links123.com
/
pkg
Watch 7
Star 1
Fork 5
Code Issues 0 Pull Requests 0 Releases 1 Wiki Activity
另客网go项目公用的代码库
73 Commits
2 Branches
Tree: 3fad78fa0d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3fad78fa0d'
${ noResults }
pkg/middleware/auth/auth.go

auth.go 4.0KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133 
  1. package auth

  2. 

  3. import (

  4. 	"fmt"

  5. 	"net/http"

  6. 

  7. 	"github.com/dgrijalva/jwt-go"

  8. 	"github.com/gin-gonic/gin"

  9. )

  10. 

  11. const (

  12. 	CtxRequestHeaderUserId        = "user_id"

  13. 	CtxRequestHeaderTeamId        = "team_id"

  14. 	CtxRequestHeaderRoleId        = "role_id"

  15. 	ctxRequestHeaderAuthorization = "Authorization"

  16. 	ctxRequestCookieAuthorization = "ak"

  17. 	ctxRequestTokenExpired        = "expired"

  18. )

  19. 

  20. func Auth(authKey string, session Session) gin.HandlerFunc {

  21. 	return func(ctx *gin.Context) {

  22. 		var tokenFromCookie, tokenFromHeader string

  23. 

  24. 		tokenFromCookie, err := ctx.Cookie(ctxRequestCookieAuthorization)

  25. 		if err == http.ErrNoCookie {

  26. 			tokenFromHeader = ctx.Request.Header.Get(ctxRequestHeaderAuthorization)

  27. 		}

  28. 

  29. 		if tokenFromHeader == "" {

  30. 			tokenFromHeader = "Bearer " + tokenFromCookie

  31. 		}

  32. 

  33. 		if len(tokenFromHeader) < 8 {

  34. 			ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed"})

  35. 			return

  36. 		}

  37. 

  38. 		token, err := jwt.Parse(tokenFromHeader[7:], func(token *jwt.Token) (interface{}, error) {

  39. 			if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {

  40. 				return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])

  41. 			}

  42. 

  43. 			return []byte(authKey), nil

  44. 		})

  45. 

  46. 		if err != nil || !token.Valid {

  47. 			ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed"})

  48. 			return

  49. 		}

  50. 

  51. 		if !session.IsExistsJwtToken(token.Raw) {

  52. 			ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, token expired by server"})

  53. 			return

  54. 		}

  55. 

  56. 		if mapClaims, ok := token.Claims.(jwt.MapClaims); ok {

  57. 			if uid, ok := mapClaims[CtxRequestHeaderUserId].(float64); ok {

  58. 				ctx.Set(CtxRequestHeaderUserId, int64(uid))

  59. 			} else {

  60. 				ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, mapClaims[CtxRequestHeaderUserId].(float64) error"})

  61. 				return

  62. 			}

  63. 		} else {

  64. 			ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, token.Claims.(jwt.MapClaims) error"})

  65. 			return

  66. 		}

  67. 	}

  68. }

  69. 

  70. func CloudTeamAuth(authKey string, session Session) gin.HandlerFunc {

  71. 	return func(ctx *gin.Context) {

  72. 		var tokenFromCookie, tokenFromHeader string

  73. 

  74. 		tokenFromCookie, err := ctx.Cookie(ctxRequestCookieAuthorization)

  75. 		if err == http.ErrNoCookie {

  76. 			tokenFromHeader = ctx.Request.Header.Get(ctxRequestHeaderAuthorization)

  77. 		}

  78. 

  79. 		if tokenFromHeader == "" {

  80. 			tokenFromHeader = "Bearer " + tokenFromCookie

  81. 		}

  82. 

  83. 		if len(tokenFromHeader) < 8 {

  84. 			ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed"})

  85. 			return

  86. 		}

  87. 

  88. 		token, err := jwt.Parse(tokenFromHeader[7:], func(token *jwt.Token) (interface{}, error) {

  89. 			if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {

  90. 				return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])

  91. 			}

  92. 

  93. 			return []byte(authKey), nil

  94. 		})

  95. 

  96. 		if err != nil || !token.Valid {

  97. 			ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed"})

  98. 			return

  99. 		}

  100. 

  101. 		if !session.IsExistsJwtToken(token.Raw) {

  102. 			ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, token expired by server"})

  103. 			return

  104. 		}

  105. 

  106. 		if mapClaims, ok := token.Claims.(jwt.MapClaims); ok {

  107. 			if uid, ok := mapClaims[CtxRequestHeaderUserId].(float64); ok {

  108. 				ctx.Set(CtxRequestHeaderUserId, int64(uid))

  109. 			} else {

  110. 				ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, mapClaims[CtxRequestHeaderUserId].(float64) error"})

  111. 				return

  112. 			}

  113. 

  114. 			if tid, ok := mapClaims[CtxRequestHeaderTeamId].(float64); ok {

  115. 				ctx.Set(CtxRequestHeaderTeamId, int64(tid))

  116. 			} else {

  117. 				ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, mapClaims[CtxRequestHeaderTeamId].(float64) error"})

  118. 				return

  119. 			}

  120. 

  121. 			if rid, ok := mapClaims[CtxRequestHeaderRoleId].(float64); ok {

  122. 				ctx.Set(CtxRequestHeaderRoleId, int64(rid))

  123. 			} else {

  124. 				ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, mapClaims[CtxRequestHeaderRoleId].(float64) error"})

  125. 				return

  126. 			}

  127. 		} else {

  128. 			ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, token.Claims.(jwt.MapClaims) error"})

  129. 			return

  130. 		}

  131. 	}

  132. }