jwt验证

2023-06-12 20:04:30 +08:00 · 2023-06-12 20:04:30 +08:00 · 2cc13de3e2
commit 2cc13de3e2
parent bdaa3bf48b
2 changed files with 68 additions and 21 deletions
--- a/server/home-user-auth/internal/handler/useraddresslisthandler.go
+++ b/server/home-user-auth/internal/handler/useraddresslisthandler.go
@ -15,30 +15,23 @@ import (
 	"fusenapi/server/home-user-auth/internal/types"
 )

+var wantJwt = true
+
 func UserAddressListHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		// 解析jwtToken
-		claims, err := svcCtx.ParseJwtToken(r)
-		// 如果解析出错，则返回未授权的JSON响应并记录错误消息
-		if err != nil {
-			httpx.OkJsonCtx(r.Context(), w, &basic.Response{
-				Code:    401,
-				Message: "unauthorized",
-			})
-			logx.Info("unauthorized:", err.Error())
-			return
-		}
+		var userinfo *auth.UserInfo
+		var err error

-		// 从Token里获取对应的信息
-		userinfo, err := auth.GetUserInfoFormMapClaims(claims)
-		// 如果获取用户信息出错，则返回未授权的JSON响应并记录错误消息
-		if err != nil {
-			httpx.OkJsonCtx(r.Context(), w, &basic.Response{
-				Code:    401,
-				Message: "unauthorized",
-			})
-			logx.Info("unauthorized:", err.Error())
-			return
+		if wantJwt {
+			userinfo, err = auth.ParseJwtToken(w, r, &svcCtx.Config.Auth.AccessSecret)
+			if err != nil {
+				httpx.OkJsonCtx(r.Context(), w, &basic.Response{
+					Code:    401,
+					Message: "unauthorized",
+				})
+				logx.Info("unauthorized:", err.Error())
+				return
+			}
 		}

 		var req types.Request
--- a/utils/auth/user.go
+++ b/utils/auth/user.go
@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"net/http"

 	"github.com/golang-jwt/jwt"
 	"github.com/google/uuid"
@ -60,3 +61,56 @@ func GenerateJwtToken(accessSecret string, accessExpire, nowSec int64, userid in
 	token.Claims = claims
 	return token.SignedString([]byte(accessSecret))
 }
+
+func ParseJwtToken(w http.ResponseWriter, r *http.Request, AccessSecret *string) (*UserInfo, error) {
+	// 解析jwtToken
+	claims, err := getJwtClaims(r, AccessSecret)
+	// 如果解析出错，则返回未授权的JSON响应并记录错误消息
+	if err != nil {
+		// httpx.OkJsonCtx(r.Context(), w, &basic.Response{
+		// 	Code:    401,
+		// 	Message: "unauthorized",
+		// })
+		// logx.Info("unauthorized:", err.Error())
+		return nil, err
+	}
+
+	// 从Token里获取对应的信息
+	userinfo, err := GetUserInfoFormMapClaims(claims)
+	// 如果获取用户信息出错，则返回未授权的JSON响应并记录错误消息
+	if err != nil {
+		// httpx.OkJsonCtx(r.Context(), w, &basic.Response{
+		// 	Code:    401,
+		// 	Message: "unauthorized",
+		// })
+		// logx.Info("unauthorized:", err.Error())
+		return nil, err
+	}
+	return userinfo, err
+}
+
+func getJwtClaims(r *http.Request, AccessSecret *string) (jwt.MapClaims, error) {
+	AuthKey := r.Header.Get("Authorization")
+	if len(AuthKey) <= 50 {
+		return nil, errors.New(fmt.Sprint("Error parsing token, len:", len(AuthKey)))
+	}
+
+	token, err := jwt.Parse(AuthKey, func(token *jwt.Token) (interface{}, error) {
+		// 检查签名方法是否为 HS256
+		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
+		}
+		// 返回用于验证签名的密钥
+		return []byte(*AccessSecret), nil
+	})
+	if err != nil {
+		return nil, errors.New(fmt.Sprint("Error parsing token:", err))
+	}
+
+	// 验证成功返回
+	if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
+		return claims, nil
+	}
+
+	return nil, errors.New(fmt.Sprint("Invalid token", err))
+}