feat: use new auth method

ncuhome · May 18, 2024 · 77305f4 · 77305f4
1 parent 30dd302
commit 77305f4
Show file tree

Hide file tree

Showing 6 changed files with 37 additions and 31 deletions.
diff --git a/README.md b/README.md
@@ -14,13 +14,14 @@ GeniusAuthoritarian 单体门控程序
 
 环境变量：
 
-| 键名             | 必须 | 默认值         | 说明                     |
-|----------------|:--:|-------------|------------------------|
-| Addr           | √  |             | 代理目标地址，不带协议            |
-| AesKey         | √  |             | 长度必须为 32 位，用于加密 cookie |
-| AppCode        | √  |             | 在 GeniusAuth 后台申请      |
-| AppSecret      | √  |             | 同上                     |
-| Timeout        | x  | 30          | 代理请求超时时间，秒             |
-| LoginValidate  | x  | 7           | 登录身份保持时间，天，7-30        |
-| WhiteListPath  | x  |             | 免鉴权路径，完全匹配，英文逗号分隔      |
-| GeniusAuthHost | x  | v.ncuos.com | GeniusAuth Host        |
+| 键名                     | 必须 | 默认值                   | 说明                     |
+|------------------------|:--:|-----------------------|------------------------|
+| `Addr`                 | √  |                       | 代理目标地址，不带协议            |
+| `AesKey`               | √  |                       | 长度必须为 32 位，用于加密 cookie |
+| `AppCode`              | √  |                       | 在 GeniusAuth 后台申请      |
+| `AppSecret`            | √  |                       | 同上                     |
+| `Timeout`              | x  | `30`                  | 代理请求超时时间，秒             |
+| `LoginValidate`        | x  | `7`                   | 登录身份保持时间，天，7-30        |
+| `WhiteListPath`        | x  |                       | 免鉴权路径，完全匹配，英文逗号分隔      |
+| `GeniusAuthHost`       | x  | `v.ncuos.com`         | GeniusAuth Host        |
+| `GeniusAuthAppRpcAddr` | x  | `v-app.ncuos.com:443` |                        |
diff --git a/go.mod b/go.mod
@@ -10,7 +10,6 @@ require (
 	github.com/Mmx233/tool v0.7.7
 	github.com/gin-gonic/gin v1.10.0
 	github.com/ncuhome/GeniusAuthoritarianClient v1.3.2
-	github.com/ncuhome/GeniusAuthoritarianRefreshTokenRpc v0.0.2
 	github.com/sirupsen/logrus v1.9.3
 	golang.org/x/net v0.25.0
 	google.golang.org/grpc v1.64.0
@@ -34,7 +33,6 @@ require (
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/ncuhome/GeniusAuthoritarianProtos v0.0.4 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.2 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
 	github.com/ugorji/go/codec v1.2.12 // indirect

diff --git a/go.sum b/go.sum
@@ -57,10 +57,6 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/ncuhome/GeniusAuthoritarianClient v1.3.2 h1:qIluZiQvbCE4cB88BGeyZ16HRCksSPZ90EVPG9IHe04=
 github.com/ncuhome/GeniusAuthoritarianClient v1.3.2/go.mod h1:L1eT12Lwhx0IJgVeCyfyKFhCEPdVsReTcDJeWUzqbCY=
-github.com/ncuhome/GeniusAuthoritarianProtos v0.0.4 h1:CzlRdPZvUJTWT+bLxF7Miy99RWHG0P8d1+Mq9s8+nbQ=
-github.com/ncuhome/GeniusAuthoritarianProtos v0.0.4/go.mod h1:q8WcqyGzp0pBuoWWAQJhTucvMiPkh+oAeDMIClZSQlc=
-github.com/ncuhome/GeniusAuthoritarianRefreshTokenRpc v0.0.2 h1:HpvC16u1UfNCrK0lhS73+YzzOWoNO3jJTzeU0llnlBA=
-github.com/ncuhome/GeniusAuthoritarianRefreshTokenRpc v0.0.2/go.mod h1:TUcyJsxflPa+u2ELqXseYVP1393IVoh115uNBF95fRA=
 github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
 github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=

diff --git a/internal/global/config.go b/internal/global/config.go
@@ -5,7 +5,8 @@ import (
 )
 
 type _Config struct {
-	GeniusAuthHost string `config:"omitempty"`
+	GeniusAuthHost       string `config:"omitempty"`
+	GeniusAuthAppRpcAddr string `config:"omitempty"`
 
