From 2cc13de3e2cc877d01f64367c7b65fc99a0b1a50 Mon Sep 17 00:00:00 2001 From: eson <9673575+githubcontent@user.noreply.gitee.com> Date: Mon, 12 Jun 2023 20:04:30 +0800 Subject: [PATCH] =?UTF-8?q?jwt=E9=AA=8C=E8=AF=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../handler/useraddresslisthandler.go | 35 +++++------- utils/auth/user.go | 54 +++++++++++++++++++ 2 files changed, 68 insertions(+), 21 deletions(-) diff --git a/server/home-user-auth/internal/handler/useraddresslisthandler.go b/server/home-user-auth/internal/handler/useraddresslisthandler.go index 5682aed8..5ecc5a96 100644 --- a/server/home-user-auth/internal/handler/useraddresslisthandler.go +++ b/server/home-user-auth/internal/handler/useraddresslisthandler.go @@ -15,30 +15,23 @@ import ( "fusenapi/server/home-user-auth/internal/types" ) +var wantJwt = true + func UserAddressListHandler(svcCtx *svc.ServiceContext) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { - // 解析jwtToken - claims, err := svcCtx.ParseJwtToken(r) - // 如果解析出错,则返回未授权的JSON响应并记录错误消息 - if err != nil { - httpx.OkJsonCtx(r.Context(), w, &basic.Response{ - Code: 401, - Message: "unauthorized", - }) - logx.Info("unauthorized:", err.Error()) - return - } + var userinfo *auth.UserInfo + var err error - // 从Token里获取对应的信息 - userinfo, err := auth.GetUserInfoFormMapClaims(claims) - // 如果获取用户信息出错,则返回未授权的JSON响应并记录错误消息 - if err != nil { - httpx.OkJsonCtx(r.Context(), w, &basic.Response{ - Code: 401, - Message: "unauthorized", - }) - logx.Info("unauthorized:", err.Error()) - return + if wantJwt { + userinfo, err = auth.ParseJwtToken(w, r, &svcCtx.Config.Auth.AccessSecret) + if err != nil { + httpx.OkJsonCtx(r.Context(), w, &basic.Response{ + Code: 401, + Message: "unauthorized", + }) + logx.Info("unauthorized:", err.Error()) + return + } } var req types.Request diff --git a/utils/auth/user.go b/utils/auth/user.go index e27e9890..63c08bef 100644 --- a/utils/auth/user.go +++ b/utils/auth/user.go @@ -5,6 +5,7 @@ import ( "encoding/json" "errors" "fmt" + "net/http" "github.com/golang-jwt/jwt" "github.com/google/uuid" @@ -60,3 +61,56 @@ func GenerateJwtToken(accessSecret string, accessExpire, nowSec int64, userid in token.Claims = claims return token.SignedString([]byte(accessSecret)) } + +func ParseJwtToken(w http.ResponseWriter, r *http.Request, AccessSecret *string) (*UserInfo, error) { + // 解析jwtToken + claims, err := getJwtClaims(r, AccessSecret) + // 如果解析出错,则返回未授权的JSON响应并记录错误消息 + if err != nil { + // httpx.OkJsonCtx(r.Context(), w, &basic.Response{ + // Code: 401, + // Message: "unauthorized", + // }) + // logx.Info("unauthorized:", err.Error()) + return nil, err + } + + // 从Token里获取对应的信息 + userinfo, err := GetUserInfoFormMapClaims(claims) + // 如果获取用户信息出错,则返回未授权的JSON响应并记录错误消息 + if err != nil { + // httpx.OkJsonCtx(r.Context(), w, &basic.Response{ + // Code: 401, + // Message: "unauthorized", + // }) + // logx.Info("unauthorized:", err.Error()) + return nil, err + } + return userinfo, err +} + +func getJwtClaims(r *http.Request, AccessSecret *string) (jwt.MapClaims, error) { + AuthKey := r.Header.Get("Authorization") + if len(AuthKey) <= 50 { + return nil, errors.New(fmt.Sprint("Error parsing token, len:", len(AuthKey))) + } + + token, err := jwt.Parse(AuthKey, func(token *jwt.Token) (interface{}, error) { + // 检查签名方法是否为 HS256 + if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { + return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"]) + } + // 返回用于验证签名的密钥 + return []byte(*AccessSecret), nil + }) + if err != nil { + return nil, errors.New(fmt.Sprint("Error parsing token:", err)) + } + + // 验证成功返回 + if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid { + return claims, nil + } + + return nil, errors.New(fmt.Sprint("Invalid token", err)) +}