paopao-ce/internal/servants/chain/jwt.go

// Copyright 2022 ROC. All rights reserved.
// Use of this source code is governed by a MIT style
// license that can be found in the LICENSE file.

package chain

import (
	"errors"
	"strings"

	"github.com/gin-gonic/gin"
	"github.com/golang-jwt/jwt/v5"
	"github.com/rocboss/paopao-ce/internal/conf"
	"github.com/rocboss/paopao-ce/pkg/app"
	"github.com/rocboss/paopao-ce/pkg/xerror"
)

func JWT() gin.HandlerFunc {
	ums := userManageService()
	return func(c *gin.Context) {
		var (
			token string
			ecode = xerror.Success
		)
		if s, exist := c.GetQuery("token"); exist {
			token = s
		} else {
			token = c.GetHeader("Authorization")
			// 验证前端传过来的token格式，不为空，开头为Bearer
			if token == "" || !strings.HasPrefix(token, "Bearer ") {
				response := app.NewResponse(c)
				response.ToErrorResponse(xerror.UnauthorizedTokenError)
				c.Abort()
				return
			}
			// 验证通过，提取有效部分（除去Bearer)
			token = token[7:]
		}
		if token != "" {
			if claims, err := app.ParseToken(token); err == nil {
				// 加载用户信息
				if user, err := ums.GetUserByID(claims.UID); err == nil {
					// 强制下线机制
					if (conf.JWTSetting.Issuer + ":" + user.Salt) == claims.Issuer {
						c.Set("USER", user)
						c.Set("UID", claims.UID)
						c.Set("USERNAME", claims.Username)
					} else {
						ecode = xerror.UnauthorizedTokenTimeout
					}
				} else {
					ecode = xerror.UnauthorizedAuthNotExist
				}
			} else {
				if errors.Is(err, jwt.ErrTokenExpired) {
					ecode = xerror.UnauthorizedTokenTimeout
				} else {
					ecode = xerror.UnauthorizedTokenError
				}
			}
		} else {
			ecode = xerror.InvalidParams
		}
		if ecode != xerror.Success {
			response := app.NewResponse(c)
			response.ToErrorResponse(ecode)
			c.Abort()
			return
		}
		c.Next()
	}
}

func JwtSurely() gin.HandlerFunc {
	return func(c *gin.Context) {
		var (
			token string
			ecode = xerror.Success
		)
		if s, exist := c.GetQuery("token"); exist {
			token = s
		} else {
			token = c.GetHeader("Authorization")
			// 验证前端传过来的token格式，不为空，开头为Bearer
			if token == "" || !strings.HasPrefix(token, "Bearer ") {
				response := app.NewResponse(c)
				response.ToErrorResponse(xerror.UnauthorizedTokenError)
				c.Abort()
				return
			}
			// 验证通过，提取有效部分（除去Bearer)
			token = token[7:]
		}
		if token != "" {
			if claims, err := app.ParseToken(token); err == nil {
				c.Set("UID", claims.UID)
				c.Set("USERNAME", claims.Username)
			} else {
				if errors.Is(err, jwt.ErrTokenExpired) {
					ecode = xerror.UnauthorizedTokenTimeout
				} else {
					ecode = xerror.UnauthorizedTokenError
				}
			}
		} else {
			ecode = xerror.InvalidParams
		}
		if ecode != xerror.Success {
			response := app.NewResponse(c)
			response.ToErrorResponse(ecode)
			c.Abort()
			return
		}
		c.Next()
	}
}

func JwtLoose() gin.HandlerFunc {
	ums := userManageService()
	return func(c *gin.Context) {
		token, exist := c.GetQuery("token")
		if !exist {
			token = c.GetHeader("Authorization")
			// 验证前端传过来的token格式，不为空，开头为Bearer
			if strings.HasPrefix(token, "Bearer ") {
				// 验证通过，提取有效部分（除去Bearer)
				token = token[7:]
			} else {
				c.Next()
			}
		}
		if len(token) > 0 {
			if claims, err := app.ParseToken(token); err == nil {
				// 加载用户信息
				user, err := ums.GetUserByID(claims.UID)
				if err == nil && (conf.JWTSetting.Issuer+":"+user.Salt) == claims.Issuer {
					c.Set("UID", claims.UID)
					c.Set("USERNAME", claims.Username)
					c.Set("USER", user)
				}
			}
		}
		c.Next()
	}
}
-												mir: optimize source code layout for import go-mir