 	Addr string
 	// default 30s
@@ -28,6 +29,9 @@ func fillDefaultConfig() {
 	if Config.GeniusAuthHost == "" {
 		Config.GeniusAuthHost = "v.ncuos.com"
 	}
+	if Config.GeniusAuthAppRpcAddr == "" {
+		Config.GeniusAuthAppRpcAddr = "v-app.ncuos.com"
+	}
 
 	if Config.Timeout == 0 {
 		Config.Timeout = 30

diff --git a/internal/middlewares/auth.go b/internal/middlewares/auth.go
@@ -1,11 +1,11 @@
 package middlewares
 
 import (
-	"fmt"
 	"github.com/gin-gonic/gin"
+	"github.com/ncuhome/GeniusAuthoritarianClient/rpc/appProto"
 	"github.com/ncuhome/GeniusAuthoritarianGate/internal/global"
+	"github.com/ncuhome/GeniusAuthoritarianGate/internal/pkg/ga"
 	"github.com/ncuhome/GeniusAuthoritarianGate/internal/util"
-	refreshTokenRpc "github.com/ncuhome/GeniusAuthoritarianRefreshTokenRpc"
 	log "github.com/sirupsen/logrus"
 	"golang.org/x/net/context"
 	"google.golang.org/grpc/codes"
@@ -14,13 +14,11 @@ import (
 )
 
 func Auth() gin.HandlerFunc {
-	rpcClient, err := refreshTokenRpc.NewRpc(fmt.Sprintf("%s:443", global.Config.GeniusAuthHost), &refreshTokenRpc.Config{
-		AppCode:   global.Config.AppCode,
-		AppSecret: global.Config.AppSecret,
-	})
+	parser, err := ga.Rpc.NewJwtParser()
 	if err != nil {
-		log.Fatalln(err)
+		log.Fatalln("Create GeniusAuth jwt parser failed:", err)
 	}
+
 	return func(c *gin.Context) {
 		if strings.HasPrefix(c.Request.URL.Path, "/login/") {
 			return
@@ -36,29 +34,30 @@ func Auth() gin.HandlerFunc {
 		if err != nil || accessToken == "" {
 			log.Warnln("无法获取 access cookie:", err)
 		} else {
-			_, err = rpcClient.VerifyAccessToken(context.Background(), accessToken)
-			if err != nil {
+			_, valid, err := parser.ParseAccessToken(accessToken)
+			if err != nil || !valid {
 				log.Warnln("验证 accessToken 失败:", err)
 			} else {
 				return
 			}
 		}
 
 		// Refresh accessToken
-
 		refreshToken, err := util.GetRefreshToken(c)
 		if err != nil || refreshToken == "" {
-			log.Warnln("无法获取 refresh cookie:", err)
+			log.Warnln("Get refresh cookie failed:", err)
 		} else {
-			result, err := rpcClient.RefreshToken(context.Background(), refreshToken)
+			result, err := ga.Rpc.RefreshToken(context.Background(), &appProto.RefreshTokenRequest{
+				Token: refreshToken,
+			})
 			if err != nil {
 				if status.Code(err) != codes.Unauthenticated {
-					log.Errorln("刷新 access token 异常:", err)
+					log.Errorln("Refresh access token failed:", err)
 				}
 			} else {
 				err = util.SetAccessToken(c, result.AccessToken)
 				if err != nil {
-					log.Errorln("设置 access token 失败:", err)
+					log.Errorln("Set access token failed:", err)
 				}
 				return
 			}

diff --git a/internal/pkg/ga/client.go b/internal/pkg/ga/client.go
@@ -4,14 +4,22 @@ import (
 	geniusAuth "github.com/ncuhome/GeniusAuthoritarianClient"
 	"github.com/ncuhome/GeniusAuthoritarianGate/internal/global"
 	"github.com/ncuhome/GeniusAuthoritarianGate/internal/util"
+	log "github.com/sirupsen/logrus"
 )
 
 var Client *geniusAuth.Client
+var Rpc *geniusAuth.RpcClient
 
 func init() {
 	Client = geniusAuth.NewClient(
 		global.Config.GeniusAuthHost,
 		global.Config.AppCode, global.Config.AppSecret,
 		util.Http.Client,
 	)
+
+	var err error
+	Rpc, err = Client.NewRpcClient(global.Config.GeniusAuthAppRpcAddr)
+	if err != nil {
+		log.Fatalln("Create GeniusAuth rpc connection failed:", err)
+	}
 }