diff --git a/controller/login.go b/controller/login.go index 0cc55ff..0f43741 100644 --- a/controller/login.go +++ b/controller/login.go @@ -8,6 +8,7 @@ import ( "html/template" "log" "net/http" + "time" ) //验证接口 @@ -20,7 +21,10 @@ func LoginCheckPass(c *gin.Context) { sessionId := CheckPass(username, password) userinfo := make(map[string]interface{}) userinfo["name"] = username + userinfo["create_time"] = time.Now().Unix() token, err := tools.MakeToken(userinfo) + userinfo["ref_token"]=true + refToken, _ := tools.MakeToken(userinfo) log.Println(err) if sessionId != "" { c.JSON(200, gin.H{ @@ -28,6 +32,8 @@ func LoginCheckPass(c *gin.Context) { "msg": "验证成功,正在跳转", "result": gin.H{ "token": token, + "ref_token":refToken, + "create_time":userinfo["create_time"], }, }) return diff --git a/middleware/jwt.go b/middleware/jwt.go index cdaed0c..2c9ee91 100644 --- a/middleware/jwt.go +++ b/middleware/jwt.go @@ -3,27 +3,35 @@ package middleware import ( "github.com/gin-gonic/gin" "github.com/taoshihan1991/imaptool/tools" - "log" + "time" ) func JwtPageMiddleware(c *gin.Context){ - token := c.Query("token") - userinfo := tools.ParseToken(token) - log.Println(userinfo) - if userinfo == nil { - c.Redirect(302,"/login") - c.Abort() - } + //暂时不处理 + //token := c.Query("token") + //userinfo := tools.ParseToken(token) + //if userinfo == nil { + // c.Redirect(302,"/login") + // c.Abort() + //} } func JwtApiMiddleware(c *gin.Context){ - log.Println("路由中间件") - token := c.Query("token") + token := c.GetHeader("token") userinfo := tools.ParseToken(token) - log.Println(userinfo) - if userinfo == nil { + if userinfo == nil||userinfo["name"]==nil { c.JSON(200, gin.H{ "code": 400, "msg": "验证失败", }) c.Abort() } + createTime:=int64(userinfo["create_time"].(float64)) + var expire int64=2*60*60 + nowTime:=time.Now().Unix(); + if (nowTime-createTime) >=expire{ + c.JSON(200, gin.H{ + "code": 401, + "msg": "token失效", + }) + c.Abort() + } } diff --git a/server.go b/server.go index 7afa1f5..5cc4943 100644 --- a/server.go +++ b/server.go @@ -29,7 +29,7 @@ func main() { //框架界面 engine.GET("/chat_main",middleware.JwtPageMiddleware,tmpl.PageChatMain) //验证权限 - engine.GET("/check_auth",middleware.JwtApiMiddleware, controller.MainCheckAuth) + engine.POST("/check_auth",middleware.JwtApiMiddleware, controller.MainCheckAuth) //------------------old code----------------------------- mux := &http.ServeMux{} //根路径 diff --git a/static/html/login.html b/static/html/login.html index c02f206..c171f9c 100644 --- a/static/html/login.html +++ b/static/html/login.html @@ -195,7 +195,10 @@ message: data.msg, type: 'success' }); - window.location.href="/main?token="+data.result.token; + localStorage.setItem("token",data.result.token); + localStorage.setItem("ref_token",data.result.ref_token); + localStorage.setItem("create_time",data.result.create_time); + window.location.href="/main"; }else{ _this.$message({ message: data.msg, diff --git a/static/html/main.html b/static/html/main.html index e27f037..cf0772e 100644 --- a/static/html/main.html +++ b/static/html/main.html @@ -80,9 +80,26 @@ var r = window.location.search.substr(1).match(reg); if(r!=null)return unescape(r[2]); return null; }, + checkAuth(){ + let _this=this; + $.ajax({ + type:"post", + url:"/check_auth", + headers:{ + "token":localStorage.getItem("token") + }, + success: function(data) { + if (data.code != 200) { + window.location.href="/login"; + } else { + _this.iframeUrl = "/chat_main"; + } + } + }); + } }, created: function () { - this.iframeUrl="/chat_main?token="+this.GetQueryString("token"); + this.checkAuth(); } }) diff --git a/tools/jwt.go b/tools/jwt.go index df1d7cf..4074a88 100644 --- a/tools/jwt.go +++ b/tools/jwt.go @@ -2,13 +2,11 @@ package tools import ( "github.com/dgrijalva/jwt-go" - "time" ) const SECRET = "taoshihan" func MakeToken(obj map[string]interface{}) (string, error) { - obj["time"] = time.Now().Unix() token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims(obj)) tokenString, err := token.SignedString([]byte(SECRET)) return tokenString, err