com/OpenIMSDK/tools/tokenverify" "github.com/OpenIMSDK/tools/utils" ) @@ -144,7 +144,7 @@ func (u *UserRpcClient) Access(ctx context.Context, ownerUserID string) error { if err != nil { return err } - return tokenverify.CheckAccessV3(ctx, ownerUserID) + return authverify.CheckAccessV3(ctx, ownerUserID) } func (u *UserRpcClient) GetAllUserIDs(ctx context.Context, pageNumber, showNumber int32) ([]string, error) {