This commit is contained in:
parent
0cee6b045b
commit
8f44b85ec3
|
|
@ -0,0 +1,19 @@
|
|||
package user
|
||||
|
||||
import "github.com/flipped-aurora/gin-vue-admin/server/service"
|
||||
|
||||
type ApiGroup struct {
|
||||
}
|
||||
|
||||
var (
|
||||
petAdoptionApplicationsService = service.ServiceGroupApp.PetServiceGroup.PetAdoptionApplicationsService
|
||||
petAdoptionPostsService = service.ServiceGroupApp.PetServiceGroup.PetAdoptionPostsService
|
||||
petAiAssistantConversationsService = service.ServiceGroupApp.PetServiceGroup.PetAiAssistantConversationsService
|
||||
petAiConversationsService = service.ServiceGroupApp.PetServiceGroup.PetAiConversationsService
|
||||
petFamiliesService = service.ServiceGroupApp.PetServiceGroup.PetFamiliesService
|
||||
petFamilyInvitationsService = service.ServiceGroupApp.PetServiceGroup.PetFamilyInvitationsService
|
||||
petFamilyMembersService = service.ServiceGroupApp.PetServiceGroup.PetFamilyMembersService
|
||||
petFamilyPetsService = service.ServiceGroupApp.PetServiceGroup.PetFamilyPetsService
|
||||
petPetsService = service.ServiceGroupApp.PetServiceGroup.PetPetsService
|
||||
petRecordsService = service.ServiceGroupApp.PetServiceGroup.PetRecordsService
|
||||
)
|
||||
|
|
@ -73,8 +73,10 @@ func Routers() *gin.Engine {
|
|||
|
||||
PublicGroup := Router.Group(global.GVA_CONFIG.System.RouterPrefix)
|
||||
PrivateGroup := Router.Group(global.GVA_CONFIG.System.RouterPrefix)
|
||||
UserGroup := Router.Group(global.GVA_CONFIG.System.RouterPrefix)
|
||||
|
||||
PrivateGroup.Use(middleware.JWTAuth()).Use(middleware.CasbinHandler())
|
||||
UserGroup.Use(middleware.UserJWTAuth())
|
||||
|
||||
{
|
||||
// 健康监测
|
||||
|
|
|
|||
|
|
@ -0,0 +1,89 @@
|
|||
package middleware
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"github.com/flipped-aurora/gin-vue-admin/server/global"
|
||||
"github.com/flipped-aurora/gin-vue-admin/server/utils"
|
||||
"github.com/golang-jwt/jwt/v5"
|
||||
|
||||
"github.com/flipped-aurora/gin-vue-admin/server/model/common/response"
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
func UserJWTAuth() gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
// 我们这里jwt鉴权取头部信息 user-token 登录时回返回token信息 这里前端需要把token存储到cookie或者本地localStorage中 不过需要跟后端协商过期时间 可以约定刷新令牌或者重新登录
|
||||
token := utils.GetUserToken(c)
|
||||
if token == "" {
|
||||
response.NoAuth("未登录或非法访问,请登录", c)
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
if appUserIsBlacklist(token) {
|
||||
response.NoAuth("您的帐户异地登陆或令牌失效", c)
|
||||
utils.ClearUserToken(c)
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
j := utils.NewJWT()
|
||||
// parseToken 解析token包含的信息
|
||||
claims, err := j.ParseAppUserToken(token)
|
||||
if err != nil {
|
||||
if errors.Is(err, utils.TokenExpired) {
|
||||
response.NoAuth("登录已过期,请重新登录", c)
|
||||
utils.ClearUserToken(c)
