From da2fe266453ab007a506eb3b0c067653a84a5d9b Mon Sep 17 00:00:00 2001
From: huangjiajun <582604932@qq.com>
Date: Mon, 30 Sep 2024 16:57:27 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/hdl/hdl_sms.go      |  2 +-
 app/lib/auth/auth.go    | 17 ++++++++++++-----
 app/lib/auth/base.go    |  2 +-
 app/md/app_redis_key.go |  2 +-
 app/mw/mw_auth.go       |  5 ++++-
 app/svc/svc_auth.go     | 14 +++++++-------
 6 files changed, 26 insertions(+), 16 deletions(-)

diff --git a/app/hdl/hdl_sms.go b/app/hdl/hdl_sms.go
index c69bf45..4c783cf 100644
--- a/app/hdl/hdl_sms.go
+++ b/app/hdl/hdl_sms.go
@@ -48,7 +48,7 @@ func Sms(c *gin.Context) {
 		}
 	}
 	if args.Type == "update_password" {
-		admin, _ := svc.CheckUser(c)
+		admin, _, _ := svc.CheckUser(c)
 		if admin == nil {
 			e.OutErr(c, 400, e.NewErr(400, "账号未注册"))
 			return
diff --git a/app/lib/auth/auth.go b/app/lib/auth/auth.go
index 78987f0..ea7f440 100644
--- a/app/lib/auth/auth.go
+++ b/app/lib/auth/auth.go
@@ -24,16 +24,23 @@ func GenToken(admId int, username string) (string, error) {
 }
 
 // ParseToken 解析JWT
-func ParseToken(tokenString string) (*JWTUser, error) {
+func ParseToken(tokenString string) (*JWTUser, string, error) {
 	// 解析token
 	token, err := jwt.ParseWithClaims(tokenString, &JWTUser{}, func(token *jwt.Token) (i interface{}, err error) {
 		return Secret, nil
 	})
 	if err != nil {
-		return nil, err
+		return nil, "", err
 	}
-	if claims, ok := token.Claims.(*JWTUser); ok && token.Valid { // 校验token
-		return claims, nil
+	if claims, ok := token.Claims.(*JWTUser); ok && token.Valid { // 校验token正确性
+		if claims.StandardClaims.ExpiresAt < time.Now().Unix() { // 校验token时效性
+			return nil, "", errors.New("token is expired")
+		}
+		if !claims.VerifyExpiresAt(time.Now().Add(time.Minute*30).Unix(), false) { // TODO::判断Token快过期，就创建新的token(30分钟)
+			newToken, _ := GenToken(claims.AdmId, claims.Username)
+			return claims, newToken, nil
+		}
+		return claims, "", err
 	}
-	return nil, errors.New("invalid token")
+	return nil, "", errors.New("invalid token")
 }
diff --git a/app/lib/auth/base.go b/app/lib/auth/base.go
index 9874b96..65261b0 100644
--- a/app/lib/auth/base.go
+++ b/app/lib/auth/base.go
@@ -7,7 +7,7 @@ import (
 )
 
 // TokenExpireDuration is jwt 过期时间
-const TokenExpireDuration = time.Hour * 24
+const TokenExpireDuration = time.Hour * 2
 
 var Secret = []byte("micro_group_admin")
 
diff --git a/app/md/app_redis_key.go b/app/md/app_redis_key.go
index 31503f5..f09e6e7 100644
--- a/app/md/app_redis_key.go
+++ b/app/md/app_redis_key.go
@@ -4,7 +4,7 @@ package md
 const (
 	JwtTokenKey = "%s:advertisement_agent_jwt_token:%s" // jwt,  占位符：ip, admin:id
 
-	JwtTokenCacheTime = 3600 * 24
+	JwtTokenCacheTime = 3600 * 2
 
 	AppCfgCacheKey = "%s:cfg_cache:%s" // 占位符： masterId， key的第一个字母
 
diff --git a/app/mw/mw_auth.go b/app/mw/mw_auth.go
index e065ad8..9e7b6cf 100644
--- a/app/mw/mw_auth.go
+++ b/app/mw/mw_auth.go
@@ -8,7 +8,7 @@ import (
 
 // 检查权限, 签名等等
 func Auth(c *gin.Context) {
-	admin, err := svc.CheckUser(c)
+	admin, newToken, err := svc.CheckUser(c)
 	if err != nil {
 		switch err.(type) {
 		case e.E:
@@ -22,5 +22,8 @@ func Auth(c *gin.Context) {
 	}
 	// 将当前请求的username信息保存到请求的上下文c上
 	c.Set("admin", admin)
+	if len(newToken) > 0 {
+		c.Header("new-token", newToken) // TODO::将新Token添加到返回的Header里，方便前端使用
+	}
 	c.Next()
 }
diff --git a/app/svc/svc_auth.go b/app/svc/svc_auth.go
index 9849e83..9e8fde6 100644
--- a/app/svc/svc_auth.go
+++ b/app/svc/svc_auth.go
@@ -27,27 +27,27 @@ func GetUser(c *gin.Context) *model.Agent {
 	return user.(*model.Agent)
 }
 
-func CheckUser(c *gin.Context) (*model.Agent, error) {
+func CheckUser(c *gin.Context) (*model.Agent, string, error) {
 	token := c.GetHeader("Authorization")
 	if token == "" {
-		return nil, errors.New("token not exist")
+		return nil, "", errors.New("token not exist")
 	}
 	// 按空格分割
 	parts := strings.SplitN(token, " ", 2)
 	if !(len(parts) == 2 && parts[0] == "Bearer") {
-		return nil, errors.New("token format error")
+		return nil, "", errors.New("token format error")
 	}
 	// parts[1]是获取到的tokenString，我们使用之前定义好的解析JWT的函数来解析它
-	mc, err := auth.ParseToken(parts[1])
+	mc, newToken, err := auth.ParseToken(parts[1])
 	if err != nil {
-		return nil, err
+		return nil, "", err
 	}
 
 	// 获取admin
 	adminDb := implement.NewAgentDb(db.DBs[GetMasterId(c)])
 	admin, err := adminDb.GetAgent(mc.AdmId)
 	if err != nil {
-		return nil, err
+		return nil, "", err
 	}
-	return admin, nil
+	return admin, newToken, nil
 }