links123.com
/
pkg
關註 7
收藏 1
複製 5
程式碼 問題管理 0 合併請求 0 版本發佈 1 Wiki Activity
瀏覽代碼

add team and role id

Paul 6 年之前
父節點
5cb37e2535
當前提交
ba094d2383
共有 2 個文件被更改,包括 85 次插入0 次删除
分割檢視 顯示文件統計
  1. 50
    0
      middleware/auth/auth.go
  2. 35
    0
      middleware/auth/optional_auth.go

+ 50
- 0
middleware/auth/auth.go 查看文件 

@@ -18,6 +18,56 @@ const (
18 18 
 )
19 19
20 20 
 func Auth(authKey string, session Session) gin.HandlerFunc {
21 
+	return func(ctx *gin.Context) {
22 
+		var tokenFromCookie, tokenFromHeader string
23 
+
24 
+		tokenFromCookie, err := ctx.Cookie(ctxRequestCookieAuthorization)
25 
+		if err == http.ErrNoCookie {
26 
+			tokenFromHeader = ctx.Request.Header.Get(ctxRequestHeaderAuthorization)
27 
+		}
28 
+
29 
+		if tokenFromHeader == "" {
30 
+			tokenFromHeader = "Bearer " + tokenFromCookie
31 
+		}
32 
+
33 
+		if len(tokenFromHeader) < 8 {
34 
+			ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed"})
35 
+			return
36 
+		}
37 
+
38 
+		token, err := jwt.Parse(tokenFromHeader[7:], func(token *jwt.Token) (interface{}, error) {
39 
+			if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
40 
+				return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
41 
+			}
42 
+
43 
+			return []byte(authKey), nil
44 
+		})
45 
+
46 
+		if err != nil || !token.Valid {
47 
+			ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed"})
48 
+			return
49 
+		}
50 
+
51 
+		if !session.IsExistsJwtToken(token.Raw) {
52 
+			ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, token expired by server"})
53 
+			return
54 
+		}
55 
+
56 
+		if mapClaims, ok := token.Claims.(jwt.MapClaims); ok {
57 
+			if uid, ok := mapClaims[CtxRequestHeaderUserId].(float64); ok {
58 
+				ctx.Set(CtxRequestHeaderUserId, int64(uid))
59 
+			} else {
60 
+				ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, mapClaims[CtxRequestHeaderUserId].(float64) error"})
61 
+				return
62 
+			}
63 
+		} else {
64 
+			ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, token.Claims.(jwt.MapClaims) error"})
65 
+			return
66 
+		}
67 
+	}
68 
+}
69 
+
70 
+func CloudTeamAuth(authKey string, session Session) gin.HandlerFunc {
21 71 
 	return func(ctx *gin.Context) {
22 72 
 		var tokenFromCookie, tokenFromHeader string
23 73

+ 35
- 0
middleware/auth/optional_auth.go 查看文件 

@@ -9,6 +9,41 @@ import (
9 9 
 )
10 10
11 11 
 func OptionalAuth(authKey string) gin.HandlerFunc {
12 
+	return func(ctx *gin.Context) {
13 
+		var tokenFromCookie, tokenFromHeader string
14 
+
15 
+		tokenFromCookie, err := ctx.Cookie(ctxRequestCookieAuthorization)
16 
+		if err == http.ErrNoCookie {
17 
+			tokenFromHeader = ctx.Request.Header.Get(ctxRequestHeaderAuthorization)
18 
+		}
19 
+
20 
+		if tokenFromHeader == "" {
21 
+			tokenFromHeader = "Bearer " + tokenFromCookie
22 
+		}
23 
+
24 
+		if len(tokenFromHeader) > 7 {
25 
+			token, err := jwt.Parse(tokenFromHeader[7:], func(token *jwt.Token) (interface{}, error) {
26 
+				if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
27 
+					return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
28 
+				}
29 
+
30 
+				return []byte(authKey), nil
31 
+			})
32 
+
33 
+			if err != nil || !token.Valid {
34 
+				return
35 
+			}
36 
+
37 
+			if mapClaims, ok := token.Claims.(jwt.MapClaims); ok {
38 
+				if uid, ok := mapClaims[CtxRequestHeaderUserId].(float64); ok {
39 
+					ctx.Set(CtxRequestHeaderUserId, int64(uid))
40 
+				}
41 
+			}
42 
+		}
43 
+	}
44 
+}
45 
+
46 
+func OptionalCloudTeamAuth(authKey string) gin.HandlerFunc {
12 47 
 	return func(ctx *gin.Context) {
13 48 
 		var tokenFromCookie, tokenFromHeader string
14 49