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
response.NoAuth(err.Error(), c)
|
||||
utils.ClearUserToken(c)
|
||||
c.Abort()
|
||||
return
|
||||
}
|
||||
|
||||
// 已登录用户被管理员禁用 需要使该用户的jwt失效 此处比较消耗性能 如果需要 请自行打开
|
||||
// 用户被删除的逻辑 需要优化 此处比较消耗性能 如果需要 请自行打开
|
||||
|
||||
//if user, err := userService.FindUserByUuid(claims.UUID.String()); err != nil || user.Enable == 2 {
|
||||
// _ = jwtService.JsonInBlacklist(system.JwtBlacklist{Jwt: token})
|
||||
// response.FailWithDetailed(gin.H{"reload": true}, err.Error(), c)
|
||||
// c.Abort()
|
||||
//}
|
||||
c.Set("user_claims", claims)
|
||||
if claims.ExpiresAt.Unix()-time.Now().Unix() < claims.BufferTime {
|
||||
dr, _ := utils.ParseDuration(global.GVA_CONFIG.JWT.ExpiresTime)
|
||||
claims.ExpiresAt = jwt.NewNumericDate(time.Now().Add(dr))
|
||||
newToken, _ := j.CreateAppUserTokenByOldToken(token, *claims)
|
||||
newClaims, _ := j.ParseAppUserToken(newToken)
|
||||
c.Header("new-token", newToken)
|
||||
c.Header("new-expires-at", strconv.FormatInt(newClaims.ExpiresAt.Unix(), 10))
|
||||
utils.SetUserToken(c, newToken, int(dr.Seconds()))
|
||||
if global.GVA_CONFIG.System.UseMultipoint {
|
||||
// 记录新的活跃jwt
|
||||
_ = utils.SetRedisJWT(newToken, newClaims.AppBaseClaims.OpenID)
|
||||
}
|
||||
}
|
||||
c.Next()
|
||||
|
||||
if newToken, exists := c.Get("new-token"); exists {
|
||||
c.Header("new-token", newToken.(string))
|
||||
}
|
||||
if newExpiresAt, exists := c.Get("new-expires-at"); exists {
|
||||
c.Header("new-expires-at", newExpiresAt.(string))
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
//@author: [piexlmax](https://github.com/piexlmax)
|
||||
//@function: appUserIsBlacklist
|
||||
//@description: 判断用户端JWT是否在黑名单内部
|
||||
//@param: jwt string
|
||||
//@return: bool
|
||||
|
||||
func appUserIsBlacklist(jwt string) bool {
|
||||
_, ok := global.BlackCache.Get("user_blacklist:" + jwt)
|
||||
return ok
|
||||
}
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
package request
|
||||
|
||||
import (
|
||||
jwt "github.com/golang-jwt/jwt/v5"
|
||||
"github.com/google/uuid"
|
||||
)
|
||||
|
||||
// AppUserClaims 小程序用户专用Claims结构
|
||||
type AppUserClaims struct {
|
||||
AppBaseClaims
|
||||
BufferTime int64
|
||||
jwt.RegisteredClaims
|
||||
}
|
||||
|
||||
// AppBaseClaims 小程序用户基础信息
|
||||
type AppBaseClaims struct {
|
||||
UUID uuid.UUID `json:"uuid"` // 用户UUID
|
||||
ID uint `json:"id"` // 用户ID
|
||||
OpenID string `json:"openId"` // 微信openid
|
||||
UnionID string `json:"unionId"` // 微信unionid(可选)
|
||||
NickName string `json:"nickName"` // 用户昵称
|
||||
Avatar string `json:"avatar"` // 用户头像
|
||||
Phone string `json:"phone"` // 手机号(可选)
|
||||
Gender int `json:"gender"` // 性别:0-未知,1-男,2-女
|
||||
City string `json:"city"` // 城市
|
||||
Province string `json:"province"` // 省份
|
||||
Country string `json:"country"` // 国家
|
||||
}
|
