-
Notifications
You must be signed in to change notification settings - Fork 4
/
login.go
executable file
·183 lines (166 loc) · 5.17 KB
/
login.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
/**
* Created by Goland.
* @file login.go
* @author 李锦 <lijin@cavemanstudio.net>
* @date 2022/4/11 11:37
* @desc login.go
*/
package auth
import (
"crypto"
"errors"
"fmt"
"github.com/golang-jwt/jwt/v4"
"github.com/x-module/utils/global"
"github.com/x-module/utils/nakama/common"
"github.com/x-module/utils/utils"
"github.com/x-module/utils/utils/request"
"github.com/x-module/utils/utils/xlog"
"time"
)
// LoginToken 身份验证token
type LoginToken struct {
Token string `json:"token"`
Uname string `json:"uname"`
Email string `json:"email"`
Role UserRole `json:"role"`
}
type ConsoleTokenClaims struct {
Username string `json:"usn,omitempty"`
Email string `json:"ema,omitempty"`
Role UserRole `json:"rol,omitempty"`
ExpiresAt int64 `json:"exp,omitempty"`
Cookie string `json:"cki,omitempty"`
}
// InvalidToken 无效token
const InvalidToken = 2
// EffectiveToken 有效token
const EffectiveToken = 1
// ExpireToken 过期token
const ExpireToken = 3
type UserRole int32
type Auth struct {
common.NakamaApi
userName string
password string
url string
model string
signKey string
}
func NewAuth(userName string, password string, url string, signKey string, model string) *Auth {
auth := new(Auth)
auth.userName = userName
auth.password = password
auth.url = url
auth.model = model
auth.signKey = signKey
return auth
}
// Valid 校验
func (stc *ConsoleTokenClaims) Valid() error {
// Verify expiry.
if stc.ExpiresAt <= time.Now().UTC().Unix() {
vErr := new(jwt.ValidationError)
xlog.Logger.Warning("Token is expired")
vErr.Inner = errors.New("Token is expired")
vErr.Errors |= jwt.ValidationErrorExpired
return vErr
}
return nil
}
// 解析token
func (a *Auth) parseConsoleToken(hmacSecretByte []byte, tokenString string) (username, email string, role UserRole, exp int64, ok bool) {
token, err := jwt.ParseWithClaims(tokenString, &ConsoleTokenClaims{}, func(token *jwt.Token) (any, error) {
if s, ok := token.Method.(*jwt.SigningMethodHMAC); !ok || s.Hash != crypto.SHA256 {
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
}
return hmacSecretByte, nil
})
if utils.HasErr(err, global.GetTokenErr) {
return
}
claims, ok := token.Claims.(*ConsoleTokenClaims)
if !ok || !token.Valid {
return
}
return claims.Username, claims.Email, claims.Role, claims.ExpiresAt, true
}
// token 检测
func (a *Auth) testToken(loginToken LoginToken) (int, error) {
token, err := jwt.Parse(loginToken.Token, func(token *jwt.Token) (any, error) {
if s, ok := token.Method.(*jwt.SigningMethodHMAC); !ok || s.Hash != crypto.SHA256 {
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
}
return []byte(a.signKey), nil
})
if utils.HasErr(err, global.GetTokenErr) {
xlog.Logger.Error("parse token error:", err, " config:", a.signKey, ", token:", loginToken.Token)
return InvalidToken, err
}
uname, email, role, exp, ok := a.parseConsoleToken([]byte(a.signKey), loginToken.Token)
xlog.Logger.Debug("parse_console_token:", " uname:", uname, " email:", email, " role:", role, " exp:", exp, " ok:", ok)
if !ok || !token.Valid {
// The token or its claims are invalid.
xlog.Logger.Error("console login token or its claims are invalid")
return InvalidToken, err
}
if exp <= time.Now().UTC().Unix() {
// Token expired.
xlog.Logger.Error("console login token login expired")
return ExpireToken, err
}
return EffectiveToken, nil
}
// GetToken 获取身份token
func (a *Auth) GetToken(loginToken LoginToken) (LoginToken, error) {
if loginToken.Token == "" {
token, err := a.login()
if utils.HasErr(err, global.AccountLoginErr) {
return LoginToken{}, err
} else {
return token, err
}
} else {
_, err := a.testToken(loginToken)
if utils.HasErr(err, global.AccountTokenExpressErr) {
// if checkResult == ExpireToken { // token过期
return a.GetToken(LoginToken{})
// }
// return LoginToken{}, err
} else {
return loginToken, err
}
}
}
// 登录操作
func (a *Auth) login() (LoginToken, error) {
data := struct {
Username string `json:"username"`
Password string `json:"password"`
}{
Username: a.userName,
Password: a.password,
}
xlog.Logger.Info("当前运行模式为:", a.model)
response, err := request.NewRequest().Debug(a.model == xlog.DebugMode).Json().SetTimeout(10).Post(a.url, data)
if utils.HasErr(err, global.AccountLoginErr) {
return LoginToken{}, err
}
defer response.Close()
if !utils.Success(response.StatusCode()) {
xlog.Logger.Error("request nakama server error", response)
return LoginToken{}, errors.New("request nakama server error")
}
var loginToken LoginToken
err = response.Json(&loginToken)
if utils.HasErr(err, global.ParseJsonDataErr) {
return LoginToken{}, err
}
xlog.Logger.Info("success login nakama console. token info: ", loginToken)
// uname, email, role, exp, ok := a.parseConsoleToken([]byte(a.Config.NakamaConfig.Account.SignKey), loginToken.Token)
// xlog.Logger.Debug("parseConsoleToken:", " uname:", uname, " email:", email, " role:", role, " exp:", exp, " ok:", ok)
// loginToken.Uname = uname
// loginToken.Email = email
// loginToken.Role = role
return loginToken, nil
}