From 08de635755b819851b6dbc5a10c335c850752322 Mon Sep 17 00:00:00 2001 From: dengbiao Date: Mon, 30 Sep 2024 15:06:58 +0800 Subject: [PATCH] =?UTF-8?q?update=20jwt=20=E8=87=AA=E5=8A=A8=E5=88=B7?= =?UTF-8?q?=E6=96=B0token=E7=AD=96=E7=95=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/lib/auth/auth.go | 18 +++++++++++++----- app/lib/auth/base.go | 2 +- app/md/app_redis_key.go | 2 +- app/mw/mw_auth.go | 5 ++++- app/svc/svc_auth.go | 14 +++++++------- 5 files changed, 26 insertions(+), 15 deletions(-) diff --git a/app/lib/auth/auth.go b/app/lib/auth/auth.go index d92ac46..5479145 100644 --- a/app/lib/auth/auth.go +++ b/app/lib/auth/auth.go @@ -24,16 +24,24 @@ func GenToken(admId int, username string) (string, error) { } // ParseToken 解析JWT -func ParseToken(tokenString string) (*JWTUser, error) { +func ParseToken(tokenString string) (*JWTUser, string, error) { // 解析token token, err := jwt.ParseWithClaims(tokenString, &JWTUser{}, func(token *jwt.Token) (i interface{}, err error) { return Secret, nil }) if err != nil { - return nil, err + return nil, "", err } - if claims, ok := token.Claims.(*JWTUser); ok && token.Valid { // 校验token - return claims, nil + if claims, ok := token.Claims.(*JWTUser); ok && token.Valid { // 校验token正确性 + if claims.StandardClaims.ExpiresAt < time.Now().Unix() { // 校验token时效性 + return nil, "", errors.New("token is expired") + } + + if !claims.VerifyExpiresAt(time.Now().Add(time.Minute*30).Unix(), false) { // TODO::判断Token快过期,就创建新的token(30分钟) + newToken, _ := GenToken(claims.AdmId, claims.Username) + return claims, newToken, nil + } + return claims, "", err } - return nil, errors.New("invalid token") + return nil, "", errors.New("invalid token") } diff --git a/app/lib/auth/base.go b/app/lib/auth/base.go index 9874b96..65261b0 100644 --- a/app/lib/auth/base.go +++ b/app/lib/auth/base.go @@ -7,7 +7,7 @@ import ( ) // TokenExpireDuration is jwt 过期时间 -const TokenExpireDuration = time.Hour * 24 +const TokenExpireDuration = time.Hour * 2 var Secret = []byte("micro_group_admin") diff --git a/app/md/app_redis_key.go b/app/md/app_redis_key.go index cc582e6..ee55d9f 100644 --- a/app/md/app_redis_key.go +++ b/app/md/app_redis_key.go @@ -4,7 +4,7 @@ package md const ( JwtTokenKey = "%s:super_advertisement_jwt_token:%s" // jwt, 占位符:ip, admin:id - JwtTokenCacheTime = 3600 * 24 + JwtTokenCacheTime = 3600 * 2 AppCfgCacheKey = "%s:cfg_cache:%s" // 占位符: masterId, key的第一个字母 diff --git a/app/mw/mw_auth.go b/app/mw/mw_auth.go index e065ad8..9e7b6cf 100644 --- a/app/mw/mw_auth.go +++ b/app/mw/mw_auth.go @@ -8,7 +8,7 @@ import ( // 检查权限, 签名等等 func Auth(c *gin.Context) { - admin, err := svc.CheckUser(c) + admin, newToken, err := svc.CheckUser(c) if err != nil { switch err.(type) { case e.E: @@ -22,5 +22,8 @@ func Auth(c *gin.Context) { } // 将当前请求的username信息保存到请求的上下文c上 c.Set("admin", admin) + if len(newToken) > 0 { + c.Header("new-token", newToken) // TODO::将新Token添加到返回的Header里,方便前端使用 + } c.Next() } diff --git a/app/svc/svc_auth.go b/app/svc/svc_auth.go index 92fa413..bf27096 100644 --- a/app/svc/svc_auth.go +++ b/app/svc/svc_auth.go @@ -27,27 +27,27 @@ func GetUser(c *gin.Context) *model.Admin { return user.(*model.Admin) } -func CheckUser(c *gin.Context) (*model.Admin, error) { +func CheckUser(c *gin.Context) (*model.Admin, string, error) { token := c.GetHeader("Authorization") if token == "" { - return nil, errors.New("token not exist") + return nil, "", errors.New("token not exist") } // 按空格分割 parts := strings.SplitN(token, " ", 2) if !(len(parts) == 2 && parts[0] == "Bearer") { - return nil, errors.New("token format error") + return nil, "", errors.New("token format error") } // parts[1]是获取到的tokenString,我们使用之前定义好的解析JWT的函数来解析它 - mc, err := auth.ParseToken(parts[1]) + mc, newToken, err := auth.ParseToken(parts[1]) if err != nil { - return nil, err + return nil, "", err } // 获取admin adminDb := implement.NewAdminDb(db.Db) admin, err := adminDb.GetAdmin(mc.AdmId) if err != nil { - return nil, err + return nil, "", err } - return admin, nil + return admin, newToken, nil }