refactor(middlewares/auth): 添加 BuildToken 用于生成令牌

middlewares/auth/auth.go

@@ -11,6 +11,8 @@ import (
 	"github.com/issue9/web"
 )
 
+const Bearer = "bearer "
+
 // Auth 登录凭证的验证接口
 //
 // T 表示每次验证后，附加在 [web.Context] 上的数据。
@@ -27,16 +29,19 @@ type Auth[T any] interface {
 	GetInfo(*web.Context) (T, bool)
 }
 
-// GetToken 获取客户端提交的 token
+// GetToken 获取客户端提交的令牌
 //
 // header 表示报头的名称；
 // prefix 表示报头内容的前缀；
 func GetToken(ctx *web.Context, prefix, header string) string {
-	prefixLen := len(prefix)
+	l := len(prefix)
 	h := ctx.Request().Header.Get(header)
-	if len(h) > prefixLen && strings.ToLower(h[:prefixLen]) == prefix {
-		return h[prefixLen:]
+	if len(h) > l && strings.ToLower(h[:l]) == prefix {
+		return h[l:]
 	}
 	ctx.Logs().DEBUG().LocaleString(web.Phrase("the client %s header %s is invalid format", header, h))
 	return ""
 }
+
+// BuildToken 生成一个完整的令牌
+func BuildToken(prefix, token string) string { return prefix + token }

middlewares/auth/basic/basic.go

@@ -20,8 +20,6 @@ import (
 
 const prefix = "basic "
 
-const prefixLen = 6 // len(prefix)
-
 // AuthFunc 验证登录用户的函数签名
 //
 // username,password 表示用户登录信息。

middlewares/auth/jwt/jwt_test.go

@@ -170,13 +170,13 @@ func verifierMiddleware(a *assert.Assertion, s web.Server, j *JWT[*testClaims])
 			NotEmpty(resp.Refresh)
 
 		servertest.Get(a, "http://localhost:8080/info").
-			Header(header.Authorization, prefix+resp.Access).
+			Header(header.Authorization, auth.BuildToken(auth.Bearer, resp.Access)).
 			Do(nil).
 			Status(http.StatusOK)
 
 		resp2 := &Response{}
 		servertest.Post(a, "http://localhost:8080/refresh", nil).
-			Header(header.Authorization, prefix+resp.Refresh).
+			Header(header.Authorization, auth.BuildToken(auth.Bearer, resp.Refresh)).
 			Do(nil).
 			Status(http.StatusCreated).
 			BodyFunc(func(a *assert.Assertion, body []byte) {
@@ -193,24 +193,24 @@ func verifierMiddleware(a *assert.Assertion, s web.Server, j *JWT[*testClaims])
 
 		// 旧令牌已经无法访问
 		servertest.Get(a, "http://localhost:8080/info").
-			Header(header.Authorization, prefix+resp.Access).
+			Header(header.Authorization, auth.BuildToken(auth.Bearer, resp.Access)).
 			Do(nil).
 			Status(http.StatusUnauthorized)
 
 		// 新令牌可以访问
 		servertest.Get(a, "http://localhost:8080/info").
-			Header(header.Authorization, prefix+resp2.Access).
+			Header(header.Authorization, auth.BuildToken(auth.Bearer, resp2.Access)).
 			Do(nil).
 			Status(http.StatusOK)
 
 		servertest.Delete(a, "http://localhost:8080/login").
-			Header(header.Authorization, prefix+resp2.Access).
+			Header(header.Authorization, auth.BuildToken(auth.Bearer, resp2.Access)).
 			Do(nil).
 			Status(http.StatusNoContent)
 
 		// token 已经在 delete /login 中被弃用
 		servertest.Get(a, "http://localhost:8080/info").
-			Header(header.Authorization, prefix+resp2.Access).
+			Header(header.Authorization, auth.BuildToken(auth.Bearer, resp2.Access)).
 			Do(nil).
 			Status(http.StatusUnauthorized)
 	})

middlewares/auth/jwt/verifier.go

@@ -17,12 +17,6 @@ import (
 	"github.com/issue9/webuse/v7/middlewares/auth"
 )
 
-const (
-	prefix = "bearer "
-
-	prefixLen = 7 // len(prefix)
-)
-
 type (
 	// Verifier JWT 验证器
 	//
@@ -70,7 +64,7 @@ func NewVerifier[T Claims](b Blocker[T], f BuildClaimsFunc[T]) *Verifier[T] {
 
 func (j *Verifier[T]) Logout(ctx *web.Context) error {
 	if c, found := j.GetInfo(ctx); found {
-		return j.blocker.BlockToken(auth.GetToken(ctx, prefix, header.Authorization), c.BaseToken() != "")
+		return j.blocker.BlockToken(auth.GetToken(ctx, auth.Bearer, header.Authorization), c.BaseToken() != "")
 	}
 	return nil
 }
@@ -90,7 +84,7 @@ func (j *Verifier[T]) Middleware(next web.HandlerFunc) web.HandlerFunc {
 }
 
 func (j *Verifier[T]) resp(ctx *web.Context, refresh bool, next web.HandlerFunc) web.Responser {
-	token := auth.GetToken(ctx, prefix, header.Authorization)
+	token := auth.GetToken(ctx, auth.Bearer, header.Authorization)
 	if token == "" || j.blocker.TokenIsBlocked(token) {
 		return ctx.Problem(web.ProblemUnauthorized)
 	}