||||
|
|
@ -39,6 +39,49 @@ func SetToken(c *gin.Context, token string, maxAge int) {
|
|||
}
|
||||
}
|
||||
|
||||
func ClearUserToken(c *gin.Context) {
|
||||
// 增加cookie user-token 向来源的web添加
|
||||
host, _, err := net.SplitHostPort(c.Request.Host)
|
||||
if err != nil {
|
||||
host = c.Request.Host
|
||||
}
|
||||
|
||||
if net.ParseIP(host) != nil {
|
||||
c.SetCookie("user-token", "", -1, "/", "", false, false)
|
||||
} else {
|
||||
c.SetCookie("user-token", "", -1, "/", host, false, false)
|
||||
}
|
||||
}
|
||||
|
||||
func SetUserToken(c *gin.Context, token string, maxAge int) {
|
||||
// 增加cookie user-token 向来源的web添加
|
||||
host, _, err := net.SplitHostPort(c.Request.Host)
|
||||
if err != nil {
|
||||
host = c.Request.Host
|
||||
}
|
||||
|
||||
if net.ParseIP(host) != nil {
|
||||
c.SetCookie("user-token", token, maxAge, "/", "", false, false)
|
||||
} else {
|
||||
c.SetCookie("user-token", token, maxAge, "/", host, false, false)
|
||||
}
|
||||
}
|
||||
|
||||
func GetUserToken(c *gin.Context) string {
|
||||
token := c.Request.Header.Get("user-token")
|
||||
if token == "" {
|
||||
j := NewJWT()
|
||||
token, _ = c.Cookie("user-token")
|
||||
claims, err := j.ParseToken(token)
|
||||
if err != nil {
|
||||
global.GVA_LOG.Error("重新写入cookie token失败,未能成功解析token,请检查请求头是否存在user-token且claims是否为规定结构")
|
||||
return token
|
||||
}
|
||||
SetUserToken(c, token, int((claims.ExpiresAt.Unix()-time.Now().Unix())/60))
|
||||
}
|
||||
return token
|
||||
}
|
||||
|
||||
func GetToken(c *gin.Context) string {
|
||||
token := c.Request.Header.Get("x-token")
|
||||
if token == "" {
|
||||
|
|
@ -146,3 +189,134 @@ func LoginToken(user system.Login) (token string, claims systemReq.CustomClaims,
|
|||
token, err = j.CreateToken(claims)
|
||||
return
|
||||
}
|
||||
|
||||
// AppUserLogin 小程序用户登录接口
|
||||
type AppUserLogin interface {
|
||||
GetUUID() uuid.UUID
|
||||
GetUserId() uint
|
||||
GetOpenID() string
|
||||
GetUnionID() string
|
||||
GetNickname() string
|
||||
GetAvatar() string
|
||||
GetPhone() string
|
||||
GetGender() int
|
||||
GetCity() string
|
||||
GetProvince() string
|
||||
GetCountry() string
|
||||
}
|
||||
|
||||
// AppUserLoginToken 创建小程序用户登录token
|
||||
func AppUserLoginToken(user AppUserLogin) (token string, claims systemReq.AppUserClaims, err error) {
|
||||
j := NewJWT()
|
||||
claims = j.CreateAppUserClaims(systemReq.AppBaseClaims{
|
||||
UUID: user.GetUUID(),
|
||||
ID: user.GetUserId(),
|
||||
OpenID: user.GetOpenID(),
|
||||
UnionID: user.GetUnionID(),
|
||||
NickName: user.GetNickname(),
|
||||
Avatar: user.GetAvatar(),
|
||||
Phone: user.GetPhone(),
|
||||
Gender: user.GetGender(),
|
||||
City: user.GetCity(),
|
||||
Province: user.GetProvince(),
|
||||
Country: user.GetCountry(),
|
||||
})
|
||||
token, err = j.CreateAppUserToken(claims)
|
||||
return
|
||||
}
