You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
paopao-ce/internal/servants/chain/jwt.go

145 lines
3.5 KiB

// Copyright 2022 ROC. All rights reserved.
// Use of this source code is governed by a MIT style
// license that can be found in the LICENSE file.
2 years ago
package chain
import (
"errors"
2 years ago
"strings"
"github.com/gin-gonic/gin"
"github.com/golang-jwt/jwt/v5"
2 years ago
"github.com/rocboss/paopao-ce/pkg/app"
"github.com/rocboss/paopao-ce/pkg/xerror"
2 years ago
)
func JWT() gin.HandlerFunc {
ums := userManageService()
2 years ago
return func(c *gin.Context) {
var (
token string
ecode = xerror.Success
2 years ago
)
if s, exist := c.GetQuery("token"); exist {
token = s
} else {
token = c.GetHeader("Authorization")
// 验证前端传过来的token格式不为空开头为Bearer
if token == "" || !strings.HasPrefix(token, "Bearer ") {
response := app.NewResponse(c)
response.ToErrorResponse(xerror.UnauthorizedTokenError)
2 years ago
c.Abort()
return
}
// 验证通过提取有效部分除去Bearer)
token = token[7:]
}
if token != "" {
if claims, err := app.ParseToken(token); err == nil {
2 years ago
// 加载用户信息
if user, err := ums.GetUserByID(claims.UID); err == nil {
// 强制下线机制
if app.IssuerFrom(user.Salt) == claims.Issuer {
c.Set("USER", user)
c.Set("UID", claims.UID)
c.Set("USERNAME", claims.Username)
} else {
ecode = xerror.UnauthorizedTokenTimeout
}
} else {
ecode = xerror.UnauthorizedAuthNotExist
2 years ago
}
} else {
if errors.Is(err, jwt.ErrTokenExpired) {
ecode = xerror.UnauthorizedTokenTimeout
} else {
ecode = xerror.UnauthorizedTokenError
}
}
} else {
ecode = xerror.InvalidParams
}
if ecode != xerror.Success {
response := app.NewResponse(c)
response.ToErrorResponse(ecode)
c.Abort()
return
}
c.Next()
}
}
func JwtSurely() gin.HandlerFunc {
return func(c *gin.Context) {
var (
token string
ecode = xerror.Success
)
if s, exist := c.GetQuery("token"); exist {
token = s
} else {
token = c.GetHeader("Authorization")
// 验证前端传过来的token格式不为空开头为Bearer
if token == "" || !strings.HasPrefix(token, "Bearer ") {
response := app.NewResponse(c)
response.ToErrorResponse(xerror.UnauthorizedTokenError)
c.Abort()
return
}
// 验证通过提取有效部分除去Bearer)
token = token[7:]
}
if token != "" {
if claims, err := app.ParseToken(token); err == nil {
c.Set("UID", claims.UID)
c.Set("USERNAME", claims.Username)
} else {
if errors.Is(err, jwt.ErrTokenExpired) {
ecode = xerror.UnauthorizedTokenTimeout
} else {
ecode = xerror.UnauthorizedTokenError
2 years ago
}
}
} else {
ecode = xerror.InvalidParams
2 years ago
}
if ecode != xerror.Success {
2 years ago
response := app.NewResponse(c)
response.ToErrorResponse(ecode)
c.Abort()
return
}
c.Next()
}
}
func JwtLoose() gin.HandlerFunc {
ums := userManageService()
2 years ago
return func(c *gin.Context) {
token, exist := c.GetQuery("token")
if !exist {
token = c.GetHeader("Authorization")
// 验证前端传过来的token格式不为空开头为Bearer
if strings.HasPrefix(token, "Bearer ") {
// 验证通过提取有效部分除去Bearer)
token = token[7:]
} else {
c.Next()
}
}
if len(token) > 0 {
if claims, err := app.ParseToken(token); err == nil {
// 加载用户信息
user, err := ums.GetUserByID(claims.UID)
if err == nil && app.IssuerFrom(user.Salt) == claims.Issuer {
c.Set("UID", claims.UID)
c.Set("USERNAME", claims.Username)
2 years ago
c.Set("USER", user)
}
}
}
c.Next()
}
}