forked from gogf/gf-jwt
-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.go
129 lines (117 loc) · 3.64 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
package api
import (
jwt "github.com/gogf/gf-jwt"
"github.com/gogf/gf-jwt/example/model"
"github.com/gogf/gf-jwt/example/service"
"github.com/gogf/gf/frame/g"
"github.com/gogf/gf/net/ghttp"
"github.com/gogf/gf/os/glog"
"github.com/gogf/gf/util/gconv"
"net/http"
"time"
)
var (
// The underlying JWT middleware.
Auth *jwt.GfJWTMiddleware
)
// Initialization function,
// rewrite this function to customized your own JWT settings.
func init() {
authMiddleware, err := jwt.New(&jwt.GfJWTMiddleware{
Realm: "test zone",
Key: []byte("secret key"),
Timeout: time.Minute * 5,
MaxRefresh: time.Minute * 5,
IdentityKey: "id",
TokenLookup: "header: Authorization, query: token, cookie: jwt",
TokenHeadName: "Bearer",
TimeFunc: time.Now,
Authenticator: Authenticator,
LoginResponse: LoginResponse,
RefreshResponse: RefreshResponse,
LogoutResponse: LogoutResponse,
Unauthorized: Unauthorized,
PayloadFunc: PayloadFunc,
IdentityHandler: IdentityHandler,
})
if err != nil {
glog.Fatal("JWT Error:" + err.Error())
}
Auth = authMiddleware
}
// PayloadFunc is a callback function that will be called during login.
// Using this function it is possible to add additional payload data to the webtoken.
// The data is then made available during requests via c.Get("JWT_PAYLOAD").
// Note that the payload is not encrypted.
// The attributes mentioned on jwt.io can't be used as keys for the map.
// Optional, by default no additional data will be set.
func PayloadFunc(data interface{}) jwt.MapClaims {
claims := jwt.MapClaims{}
params := data.(map[string]interface{})
if len(params) > 0 {
for k, v := range params {
claims[k] = v
}
}
return claims
}
// IdentityHandler get the identity from JWT and set the identity for every request
// Using this function, by r.GetParam("id") get identity
func IdentityHandler(r *ghttp.Request) interface{} {
claims := jwt.ExtractClaims(r)
return claims[Auth.IdentityKey]
}
// Unauthorized is used to define customized Unauthorized callback function.
func Unauthorized(r *ghttp.Request, code int, message string) {
r.Response.WriteJson(g.Map{
"code": code,
"msg": message,
})
r.ExitAll()
}
// LoginResponse is used to define customized login-successful callback function.
func LoginResponse(r *ghttp.Request, code int, token string, expire time.Time) {
r.Response.WriteJson(g.Map{
"code": http.StatusOK,
"token": token,
"expire": expire.Format(time.RFC3339),
})
r.ExitAll()
}
// RefreshResponse is used to get a new token no matter current token is expired or not.
func RefreshResponse(r *ghttp.Request, code int, token string, expire time.Time) {
r.Response.WriteJson(g.Map{
"code": http.StatusOK,
"token": token,
"expire": expire.Format(time.RFC3339),
})
r.ExitAll()
}
// LogoutResponse is used to set token blacklist.
func LogoutResponse(r *ghttp.Request, code int) {
r.Response.WriteJson(g.Map{
"code": code,
"message": "success",
})
r.ExitAll()
}
// Authenticator is used to validate login parameters.
// It must return user data as user identifier, it will be stored in Claim Array.
// if your identityKey is 'id', your user data must have 'id'
// Check error (e) to determine the appropriate error message.
func Authenticator(r *ghttp.Request) (interface{}, error) {
var (
apiReq *model.ApiLoginReq
serviceReq *model.ServiceLoginReq
)
if err := r.Parse(&apiReq); err != nil {
return "", err
}
if err := gconv.Struct(apiReq, &serviceReq); err != nil {
return "", err
}
if user := service.User.GetUserByUsernamePassword(serviceReq); user != nil {
return user, nil
}
return nil, jwt.ErrFailedAuthentication
}