package auth import ( "fmt" "net/http" "github.com/dgrijalva/jwt-go" "github.com/gin-gonic/gin" ) const ( CtxRequestHeaderUserId = "user_id" CtxRequestHeaderTeamId = "team_id" CtxRequestHeaderRoleId = "role_id" ctxRequestHeaderAuthorization = "Authorization" ctxRequestCookieAuthorization = "ak" ctxRequestTokenExpired = "expired" ) func Auth(authKey string, session Session) gin.HandlerFunc { return func(ctx *gin.Context) { var tokenFromCookie, tokenFromHeader string tokenFromCookie, err := ctx.Cookie(ctxRequestCookieAuthorization) if err == http.ErrNoCookie { tokenFromHeader = ctx.Request.Header.Get(ctxRequestHeaderAuthorization) } if tokenFromHeader == "" { tokenFromHeader = "Bearer " + tokenFromCookie } if len(tokenFromHeader) < 8 { ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed"}) return } token, err := jwt.Parse(tokenFromHeader[7:], func(token *jwt.Token) (interface{}, error) { if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"]) } return []byte(authKey), nil }) if err != nil || !token.Valid { ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed"}) return } if !session.IsExistsJwtToken(token.Raw) { ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, token expired by server"}) return } if mapClaims, ok := token.Claims.(jwt.MapClaims); ok { if uid, ok := mapClaims[CtxRequestHeaderUserId].(float64); ok { ctx.Set(CtxRequestHeaderUserId, int64(uid)) } else { ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, mapClaims[CtxRequestHeaderUserId].(float64) error"}) return } } else { ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, token.Claims.(jwt.MapClaims) error"}) return } } } func CloudTeamAuth(authKey string, session Session) gin.HandlerFunc { return func(ctx *gin.Context) { var tokenFromCookie, tokenFromHeader string tokenFromCookie, err := ctx.Cookie(ctxRequestCookieAuthorization) if err == http.ErrNoCookie { tokenFromHeader = ctx.Request.Header.Get(ctxRequestHeaderAuthorization) } if tokenFromHeader == "" { tokenFromHeader = "Bearer " + tokenFromCookie } if len(tokenFromHeader) < 8 { ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed"}) return } token, err := jwt.Parse(tokenFromHeader[7:], func(token *jwt.Token) (interface{}, error) { if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"]) } return []byte(authKey), nil }) if err != nil || !token.Valid { ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed"}) return } if !session.IsExistsJwtToken(token.Raw) { ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, token expired by server"}) return } if mapClaims, ok := token.Claims.(jwt.MapClaims); ok { if uid, ok := mapClaims[CtxRequestHeaderUserId].(float64); ok { ctx.Set(CtxRequestHeaderUserId, int64(uid)) } else { ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, mapClaims[CtxRequestHeaderUserId].(float64) error"}) return } if tid, ok := mapClaims[CtxRequestHeaderTeamId].(float64); ok { ctx.Set(CtxRequestHeaderTeamId, int64(tid)) } else { ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, mapClaims[CtxRequestHeaderTeamId].(float64) error"}) return } if rid, ok := mapClaims[CtxRequestHeaderRoleId].(float64); ok { ctx.Set(CtxRequestHeaderRoleId, int64(rid)) } else { ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, mapClaims[CtxRequestHeaderRoleId].(float64) error"}) return } } else { ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, token.Claims.(jwt.MapClaims) error"}) return } } }