											
										
										
											2 years ago
+								// Copyright 2022 ROC. All rights reserved.
 								// Use of this source code is governed by a MIT style
 								// license that can be found in the LICENSE file.
-												prepare use mir

											
										
										
											2 years ago
+								package chain
 								import (
-												upgrade github.com/golang-jwt/jwt/v5 => v5.0.0 and optimize /v1/user/msgcount/unread api process logic

											
										
										
											1 year ago
+									"errors"
-												prepare use mir

											
										
										
											2 years ago
+									"strings"
 									"github.com/gin-gonic/gin"
-												upgrade github.com/golang-jwt/jwt/v5 => v5.0.0 and optimize /v1/user/msgcount/unread api process logic

											
										
										
											1 year ago
+									"github.com/golang-jwt/jwt/v5"
-												prepare use mir

											
										
										
											2 years ago
+									"github.com/rocboss/paopao-ce/internal/conf"
 									"github.com/rocboss/paopao-ce/pkg/app"
-												remove Deprecated:OldWeb feature

											
										
										
											2 years ago
+									"github.com/rocboss/paopao-ce/pkg/xerror"
-												prepare use mir

											
										
										
											2 years ago
+								)
 								func JWT() gin.HandlerFunc {
-												optimize get user info logic in JWT process

											
										
										
											2 years ago
+									ums := userManageService()
-												prepare use mir

											
										
										
											2 years ago
+									return func(c *gin.Context) {
 										var (
 											token string
-												remove Deprecated:OldWeb feature

											
										
										
											2 years ago
+											ecode = xerror.Success
-												prepare use mir

											
										
										
											2 years ago
+										)
 										if s, exist := c.GetQuery("token"); exist {
 											token = s
 										} else {
 											token = c.GetHeader("Authorization")
 											// 验证前端传过来的token格式，不为空，开头为Bearer
 											if token == "" || !strings.HasPrefix(token, "Bearer ") {
 												response := app.NewResponse(c)
-												remove Deprecated:OldWeb feature

											
										
										
											2 years ago
+												response.ToErrorResponse(xerror.UnauthorizedTokenError)
-												prepare use mir

											
										
										
											2 years ago
+												c.Abort()
 												return
 											}
 											// 验证通过，提取有效部分（除去Bearer)
 											token = token[7:]
 										}
-												fixed JWT valide error whent get user by id failed

											
										
										
											1 year ago
+										if token != "" {
 											if claims, err := app.ParseToken(token); err == nil {
-												prepare use mir

											
										
										
											2 years ago
+												// 加载用户信息
-												fixed JWT valide error whent get user by id failed

											
										
										
											1 year ago
+												if user, err := ums.GetUserByID(claims.UID); err == nil {
 													// 强制下线机制
 													if (conf.JWTSetting.Issuer + ":" + user.Salt) == claims.Issuer {
 														c.Set("USER", user)
 														c.Set("UID", claims.UID)
 														c.Set("USERNAME", claims.Username)
 													} else {
 														ecode = xerror.UnauthorizedTokenTimeout
 													}
-												optimize get user info logic in JWT process

											
										
										
											2 years ago
+												} else {
-												remove Deprecated:OldWeb feature

											
										
										
											2 years ago
+													ecode = xerror.UnauthorizedAuthNotExist
-												prepare use mir

											
										
										
											2 years ago
+												}
-												fixed JWT valide error whent get user by id failed

											
										
										
											1 year ago
+											} else {
-												upgrade github.com/golang-jwt/jwt/v5 => v5.0.0 and optimize /v1/user/msgcount/unread api process logic

