Home Explore Help
Register Sign In
chengqian
/
lc_veterans
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

token 和 logout

terry 2 years ago
parent
635ea722cd
commit
bdad6b2536
6 changed files with 106 additions and 34 deletions
Split View Show Diff Stats
  1. 85 30
      app/system/controller/token.go
  2. 1 1
      app/system/model/token.go
  3. 1 0
      config/config.go
  4. 1 0
      config/config.yaml
  5. 3 2
      router/router.go
  6. 15 1
      util/common.go

+ 85 - 30
app/system/controller/token.go
View File 

@@ -1,6 +1,7 @@
 
 package controller
 
 
 import (
 
+	"fmt"
 
 	"github.com/gin-gonic/gin"
 
 	"github.com/golang-jwt/jwt"
 
 	"strconv"
 
@@ -13,17 +14,35 @@ import (
 
 	"strings"
 
 )
 
 
-var Token = new(token)
 
-
 
-type token struct{}
 
+var Auth = new(auth)
 
+
 
+type auth struct{}
 
+
 
+type JwtToken struct {
 
+	jwt.StandardClaims
 
+	TenantId  string `json:"tenant_id"`
 
+	UserId    int64  `json:"user_id"`
 
+	TokenType string `json:"token_type"`
 
+	ClientId  string `json:"client_id"`
 
+	RoleId    string `json:"role_id"`
 
+	RoleName  string `json:"role_name"`
 
+	DeptId    string `json:"dept_id"`
 
+	PostId    string `json:"post_id"`
 
+	OauthId   string `json:"oauth_id"`
 
+	Account   string `json:"account"`
 
+	UserName  string `json:"user_name"`
 
+	NickName  string `json:"nick_name"`
 
+	Random    string `json:"random"`
 
+}
 
 
-func (c *token) Token(ctx *gin.Context) {
 
+func (c *auth) Token(ctx *gin.Context) {
 
 	tenantId := ctx.Query("tenantId")
 
 	userName := ctx.Query("username")
 
 	password := ctx.Query("password")
 
 	grantType := ctx.Query("grant_type")
 
 	refreshToken := ctx.Query("refresh_token")
 
 
+	// 校验连续登录失败次数
 
 	checkLock()
 
 
 	userType := ctx.GetHeader(model.UserTypeHeaderKey)
 
@@ -40,7 +59,7 @@ func (c *token) Token(ctx *gin.Context) {
 
 		ctx.JSON(http.StatusOK, err)
 
 		return
 
 	}
 
-	if userInfo == nil || userInfo.User == nil {
 
+	if userInfo == nil || userInfo.ID == 0 {
 
 		ctx.JSON(http.StatusOK, util.NormalResponse(http.StatusBadRequest, model.UserNotFound, nil))
 
 		return
 
 	}
 
@@ -49,13 +68,19 @@ func (c *token) Token(ctx *gin.Context) {
 
 		return
 
 	}
 
 
-	jwtToken, e := getAccessToken(*userInfo)
 
+	// access token过期时间2小时
 
+	random := util.RandomString(8)
 
+	jwtToken, e := getAccessToken(*userInfo, random)
 
 	if e != nil {
 
 		ctx.JSON(http.StatusOK, util.NormalResponse(http.StatusBadRequest, e.Error(), nil))
 
+		return
 
 	}
 
+
 
+	// redis记录缓存2小时
 
+	util.Redis.Set(getAccessTokenKey(userInfo.TenantId, userInfo.ID, random), jwtToken, 2*time.Hour)
 
 	ctx.JSON(http.StatusOK, model.RspToken{
 
 		TenantId:     userInfo.TenantId,
 
-		UserId:       strconv.FormatInt(userInfo.ID, 64),
 
+		UserId:       strconv.FormatInt(userInfo.ID, 10),
 
 		DeptId:       userInfo.DeptId,
 
 		PostId:       userInfo.PostId,
 
 		RoleId:       userInfo.RoleId,
 
@@ -78,26 +103,34 @@ func checkLock() {
 
 
 }
 
 
-func getAccessToken(info model.UserInfo) (string, error) {
 
-	claims := jwt.NewWithClaims(jwt.SigningMethodHS512, jwt.MapClaims{
 
-		model.Iss:       "issuser",
 
-		model.Aud:       "audience",
 
-		model.TokenType: "access_token",
 
-		model.ClientId:  "saber",
 
-		model.TenantId:  info.TenantId,
 
-		model.RoleId:    info.RoleId,
 
-		model.RoleName:  info.Roles[0],
 
-		model.UserId:    info.ID,
 
-		model.DeptId:    info.DeptId,
 
-		model.PostId:    info.PostId,
 
-		model.OauthID:   info.OauthId,
 
-		model.Account:   info.Account,
 
-		model.UserName:  info.Account,
 
-		model.NickName:  info.RealName,
 
-		model.Exp:       time.Now().Add(2 * time.Hour).Unix(),
 
-		model.Nbf:       time.Now().Unix(),
 
-	})
 
-	return claims.SigningString()
 
+func getAccessTokenKey(tenantId string, uId int64, random string) string {
 
+	return fmt.Sprintf("access_token_%s_%d_%s", tenantId, uId, random)
 
