具体代码见GitHub
创建一个工具包,对jwt相关操作进行封装
package utils
import (
"github.com/dgrijalva/jwt-go"
"time"
)
var jwtKey = []byte("bbs_secret_key")
type Claims struct {
Username string `json:"username"`
jwt.StandardClaims
}
func ReleaseToken(username string) (tokenString string, err error) {
// 过期时间 7天
expirationTime := time.Now().Add(7 * 24 * time.Hour)
claims := &Claims{
Username: username,
StandardClaims: jwt.StandardClaims{
ExpiresAt: expirationTime.Unix(),
IssuedAt: time.Now().Unix(),
Issuer: "Edgar",
Subject: "jwt token for auth",
},
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
tokenString, err = token.SignedString(jwtKey)
if err != nil {
return "", err
}
return
}
func ParseToken(tokenString string) (*jwt.Token, *Claims, error) {
claims := &Claims{}
token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) {
return jwtKey, nil
})
return token, claims, err
}
然后添加一个中间件,对用户进行验证
package middleware
import (
"bbs/dao"
"bbs/model"
"bbs/utils"
"github.com/gin-gonic/gin"
"net/http"
"strings"
)
func AuthMiddleware() gin.HandlerFunc {
return func(c *gin.Context) {
// 获取authorization header
tokenString := c.GetHeader("Authorization")
if tokenString == "" || !strings.HasPrefix(tokenString, "Bearer") {
c.JSON(http.StatusUnauthorized, gin.H{
"message": "权限不足",
})
c.Abort()
return
}
// 获取真正的token字符串
tokenString = tokenString[7:]
token, claims, err := utils.ParseToken(tokenString)
if err != nil || !token.Valid {
c.JSON(http.StatusUnauthorized, gin.H{
"message": "权限不足",
})
c.Abort()
return
}
username := claims.Username
db := dao.DB
var user model.User
db.Model(&model.User{}).Where("username = ?", username).First(&user)
// 如果没有找到
if user.Id == 0 {
c.JSON(http.StatusUnauthorized, gin.H{
"message": "权限不足",
})
c.Abort()
return
}
// 如果存在
c.Set("user", user)
c.Next()
}
}
最后在需要验证用户的路径下使用中间件即可
v5.POST("/upload", middleware.AuthMiddleware(), controller.UploadFile)