|
||||
|
||||
// 用户端专用Claims获取函数
|
||||
|
||||
func GetAppUserClaims(c *gin.Context) (*systemReq.AppUserClaims, error) {
|
||||
token := GetUserToken(c)
|
||||
j := NewJWT()
|
||||
claims, err := j.ParseAppUserToken(token)
|
||||
if err != nil {
|
||||
global.GVA_LOG.Error("从Gin的Context中获取从jwt解析信息失败, 请检查请求头是否存在user-token且claims是否为规定结构")
|
||||
}
|
||||
return claims, err
|
||||
}
|
||||
|
||||
// GetAppUserID 从Gin的Context中获取从jwt解析出来的用户ID
|
||||
func GetAppUserID(c *gin.Context) uint {
|
||||
if claims, exists := c.Get("user_claims"); !exists {
|
||||
if cl, err := GetAppUserClaims(c); err != nil {
|
||||
return 0
|
||||
} else {
|
||||
return cl.AppBaseClaims.ID
|
||||
}
|
||||
} else {
|
||||
waitUse := claims.(*systemReq.AppUserClaims)
|
||||
return waitUse.AppBaseClaims.ID
|
||||
}
|
||||
}
|
||||
|
||||
// GetAppUserUuid 从Gin的Context中获取从jwt解析出来的用户UUID
|
||||
func GetAppUserUuid(c *gin.Context) uuid.UUID {
|
||||
if claims, exists := c.Get("user_claims"); !exists {
|
||||
if cl, err := GetAppUserClaims(c); err != nil {
|
||||
return uuid.UUID{}
|
||||
} else {
|
||||
return cl.AppBaseClaims.UUID
|
||||
}
|
||||
} else {
|
||||
waitUse := claims.(*systemReq.AppUserClaims)
|
||||
return waitUse.AppBaseClaims.UUID
|
||||
}
|
||||
}
|
||||
|
||||
// GetAppUserInfo 从Gin的Context中获取从jwt解析出来的用户信息
|
||||
func GetAppUserInfo(c *gin.Context) *systemReq.AppUserClaims {
|
||||
if claims, exists := c.Get("user_claims"); !exists {
|
||||
if cl, err := GetAppUserClaims(c); err != nil {
|
||||
return nil
|
||||
} else {
|
||||
return cl
|
||||
}
|
||||
} else {
|
||||
waitUse := claims.(*systemReq.AppUserClaims)
|
||||
return waitUse
|
||||
}
|
||||
}
|
||||
|
||||
// GetAppUserOpenID 从Gin的Context中获取从jwt解析出来的微信OpenID
|
||||
func GetAppUserOpenID(c *gin.Context) string {
|
||||
if claims, exists := c.Get("user_claims"); !exists {
|
||||
if cl, err := GetAppUserClaims(c); err != nil {
|
||||
return ""
|
||||
} else {
|
||||
return cl.AppBaseClaims.OpenID
|
||||
}
|
||||
} else {
|
||||
waitUse := claims.(*systemReq.AppUserClaims)
|
||||
return waitUse.AppBaseClaims.OpenID
|
||||
}
|
||||
}
|
||||
|
||||
// GetAppUserNickName 从Gin的Context中获取从jwt解析出来的用户昵称
|
||||
func GetAppUserNickName(c *gin.Context) string {
|
||||
if claims, exists := c.Get("user_claims"); !exists {
|
||||
if cl, err := GetAppUserClaims(c); err != nil {
|
||||
return ""
|
||||
} else {
|
||||
return cl.AppBaseClaims.NickName
|
||||
}
|
||||
} else {
|
||||
waitUse := claims.(*systemReq.AppUserClaims)
|
||||
return waitUse.AppBaseClaims.NickName
|
||||
}
|
||||
}
|
||||
|
||||
// GetAppUserAvatar 从Gin的Context中获取从jwt解析出来的用户头像
|
||||
func GetAppUserAvatar(c *gin.Context) string {
|
||||
if claims, exists := c.Get("user_claims"); !exists {
|
||||
if cl, err := GetAppUserClaims(c); err != nil {
|
||||
return ""
|
||||
} else {
|
||||
