-
Notifications
You must be signed in to change notification settings - Fork 27
/
jwt.go
105 lines (89 loc) · 3.41 KB
/
jwt.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
// Licensed to the Apache Software Foundation (ASF) under one
// or more contributor license agreements. See the NOTICE file
// distributed with this work for additional information
// regarding copyright ownership. The ASF licenses this file
// to you under the Apache License, Version 2.0 (the
// "License"); you may not use this file except in compliance
// with the License. You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied. See the License for the
// specific language governing permissions and limitations
// under the License.
package jwt
import (
"time"
"github.com/pkg/errors"
"github.com/dgrijalva/jwt-go"
"github.com/CocaineCong/tangseng/consts"
)
var jwtSecret = []byte("38324-search-engine") // TODO 从配置文件读取
type Claims struct {
ID int64 `json:"id"`
Username string `json:"username"`
jwt.StandardClaims
}
// GenerateToken 签发用户Token
func GenerateToken(id int64, username string) (accessToken, refreshToken string, err error) {
nowTime := time.Now()
expireTime := nowTime.Add(consts.AccessTokenExpireDuration)
rtExpireTime := nowTime.Add(consts.RefreshTokenExpireDuration)
claims := Claims{
ID: id,
Username: username,
StandardClaims: jwt.StandardClaims{
ExpiresAt: expireTime.Unix(),
Issuer: "mall",
},
}
// 加密并获得完整的编码后的字符串token
accessToken, err = jwt.NewWithClaims(jwt.SigningMethodHS256, claims).SignedString(jwtSecret)
if err != nil {
return "", "", errors.Wrap(err, "failed to get accessToken")
}
refreshToken, err = jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.StandardClaims{
ExpiresAt: rtExpireTime.Unix(),
Issuer: "search-engine",
}).SignedString(jwtSecret)
if err != nil {
return "", "", errors.Wrap(err, "failed to get refreshToken")
}
return accessToken, refreshToken, err
}
// ParseToken 验证用户token
func ParseToken(token string) (*Claims, error) {
tokenClaims, err := jwt.ParseWithClaims(token, &Claims{}, func(token *jwt.Token) (interface{}, error) {
return jwtSecret, nil
})
if tokenClaims != nil {
if claims, ok := tokenClaims.Claims.(*Claims); ok && tokenClaims.Valid {
return claims, nil
}
}
return nil, errors.Wrap(err, "failed to parse token")
}
// ParseRefreshToken 验证用户token
func ParseRefreshToken(aToken, rToken string) (newAToken, newRToken string, err error) {
accessClaim, err := ParseToken(aToken)
if err != nil {
return newAToken, newRToken, errors.WithMessage(err, "failed to parse accessToken")
}
refreshClaim, err := ParseToken(rToken)
if err != nil {
return newAToken, newRToken, errors.WithMessage(err, "failed to parse refreshToken")
}
if accessClaim.ExpiresAt > time.Now().Unix() {
// 如果 access_token 没过期,每一次请求都刷新 refresh_token 和 access_token
return GenerateToken(accessClaim.ID, accessClaim.Username)
}
if refreshClaim.ExpiresAt > time.Now().Unix() {
// 如果 access_token 过期了,但是 refresh_token 没过期, 刷新 refresh_token 和 access_token
return GenerateToken(accessClaim.ID, accessClaim.Username)
}
// 如果两者都过期了,重新登陆
return "", "", errors.WithMessage(errors.New("身份过期,重新登陆"), "failed to parse refreshToken")
}