package middleware import ( "encoding/json" "fmt" "hpds-iot-web/model" e "hpds-iot-web/pkg/err" "net/http" "time" "github.com/dgrijalva/jwt-go" "github.com/gin-gonic/gin" "go.uber.org/zap" ) var secretKey = []byte("17715d3df8712f0a3b31cfed384f668e95822de4e4a371e4ceaa6f1b279e482a0af32b4615d39f8857d0a1d99d2787f773147a9ed7587b243e0fe1b04076e307") // 验签使用 var AuthKey = "auth-key" var AuthSignature = "auth-signature" // Claims 自定义声明 type Claims struct { Avatar string `json:"avatar"` Desc string `json:"desc"` HomePath string `json:"homePath"` RealName string `json:"realName"` Roles []model.SystemRole `json:"roles"` UserId int64 `json:"userId"` Token string `json:"token,omitempty"` Phone string `json:"phone"` jwt.StandardClaims } // Sign 生成token func Sign(user *model.SystemUser, expires int) (string, error) { // 过期时间为秒 expAt := time.Now().Add(time.Duration(expires) * time.Second).Unix() // 创建声明 claims := Claims{ Avatar: user.Avatar, Desc: user.Desc, HomePath: user.HomePath, RealName: user.RealName, Roles: model.GetRolesByUserId(user.UserId), UserId: user.UserId, Phone: user.Phone, StandardClaims: jwt.StandardClaims{ ExpiresAt: expAt, Issuer: "交科院", }, } var err error //创建token,指定加密算法为HS256 token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) claims.Token, err = token.SignedString(secretKey) //生成token return claims.Token, err } // JwtAuthMiddleware JWT处理中间件 func JwtAuthMiddleware(logger *zap.Logger) gin.HandlerFunc { return func(c *gin.Context) { path := c.Request.URL.Path var ( err error Cookie *http.Cookie usClaims *Claims user *model.SystemUser ) token := c.GetHeader("token") // 这里可以过滤不需要进行验证的接口 if path == "/user/login" || path == "/health" { goto Return } if len(token) == 0 { Cookie, err = c.Request.Cookie("token") if err != nil { logger.With( zap.String("method", c.Request.Method), zap.String("path", path), zap.Any("request", c.Params), ).Error(err.Error()) goto Return } token = Cookie.Value } if len(token) <= 0 { logger.With( zap.String("method", c.Request.Method), zap.String("path", path), zap.Any("request", c.Params), ).Error("缺少token") goto Return } usClaims, err = GetUserInfoByToken(c, token, logger) if err != nil { c.JSON(e.NoAuth, gin.H{"code": e.NoAuth, "msg": "未登录的用户请求"}) c.Abort() return } if err != nil { logger.With( zap.String("method", c.Request.Method), zap.String("path", path), zap.Any("request", c.Params), ).Error(err.Error()) goto Return } user, err = model.GetUserById(usClaims.UserId) if err != nil { logger.With( zap.String("method", c.Request.Method), zap.String("path", path), zap.Any("request", c.Params), ).Error(err.Error()) goto Return } c.Set("operatorUser", user) Return: if err != nil { c.Header("Content-Type", "application/json") c.AbortWithStatusJSON(http.StatusBadRequest, gin.H{ "code": http.StatusBadRequest, "status": http.StatusText(http.StatusBadRequest), "path": path, "message": "失败", "error": "token过期/失效,请登录后重试", "data": nil, }) return } c.Next() } } func GetUserInfoByToken(ctx *gin.Context, token string, logger *zap.Logger) (data *Claims, err error) { nosql := NewNoSql(logger) su, err := nosql.Get(ctx, token) if err != nil { return nil, err } data = new(Claims) err = json.Unmarshal([]byte(fmt.Sprintf("%s", su)), data) if err != nil { return nil, err } return data, nil }