132 lines
3.2 KiB
Go
132 lines
3.2 KiB
Go
package auth
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
"time"
|
|
|
|
"yinli-api/pkg/config"
|
|
|
|
"github.com/golang-jwt/jwt/v5"
|
|
)
|
|
|
|
// Claims JWT声明
|
|
type Claims struct {
|
|
UserID uint `json:"user_id"`
|
|
Username string `json:"username"`
|
|
jwt.RegisteredClaims
|
|
}
|
|
|
|
// GenerateToken 生成JWT令牌
|
|
func GenerateToken(userID uint, username string) (string, error) {
|
|
cfg := config.AppConfig
|
|
if cfg == nil {
|
|
return "", errors.New("配置未初始化")
|
|
}
|
|
|
|
now := time.Now()
|
|
claims := Claims{
|
|
UserID: userID,
|
|
Username: username,
|
|
RegisteredClaims: jwt.RegisteredClaims{
|
|
ExpiresAt: jwt.NewNumericDate(now.Add(time.Duration(cfg.JWT.ExpireHours) * time.Hour)),
|
|
IssuedAt: jwt.NewNumericDate(now),
|
|
NotBefore: jwt.NewNumericDate(now),
|
|
Issuer: "yinli-api",
|
|
Subject: fmt.Sprintf("%d", userID),
|
|
},
|
|
}
|
|
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
|
return token.SignedString([]byte(cfg.JWT.Secret))
|
|
}
|
|
|
|
// ParseToken 解析JWT令牌
|
|
func ParseToken(tokenString string) (*Claims, error) {
|
|
cfg := config.AppConfig
|
|
if cfg == nil {
|
|
return nil, errors.New("配置未初始化")
|
|
}
|
|
|
|
token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) {
|
|
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
|
return nil, fmt.Errorf("意外的签名方法: %v", token.Header["alg"])
|
|
}
|
|
return []byte(cfg.JWT.Secret), nil
|
|
})
|
|
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if claims, ok := token.Claims.(*Claims); ok && token.Valid {
|
|
return claims, nil
|
|
}
|
|
|
|
return nil, errors.New("无效的令牌")
|
|
}
|
|
|
|
// ValidateToken 验证JWT令牌
|
|
func ValidateToken(tokenString string) (*Claims, error) {
|
|
claims, err := ParseToken(tokenString)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// 检查令牌是否过期
|
|
if claims.ExpiresAt != nil && claims.ExpiresAt.Time.Before(time.Now()) {
|
|
return nil, errors.New("令牌已过期")
|
|
}
|
|
|
|
return claims, nil
|
|
}
|
|
|
|
// RefreshToken 刷新JWT令牌
|
|
func RefreshToken(tokenString string) (string, error) {
|
|
claims, err := ParseToken(tokenString)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
// 检查令牌是否在刷新窗口内
|
|
cfg := config.AppConfig
|
|
refreshWindow := time.Duration(cfg.JWT.ExpireHours/2) * time.Hour
|
|
if claims.ExpiresAt != nil && time.Until(claims.ExpiresAt.Time) > refreshWindow {
|
|
return "", errors.New("令牌还未到刷新时间")
|
|
}
|
|
|
|
return GenerateToken(claims.UserID, claims.Username)
|
|
}
|
|
|
|
// ExtractTokenFromHeader 从请求头中提取令牌
|
|
func ExtractTokenFromHeader(authHeader string) (string, error) {
|
|
if authHeader == "" {
|
|
return "", errors.New("授权头为空")
|
|
}
|
|
|
|
const bearerPrefix = "Bearer "
|
|
if len(authHeader) < len(bearerPrefix) || authHeader[:len(bearerPrefix)] != bearerPrefix {
|
|
return "", errors.New("无效的授权头格式")
|
|
}
|
|
|
|
return authHeader[len(bearerPrefix):], nil
|
|
}
|
|
|
|
// GetUserIDFromToken 从令牌中获取用户ID
|
|
func GetUserIDFromToken(tokenString string) (uint, error) {
|
|
claims, err := ValidateToken(tokenString)
|
|
if err != nil {
|
|
return 0, err
|
|
}
|
|
return claims.UserID, nil
|
|
}
|
|
|
|
// GetUsernameFromToken 从令牌中获取用户名
|
|
func GetUsernameFromToken(tokenString string) (string, error) {
|
|
claims, err := ValidateToken(tokenString)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return claims.Username, nil
|
|
}
|