TimDing
/
pkg
forked from links123.com/pkg
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
另客网go项目公用的代码库
25 Commits
2 Branches
Tree: baaafddd96
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'baaafddd96'
${ noResults }
pkg/middleware/auth/auth.go

auth.go 2.4KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 
  1. package auth

  2. 

  3. import (

  4. 	"fmt"

  5. 	"github.com/dgrijalva/jwt-go"

  6. 	"github.com/gin-gonic/gin"

  7. 	"net/http"

  8. )

  9. 

  10. const (

  11. 	CtxRequestHeaderUserId        = "user_id"

  12. 	ctxRequestHeaderAuthorization = "Authorization"

  13. 	ctxRequestCookieAuthorization = "ak"

  14. 	ctxRequestTokenExpired        = "expired"

  15. )

  16. 

  17. func Auth(authKey string, session Session) gin.HandlerFunc {

  18. 	return func(ctx *gin.Context) {

  19. 		var tokenFromCookie, tokenFromHeader string

  20. 

  21. 		tokenFromCookie, err := ctx.Cookie(ctxRequestCookieAuthorization)

  22. 		if err != nil {

  23. 			if err == http.ErrNoCookie {

  24. 				tokenFromHeader = ctx.Request.Header.Get(ctxRequestHeaderAuthorization)

  25. 			}

  26. 		}

  27. 

  28. 		if tokenFromHeader == "" {

  29. 			tokenFromHeader = "Bearer " + tokenFromCookie

  30. 		}

  31. 

  32. 		if len(tokenFromHeader) < 8 {

  33. 			ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed"})

  34. 			return

  35. 		}

  36. 

  37. 		token, err := jwt.Parse(tokenFromHeader[7:], func(token *jwt.Token) (interface{}, error) {

  38. 			if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {

  39. 				return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])

  40. 			}

  41. 

  42. 			return []byte(authKey), nil

  43. 		})

  44. 

  45. 		if err != nil || !token.Valid {

  46. 			ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed"})

  47. 			return

  48. 		}

  49. 

  50. 		if !session.IsExistsJwtToken(token.Signature) {

  51. 			ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, token expired by server"})

  52. 			return

  53. 		}

  54. 

  55. 		if mapClaims, ok := token.Claims.(jwt.MapClaims); ok {

  56. 			if expired, ok := mapClaims[ctxRequestTokenExpired].(float64); ok {

  57. 				if expired == 0 && tokenFromCookie == "" {

  58. 					if session.DeleteJwtToken(token.Raw) {

  59. 						ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, token expired"})

  60. 

  61. 					} else {

  62. 						ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, delete server token failed"})

  63. 					}

  64. 

  65. 					return

  66. 				}

  67. 

  68. 				if uid, ok := mapClaims[CtxRequestHeaderUserId].(float64); ok {

  69. 					ctx.Set(CtxRequestHeaderUserId, int64(uid))

  70. 				} else {

  71. 					ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, mapClaims[CtxRequestHeaderUserId].(float64) error"})

  72. 					return

  73. 				}

  74. 			} else {

  75. 				ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, mapClaims[ctxRequestTokenExpired].(float64) error"})

  76. 				return

  77. 			}

  78. 		} else {

  79. 			ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, token.Claims.(jwt.MapClaims) error"})

  80. 			return

  81. 		}

  82. 	}

  83. }