另客网go项目公用的代码库

auth.go 2.5KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091
  1. package auth
  2. import (
  3. "fmt"
  4. "github.com/dgrijalva/jwt-go"
  5. "github.com/gin-gonic/gin"
  6. "net/http"
  7. "time"
  8. )
  9. const (
  10. CtxRequestHeaderUserId = "user_id"
  11. ctxRequestHeaderAuthorization = "Authorization"
  12. ctxRequestCookieAuthorization = "ak"
  13. ctxRequestTokenExpired = "expired"
  14. )
  15. func Auth(authKey string) gin.HandlerFunc {
  16. return func(ctx *gin.Context) {
  17. var (
  18. err error
  19. tk = ctx.Request.Header.Get(ctxRequestHeaderAuthorization)
  20. )
  21. if tk == "" {
  22. tk, err = ctx.Cookie(ctxRequestCookieAuthorization)
  23. if err != nil {
  24. ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed"})
  25. return
  26. }
  27. tk = "Bearer " + tk
  28. }
  29. if len(tk) < 8 {
  30. ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed"})
  31. return
  32. }
  33. token, err := jwt.Parse(tk[7:], func(token *jwt.Token) (interface{}, error) {
  34. if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
  35. return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
  36. }
  37. return []byte(authKey), nil
  38. })
  39. if err != nil || !token.Valid {
  40. ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed"})
  41. return
  42. }
  43. if mapClaims, ok := token.Claims.(jwt.MapClaims); ok {
  44. if expired, ok := mapClaims[ctxRequestTokenExpired].(float64); ok {
  45. switch true {
  46. case expired > 0:
  47. if int64(expired) < time.Now().Unix() {
  48. ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, token timeout"})
  49. return
  50. }
  51. // todo check expired from server
  52. case expired == 0:
  53. // Only cookie is exists, check token expired. app expired by itself call logout when app exit
  54. if _, err := ctx.Cookie(ctxRequestCookieAuthorization); err != nil {
  55. ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, token timeout"})
  56. return
  57. }
  58. default:
  59. ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, token timeout"})
  60. return
  61. }
  62. if uid, ok := mapClaims[CtxRequestHeaderUserId].(float64); ok {
  63. ctx.Set(CtxRequestHeaderUserId, int64(uid))
  64. } else {
  65. ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, mapClaims[CtxRequestHeaderUserId].(float64) error"})
  66. return
  67. }
  68. } else {
  69. ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, mapClaims[ctxRequestTokenExpired].(float64) error"})
  70. return
  71. }
  72. } else {
  73. ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, token.Claims.(jwt.MapClaims) error"})
  74. return
  75. }
  76. }
  77. }