live106
/
pkg
forked from links123.com/pkg
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
另客网go项目公用的代码库
30 Commits
2 Branches
Tree: 6f388c3542
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6f388c3542'
${ noResults }
pkg/middleware/auth/auth.go

auth.go 2.4KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081 
  1. package auth

  2. 

  3. import (

  4. 	"fmt"

  5. 	"github.com/dgrijalva/jwt-go"

  6. 	"github.com/gin-gonic/gin"

  7. 	"net/http"

  8. )

  9. 

  10. const (

  11. 	CtxRequestHeaderUserId        = "user_id"

  12. 	ctxRequestHeaderAuthorization = "Authorization"

  13. 	ctxRequestCookieAuthorization = "ak"

  14. 	ctxRequestTokenExpired        = "expired"

  15. )

  16. 

  17. func Auth(authKey string, session Session) gin.HandlerFunc {

  18. 	return func(ctx *gin.Context) {

  19. 		var tokenFromCookie, tokenFromHeader string

  20. 

  21. 		tokenFromCookie, err := ctx.Cookie(ctxRequestCookieAuthorization)

  22. 		if err == http.ErrNoCookie {

  23. 			tokenFromHeader = ctx.Request.Header.Get(ctxRequestHeaderAuthorization)

  24. 		}

  25. 

  26. 		if tokenFromHeader == "" {

  27. 			tokenFromHeader = "Bearer " + tokenFromCookie

  28. 		}

  29. 

  30. 		if len(tokenFromHeader) < 8 {

  31. 			ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed"})

  32. 			return

  33. 		}

  34. 

  35. 		token, err := jwt.Parse(tokenFromHeader[7:], func(token *jwt.Token) (interface{}, error) {

  36. 			if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {

  37. 				return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])

  38. 			}

  39. 

  40. 			return []byte(authKey), nil

  41. 		})

  42. 

  43. 		if err != nil || !token.Valid {

  44. 			ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed"})

  45. 			return

  46. 		}

  47. 

  48. 		if !session.IsExistsJwtToken(token.Signature) {

  49. 			ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, token expired by server"})

  50. 			return

  51. 		}

  52. 

  53. 		if mapClaims, ok := token.Claims.(jwt.MapClaims); ok {

  54. 			if expired, ok := mapClaims[ctxRequestTokenExpired].(float64); ok {

  55. 				if expired == 0 && tokenFromCookie == "" {

  56. 					if session.DeleteJwtToken(token.Raw) {

  57. 						ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, token expired"})

  58. 					} else {

  59. 						ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, delete server token failed"})

  60. 					}

  61. 

  62. 					return

  63. 				}

  64. 

  65. 				if uid, ok := mapClaims[CtxRequestHeaderUserId].(float64); ok {

  66. 					ctx.Set(CtxRequestHeaderUserId, int64(uid))

  67. 				} else {

  68. 					ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, mapClaims[CtxRequestHeaderUserId].(float64) error"})

  69. 					return

  70. 				}

  71. 			} else {

  72. 				ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, mapClaims[ctxRequestTokenExpired].(float64) error"})

  73. 				return

  74. 			}

  75. 		} else {

  76. 			ctx.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"msg": "auth failed, token.Claims.(jwt.MapClaims) error"})

  77. 			return

  78. 		}

  79. 	}

  80. }