package auth import ( "errors" "fmt" "time" "yinli-api/pkg/config" "github.com/golang-jwt/jwt/v5" ) // Claims JWT声明 type Claims struct { UserID uint `json:"user_id"` Username string `json:"username"` jwt.RegisteredClaims } // GenerateToken 生成JWT令牌 func GenerateToken(userID uint, username string) (string, error) { cfg := config.AppConfig if cfg == nil { return "", errors.New("配置未初始化") } now := time.Now() claims := Claims{ UserID: userID, Username: username, RegisteredClaims: jwt.RegisteredClaims{ ExpiresAt: jwt.NewNumericDate(now.Add(time.Duration(cfg.JWT.ExpireHours) * time.Hour)), IssuedAt: jwt.NewNumericDate(now), NotBefore: jwt.NewNumericDate(now), Issuer: "yinli-api", Subject: fmt.Sprintf("%d", userID), }, } token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) return token.SignedString([]byte(cfg.JWT.Secret)) } // ParseToken 解析JWT令牌 func ParseToken(tokenString string) (*Claims, error) { cfg := config.AppConfig if cfg == nil { return nil, errors.New("配置未初始化") } token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) { if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { return nil, fmt.Errorf("意外的签名方法: %v", token.Header["alg"]) } return []byte(cfg.JWT.Secret), nil }) if err != nil { return nil, err } if claims, ok := token.Claims.(*Claims); ok && token.Valid { return claims, nil } return nil, errors.New("无效的令牌") } // ValidateToken 验证JWT令牌 func ValidateToken(tokenString string) (*Claims, error) { claims, err := ParseToken(tokenString) if err != nil { return nil, err } // 检查令牌是否过期 if claims.ExpiresAt != nil && claims.ExpiresAt.Time.Before(time.Now()) { return nil, errors.New("令牌已过期") } return claims, nil } // RefreshToken 刷新JWT令牌 func RefreshToken(tokenString string) (string, error) { claims, err := ParseToken(tokenString) if err != nil { return "", err } // 检查令牌是否在刷新窗口内 cfg := config.AppConfig refreshWindow := time.Duration(cfg.JWT.ExpireHours/2) * time.Hour if claims.ExpiresAt != nil && time.Until(claims.ExpiresAt.Time) > refreshWindow { return "", errors.New("令牌还未到刷新时间") } return GenerateToken(claims.UserID, claims.Username) } // ExtractTokenFromHeader 从请求头中提取令牌 func ExtractTokenFromHeader(authHeader string) (string, error) { if authHeader == "" { return "", errors.New("授权头为空") } const bearerPrefix = "Bearer " if len(authHeader) < len(bearerPrefix) || authHeader[:len(bearerPrefix)] != bearerPrefix { return "", errors.New("无效的授权头格式") } return authHeader[len(bearerPrefix):], nil } // GetUserIDFromToken 从令牌中获取用户ID func GetUserIDFromToken(tokenString string) (uint, error) { claims, err := ValidateToken(tokenString) if err != nil { return 0, err } return claims.UserID, nil } // GetUsernameFromToken 从令牌中获取用户名 func GetUsernameFromToken(tokenString string) (string, error) { claims, err := ValidateToken(tokenString) if err != nil { return "", err } return claims.Username, nil }