Golang的JWT权限校验解析
package pkg
import (
"errors"
"time"
"catering/global"
"catering/model/system/request"
"github.com/dgrijalva/jwt-go"
)
type JWT struct {
SigningKey []byte
}
var (
ErrTokenExpired = errors.New("token is expired")
ErrTokenNotValidYet = errors.New("token not active yet")
ErrTokenMalformed = errors.New("that's not even a token")
ErrTokenInvalid = errors.New("couldn't handle this token")
)
func NewJWT() *JWT {
return &JWT{
[]byte(global.Config.JWT.SigningKey),
}
}
//生成claims
func (j *JWT) CreateClaims(baseClaims request.BaseClaims) request.CustomClaims {
claims := request.CustomClaims{
BaseClaims: baseClaims,
StandardClaims: jwt.StandardClaims{
NotBefore: time.Now().Unix() - 1000, // 签名生效时间
ExpiresAt: time.Now().Unix() + global.Config.JWT.ExpiresTime, // 过期时间 7天 配置文件
Issuer: global.Config.JWT.Issuer, // 签名的发行者
},
}
return claims
}
// 创建一个token
func (j *JWT) CreateToken(claims request.CustomClaims) (string, error) {
//对token进行签名加密
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
return token.SignedString(j.SigningKey)
}
// CreateTokenByOldToken 旧token 换新token 用concurrency_control对token进行加锁避免并发问题(加锁粒度为oldToken)
func (j *JWT) CreateTokenByOldToken(oldToken string, claims request.CustomClaims) (string, error) {
v, err, _ := global.Concurrency_Control.Do("JWT:"+oldToken, func() (interface{}, error) {
return j.CreateToken(claims)
})
return v.(string), err
}
// 解析 token
func (j *JWT) ParseToken(tokenString string) (*request.CustomClaims, error) {
token, err := jwt.ParseWithClaims(tokenString, &request.CustomClaims{}, func(token *jwt.Token) (i interface{}, e error) {
return j.SigningKey, nil
})
if err != nil {
if ve, ok := err.(*jwt.ValidationError); ok {
if ve.Errors&jwt.ValidationErrorMalformed != 0 {
return nil, ErrTokenMalformed
} else if ve.Errors&jwt.ValidationErrorExpired != 0 {
// Token is expired
return nil, ErrTokenExpired
} else if ve.Errors&jwt.ValidationErrorNotValidYet != 0 {
return nil, ErrTokenNotValidYet
} else {
return nil, ErrTokenInvalid
}
}
}
if token != nil {
if claims, ok := token.Claims.(*request.CustomClaims); ok && token.Valid {
return claims, nil
}
return nil, ErrTokenInvalid
} else {
return nil, ErrTokenInvalid
}
}