return cl.AppBaseClaims.Avatar
|
||||
}
|
||||
} else {
|
||||
waitUse := claims.(*systemReq.AppUserClaims)
|
||||
return waitUse.AppBaseClaims.Avatar
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -103,3 +103,64 @@ func SetRedisJWT(jwt string, userName string) (err error) {
|
|||
err = global.GVA_REDIS.Set(context.Background(), userName, jwt, timer).Err()
|
||||
return err
|
||||
}
|
||||
|
||||
// 用户端专用JWT函数
|
||||
|
||||
// CreateAppUserClaims 创建小程序用户Claims
|
||||
func (j *JWT) CreateAppUserClaims(baseClaims request.AppBaseClaims) request.AppUserClaims {
|
||||
bf, _ := ParseDuration(global.GVA_CONFIG.JWT.BufferTime)
|
||||
ep, _ := ParseDuration(global.GVA_CONFIG.JWT.ExpiresTime)
|
||||
claims := request.AppUserClaims{
|
||||
AppBaseClaims: baseClaims,
|
||||
BufferTime: int64(bf / time.Second), // 缓冲时间1天 缓冲时间内会获得新的token刷新令牌
|
||||
RegisteredClaims: jwt.RegisteredClaims{
|
||||
Audience: jwt.ClaimStrings{"GVA-APP"}, // 受众
|
||||
NotBefore: jwt.NewNumericDate(time.Now().Add(-1000)), // 签名生效时间
|
||||
ExpiresAt: jwt.NewNumericDate(time.Now().Add(ep)), // 过期时间 7天 配置文件
|
||||
Issuer: global.GVA_CONFIG.JWT.Issuer, // 签名的发行者
|
||||
},
|
||||
}
|
||||
return claims
|
||||
}
|
||||
|
||||
// CreateAppUserToken 创建小程序用户token
|
||||
func (j *JWT) CreateAppUserToken(claims request.AppUserClaims) (string, error) {
|
||||
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
||||
return token.SignedString(j.SigningKey)
|
||||
}
|
||||
|
||||
// CreateAppUserTokenByOldToken 旧token换新token(小程序用户专用)
|
||||
func (j *JWT) CreateAppUserTokenByOldToken(oldToken string, claims request.AppUserClaims) (string, error) {
|
||||
v, err, _ := global.GVA_Concurrency_Control.Do("APP-JWT:"+oldToken, func() (interface{}, error) {
|
||||
return j.CreateAppUserToken(claims)
|
||||
})
|
||||
return v.(string), err
|
||||
}
|
||||
|
||||
// ParseAppUserToken 解析小程序用户token
|
||||
func (j *JWT) ParseAppUserToken(tokenString string) (*request.AppUserClaims, error) {
|
||||
token, err := jwt.ParseWithClaims(tokenString, &request.AppUserClaims{}, func(token *jwt.Token) (i interface{}, e error) {
|
||||
return j.SigningKey, nil
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
switch {
|
||||
case errors.Is(err, jwt.ErrTokenExpired):
|
||||
return nil, TokenExpired
|
||||
case errors.Is(err, jwt.ErrTokenMalformed):
|
||||
return nil, TokenMalformed
|
||||
case errors.Is(err, jwt.ErrTokenSignatureInvalid):
|
||||
return nil, TokenSignatureInvalid
|
||||
case errors.Is(err, jwt.ErrTokenNotValidYet):
|
||||
return nil, TokenNotValidYet
|
||||
default:
|
||||
return nil, TokenInvalid
|
||||
}
|
||||
}
|
||||
if token != nil {
|
||||
if claims, ok := token.Claims.(*request.AppUserClaims); ok && token.Valid {
|
||||
return claims, nil
|
||||
}
|
||||
}
|
||||
return nil, TokenValid
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue