大改jwt

utils/auth/jwt_token.go

@@ -0,0 +1,59 @@
+package auth
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/http"
+	"strings"
+)
+
+func ParseJwtTokenHeader[T any](r *http.Request) (string, *T, error) {
+
+	AuthKey := r.Header.Get("Authorization")
+	if AuthKey == "" {
+		return "", nil, nil
+	}
+	if len(AuthKey) <= 15 {
+		return "", nil, errors.New(fmt.Sprint("Error parsing token, len:", len(AuthKey)))
+	}
+	AuthKey = AuthKey[7:]
+
+	parts := strings.Split(AuthKey, ".")
+	if len(parts) != 3 {
+		return "", nil, fmt.Errorf("Invalid JWT token")
+	}
+
+	payload, err := base64.URLEncoding.DecodeString(parts[1])
+	if err != nil {
+		return "", nil, fmt.Errorf("Error unmarshalling JWT DecodeString: %s", err.Error())
+	}
+
+	var p T
+	err = json.Unmarshal(payload, &p)
+	if err != nil {
+		return "", nil, fmt.Errorf("Error unmarshalling JWT payload: %s", err)
+	}
+
+	return AuthKey, &p, nil
+
+	// token, err := jwt.Parse(AuthKey, func(token *jwt.Token) (interface{}, error) {
+	// 	// 检查签名方法是否为 HS256
+	// 	if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+	// 		return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
+	// 	}
+	// 	// 返回用于验证签名的密钥
+	// 	return []byte(svcCtx.Config.Auth.AccessSecret), nil
+	// })
+	// if err != nil {
+	// 	return nil, errors.New(fmt.Sprint("Error parsing token:", err))
+	// }
+
+	// // 验证成功返回
+	// if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
+	// 	return claims, nil
+	// }
+
+	// return nil, errors.New(fmt.Sprint("Invalid token", err))
+}

utils/auth/register.go

@@ -11,7 +11,7 @@ import (
 	"github.com/golang-jwt/jwt"
 )
 
-func ParseJwtTokenUint64Secret(r *http.Request, AccessSecret uint64) (jwt.MapClaims, error) {
+func ParseJwtTokenUint64SecretByRequest(r *http.Request, AccessSecret uint64) (jwt.MapClaims, error) {
 	AuthKey := r.Header.Get("Authorization")
 	if AuthKey == "" {
 		return nil, nil
@@ -46,6 +46,32 @@ func ParseJwtTokenUint64Secret(r *http.Request, AccessSecret uint64) (jwt.MapCla
 	return nil, errors.New(fmt.Sprint("Invalid token", err))
 }
 
+func ParseJwtTokenUint64Secret(AuthKey string, AccessSecret uint64) (jwt.MapClaims, error) {
+
+	// Convert uint64 to []byte
+	key := make([]byte, 8)
+	binary.BigEndian.PutUint64(key, AccessSecret)
+
+	token, err := jwt.Parse(AuthKey, func(token *jwt.Token) (interface{}, error) {
+		// 检查签名方法是否为 HS256
+		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
+		}
+		// 返回用于验证签名的密钥
+		return key, nil
+	})
+	if err != nil {
+		return nil, errors.New(fmt.Sprint("Error parsing token:", err))
+	}
+
+	// 验证成功返回
+	if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
+		return claims, nil
+	}
+
+	return nil, errors.New(fmt.Sprint("Invalid token", err))
+}
+
 // ValidateEmail checks if the provided string is a valid email address.
 func ValidateEmail(email string) bool {
 	_, err := mail.ParseAddress(email)

utils/basic/request_parse.go

@@ -2,6 +2,7 @@ package basic
 
 import (
 	"errors"
+	"fusenapi/fsm"
 	"fusenapi/utils/auth"
 	"net/http"
 	"reflect"
@@ -11,6 +12,8 @@ import (
 	"github.com/zeromicro/go-zero/rest/httpx"
 )
 