											
										
										
											1 year ago
+												if errors.Is(err, jwt.ErrTokenExpired) {
-												remove Deprecated:OldWeb feature

											
										
										
											2 years ago
+													ecode = xerror.UnauthorizedTokenTimeout
-												upgrade github.com/golang-jwt/jwt/v5 => v5.0.0 and optimize /v1/user/msgcount/unread api process logic

											
										
										
											1 year ago
+												} else {
 													ecode = xerror.UnauthorizedTokenError
 												}
 											}
 										} else {
 											ecode = xerror.InvalidParams
 										}
 										if ecode != xerror.Success {
 											response := app.NewResponse(c)
 											response.ToErrorResponse(ecode)
 											c.Abort()
 											return
 										}
 										c.Next()
 									}
 								}
 								func JwtSurely() gin.HandlerFunc {
 									return func(c *gin.Context) {
 										var (
 											token string
 											ecode = xerror.Success
 										)
 										if s, exist := c.GetQuery("token"); exist {
 											token = s
 										} else {
 											token = c.GetHeader("Authorization")
 											// 验证前端传过来的token格式，不为空，开头为Bearer
 											if token == "" || !strings.HasPrefix(token, "Bearer ") {
 												response := app.NewResponse(c)
 												response.ToErrorResponse(xerror.UnauthorizedTokenError)
 												c.Abort()
 												return
 											}
 											// 验证通过，提取有效部分（除去Bearer)
 											token = token[7:]
 										}
 										if token != "" {
 											if claims, err := app.ParseToken(token); err == nil {
 												c.Set("UID", claims.UID)
 												c.Set("USERNAME", claims.Username)
 											} else {
 												if errors.Is(err, jwt.ErrTokenExpired) {
 													ecode = xerror.UnauthorizedTokenTimeout
 												} else {
-												fixed JWT valide error whent get user by id failed

											
										
										
											1 year ago
+													ecode = xerror.UnauthorizedTokenError
-												prepare use mir

											
										
										
											2 years ago
+												}
 											}
-												fixed JWT valide error whent get user by id failed

											
										
										
											1 year ago
+										} else {
 											ecode = xerror.InvalidParams
-												prepare use mir

											
										
										
											2 years ago
+										}
-												remove Deprecated:OldWeb feature

											
										
										
											2 years ago
+										if ecode != xerror.Success {
-												prepare use mir

											
										
										
											2 years ago
+											response := app.NewResponse(c)
 											response.ToErrorResponse(ecode)
 											c.Abort()
 											return
 										}
 										c.Next()
 									}
 								}
 								func JwtLoose() gin.HandlerFunc {
-												optimize get user info logic in JWT process

											
										
										
											2 years ago
+									ums := userManageService()
-												prepare use mir

											
										
										
											2 years ago
+									return func(c *gin.Context) {
 										token, exist := c.GetQuery("token")
 										if !exist {
 											token = c.GetHeader("Authorization")
 											// 验证前端传过来的token格式，不为空，开头为Bearer
 											if strings.HasPrefix(token, "Bearer ") {
 												// 验证通过，提取有效部分（除去Bearer)
 												token = token[7:]
 											} else {
 												c.Next()
 											}
 										}
 										if len(token) > 0 {
 											if claims, err := app.ParseToken(token); err == nil {
 												// 加载用户信息
-												optimize get user info logic in JWT process

											
										
										
											2 years ago
+												user, err := ums.GetUserByID(claims.UID)
-												prepare use mir

											
										
										
											2 years ago
+												if err == nil && (conf.JWTSetting.Issuer+":"+user.Salt) == claims.Issuer {
-												fixed JWT valide error whent get user by id failed

											
										
										
											1 year ago
+													c.Set("UID", claims.UID)
 													c.Set("USERNAME", claims.Username)
-												prepare use mir

											
										
										
											2 years ago
+													c.Set("USER", user)
 												}
 											}
 										}
 										c.Next()
 									}
 								}