links123.com
/
pkg
Bevaka 7
Stjärnmärk 1
Förgrening 5
Kod Ärenden 0 Pull-förfrågningar 0 Släpp 1 Wiki Activity
另客网go项目公用的代码库
63 Incheckningar
2 Grenar
Träd: 5cb37e2535
Grenar Taggar
${ item.name }
Create branch ${ searchTerm }
from '5cb37e2535'
${ noResults }
pkg/middleware/auth/auth.go

auth.go 2.5KB
Historik

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 
  1. package auth

  2. 

  3. import (

  4. 	"fmt"

  5. 	"net/http"

  6. 

  7. 	"github.com/dgrijalva/jwt-go"

  8. 	"github.com/gin-gonic/gin"

  9. )

  10. 

  11. const (

  12. 	CtxRequestHeaderUserId        = "user_id"

  13. 	CtxRequestHeaderTeamId        = "team_id"

  14. 	CtxRequestHeaderRoleId        = "role_id"

  15. 	ctxRequestHeaderAuthorization = "Authorization"

  16. 	ctxRequestCookieAuthorization = "ak"

  17. 	ctxRequestTokenExpired        = "expired"

  18. )

  19. 

  20. func Auth(authKey string, session Session) gin.HandlerFunc {

  21. 	return func(ctx *gin.Context) {

  22. 		var tokenFromCookie, tokenFromHeader string

  23. 

  24. 		tokenFromCookie, err := ctx.Cookie(ctxRequestCookieAuthorization)

  25. 		if err == http.ErrNoCookie {

  26. 			tokenFromHeader = ctx.Request.Header.Get(ctxRequestHeaderAuthorization)

  27. 		}

  28. 

  29. 		if tokenFromHeader == "" {

  30. 			tokenFromHeader = "Bearer " + tokenFromCookie

  31. 		}

  32. 

  33. 		if len(tokenFromHeader) < 8 {

  34. 			ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed"})

  35. 			return

  36. 		}

  37. 

  38. 		token, err := jwt.Parse(tokenFromHeader[7:], func(token *jwt.Token) (interface{}, error) {

  39. 			if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {

  40. 				return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])

  41. 			}

  42. 

  43. 			return []byte(authKey), nil

  44. 		})

  45. 

  46. 		if err != nil || !token.Valid {

  47. 			ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed"})

  48. 			return

  49. 		}

  50. 

  51. 		if !session.IsExistsJwtToken(token.Raw) {

  52. 			ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, token expired by server"})

  53. 			return

  54. 		}

  55. 

  56. 		if mapClaims, ok := token.Claims.(jwt.MapClaims); ok {

  57. 			if uid, ok := mapClaims[CtxRequestHeaderUserId].(float64); ok {

  58. 				ctx.Set(CtxRequestHeaderUserId, int64(uid))

  59. 			} else {

  60. 				ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, mapClaims[CtxRequestHeaderUserId].(float64) error"})

  61. 				return

  62. 			}

  63. 

  64. 			if tid, ok := mapClaims[CtxRequestHeaderTeamId].(float64); ok {

  65. 				ctx.Set(CtxRequestHeaderTeamId, int64(tid))

  66. 			} else {

  67. 				ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, mapClaims[CtxRequestHeaderTeamId].(float64) error"})

  68. 				return

  69. 			}

  70. 

  71. 			if rid, ok := mapClaims[CtxRequestHeaderRoleId].(float64); ok {

  72. 				ctx.Set(CtxRequestHeaderRoleId, int64(rid))

  73. 			} else {

  74. 				ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, mapClaims[CtxRequestHeaderRoleId].(float64) error"})

  75. 				return

  76. 			}

  77. 		} else {

  78. 			ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, token.Claims.(jwt.MapClaims) error"})

  79. 			return

  80. 		}

  81. 	}

  82. }