+var DefaultJwtSecret uint64 = 21321321321
+
 type IJWTParse interface {
 	ParseJwtToken(r *http.Request) (jwt.MapClaims, error)
 }
@@ -48,48 +51,66 @@ func NormalAfterLogic(w http.ResponseWriter, r *http.Request, resp *Response) {
 	}
 }
 
-func RequestParse(w http.ResponseWriter, r *http.Request, svcCtx IJWTParse, LogicRequest any) (userinfo *auth.UserInfo, err error) {
+func RequestParse(w http.ResponseWriter, r *http.Request, state *fsm.StateCluster, LogicRequest any) (*auth.UserInfo, error) {
 
-	// 解析JWT token,并对空用户进行判断
-	claims, err := svcCtx.ParseJwtToken(r)
-	// auth.ParseJwtTokenUint64Secret()
-
-	// 如果解析JWT token出错,则返回未授权的JSON响应并记录错误消息
+	token, info, err := auth.ParseJwtTokenHeader[auth.UserInfo](r)
 	if err != nil {
-		httpx.OkJsonCtx(r.Context(), w, &Response{
-			Code:    401,            // 返回401状态码,表示未授权
-			Message: "unauthorized", // 返回未授权信息
-		})
-		logx.Info("unauthorized:", err.Error()) // 记录错误日志
-		return
+		logx.Error(err)
+		return nil, err
 	}
 
-	if claims != nil {
-		// 从token中获取对应的用户信息
-		userinfo, err = auth.GetUserInfoFormMapClaims(claims)
-		// 如果获取用户信息出错,则返回未授权的JSON响应并记录错误消息
+	var secret uint64 = 0
+	if info.IsUser() {
+		us, err := state.GetUserState(info.UserId)
+		if err != nil {
+			logx.Error(err)
+			return nil, err
+		}
+		secret = us.PwdHash
+
+	} else if info.IsGuest() {
+		secret = DefaultJwtSecret
+	}
+
+	var userinfo *auth.UserInfo
+	if secret != 0 {
+		claims, err := auth.ParseJwtTokenUint64Secret(token, secret)
+		// 如果解析JWT token出错,则返回未授权的JSON响应并记录错误消息
 		if err != nil {
 			httpx.OkJsonCtx(r.Context(), w, &Response{
-				Code:    401,
-				Message: "unauthorized",
+				Code:    401,            // 返回401状态码,表示未授权
+				Message: "unauthorized", // 返回未授权信息
 			})
-			logx.Info("unauthorized:", err.Error())
-			return
+			logx.Info("unauthorized:", err.Error()) // 记录错误日志
+			return nil, err
+		}
+
+		if claims != nil {
+			// 从token中获取对应的用户信息
+			userinfo, err = auth.GetUserInfoFormMapClaims(claims)
+			// 如果获取用户信息出错,则返回未授权的JSON响应并记录错误消息
+			if err != nil {
+				httpx.OkJsonCtx(r.Context(), w, &Response{
+					Code:    401,
+					Message: "unauthorized",
+				})
+				logx.Info("unauthorized:", err.Error())
+				return nil, err
+			}
+		} else {
+			// 如果claims为nil,则认为用户身份为白板用户
+			userinfo = &auth.UserInfo{UserId: 0, GuestId: 0}
 		}
-	} else {
-		// 如果claims为nil,则认为用户身份为白板用户
-		userinfo = &auth.UserInfo{UserId: 0, GuestId: 0}
 	}
 
-	// var req types.RequestGoogleLogin
 	// 如果端点有请求结构体，则使用httpx.Parse方法从HTTP请求体中解析请求数据
 	if err = httpx.Parse(r, LogicRequest); err != nil {
 		httpx.OkJsonCtx(r.Context(), w, &Response{
 			Code:    510,
 			Message: "parameter error",
 		})
-		logx.Info(err)
-		return
+		logx.Error(err)
+		return nil, err
 	}
 
 	return userinfo, err