+}
 
+
 
+func getAccessToken(info model.UserInfo, random string) (string, error) {
 
+	jwtToken := JwtToken{StandardClaims: jwt.StandardClaims{
 
+		Audience:  "audience",
 
+		ExpiresAt: time.Now().Add(2 * time.Hour).Unix(),
 
+		Issuer:    "issuser",
 
+		NotBefore: time.Now().Unix(),
 
+	},
 
+		UserId:    info.ID,
 
+		TenantId:  info.TenantId,
 
+		TokenType: "access_token",
 
+		ClientId:  "saber",
 
+		RoleId:    info.RoleId,
 
+		RoleName:  info.Roles[0],
 
+		DeptId:    info.DeptId,
 
+		PostId:    info.PostId,
 
+		OauthId:   info.OauthId,
 
+		Account:   info.Account,
 
+		UserName:  info.Account,
 
+		NickName:  info.RealName,
 
+		Random:    random,
 
+	}
 
+
 
+	claims := jwt.NewWithClaims(jwt.SigningMethodHS512, jwtToken)
 
+	return claims.SignedString([]byte(config.Instance().Server.TokenSign))
 
 }
 
 
 func getRefreshToken(info model.UserInfo) string {
 
@@ -110,7 +143,7 @@ func getRefreshToken(info model.UserInfo) string {
 
 		model.Exp:       time.Now().Add(7 * 24 * time.Hour).Unix(),
 
 		model.Nbf:       time.Now().Unix(),
 
 	})
 
-	token, _ := claims.SigningString()
 
+	token, _ := claims.SignedString([]byte(config.Instance().Server.TokenSign))
 
 	return token
 
 }
 
 
@@ -133,11 +166,33 @@ func grant(token model.Token, ctx *gin.Context) (*model.UserInfo, *util.Errors)
 
 		//}
 
 		// 获取用户类型
 
 		// 根据不同用户类型调用对应的接口返回数据,用户可自行拓展
 
-		// info.Token = userService.GetUser(token.tenantId, token.UserName, token.password)
 
+		// info.Auth = userService.GetUser(auth.tenantId, auth.UserName, auth.password)
 
 	}
 
+
 
+	//测试代码start
 
+
 
+	info.TenantId = "000000"
 
+	info.ID = 11112222
 
+	info.Roles = []string{"admin"}
 
+	// 测试代码end
 
+	//todo 操作记录
 
 	return info, nil
 
 }
 
 
-func (c *token) Captcha(ctx *gin.Context) {
 
+func (c *auth) Logout(ctx *gin.Context) {
 
+	emptyKeyFunc := func(t *jwt.Token) (interface{}, error) { return []byte(config.Instance().Server.TokenSign), nil }
 
+	authorization := ctx.GetHeader("Authorization")
 
+	token, err := jwt.ParseWithClaims(authorization, &JwtToken{}, emptyKeyFunc)
 
+	if err != nil {
 
+		ctx.JSON(http.StatusUnauthorized, util.NormalResponse(http.StatusUnauthorized, err.Error(), nil))
 
+		return
 
+	}
 
+	jwtToken := token.Claims.(*JwtToken)
 
+	err = util.Redis.Del(getAccessTokenKey(jwtToken.TenantId, jwtToken.UserId, jwtToken.Random)).Err()
 
+	//todo 操作记录
 
+	ctx.JSON(http.StatusOK, util.SuccessResponse("", nil))
 
+}
 
 
+func (c *auth) Captcha(ctx *gin.Context) {
 
+	ctx.JSON(0, nil)
 
 }

+ 1 - 1
app/system/model/token.go
View File 

@@ -12,7 +12,7 @@ type Token struct {
 
 }
 
 
 type UserInfo struct {
 
-	*dao.User            //用户基础信息
 
+	dao.User             //用户基础信息
 
 	Permissions []string //权限标识集合
 
 	Roles       []string //角色集合
 
 	OauthId     string   //第三方授权id

+ 1 - 0
config/config.go
View File 

@@ -43,6 +43,7 @@ type config struct {
 
 type server struct {
 
 	Address    string `yaml:"address"`
 
 	CodeEnable bool   `yaml:"code_enable"`
 
+	TokenSign  string `yaml:"token_sign"`
 
 }
 
 
 type database struct {

+ 1 - 0
config/config.yaml
View File 

@@ -2,6 +2,7 @@
 
 server:
 
   address: ":8199"
 
   code_enabled: true
 
+  token_sign: "6MTY2MDcxMjgzNiwi"
 
 
 # Logger configurations.
 
 logger:

+ 3 - 2
router/router.go
View File 

@@ -337,7 +337,8 @@ func InitRouter(engine *gin.Engine) {
 
 	//登录校验相关
 
 	auth := engine.Group("/api/blade-auth")
 
 	{
 
-		auth.POST("/oauth/token", user.Token.Token)
 
-		auth.POST("/oauth/captcha", user.Token.Captcha)
 
+		auth.POST("/oauth/token", user.Auth.Token)
 
+		auth.POST("/oauth/logout", user.Auth.Logout)
 
+		auth.POST("/oauth/captcha", user.Auth.Captcha)
 
 	}
 
 }

+ 15 - 1
util/common.go
View File 

@@ -1,6 +1,10 @@
 
 package util
 
 
-import "strconv"
 
+import (
 
+	"math/rand"
 
+	"strconv"
 
+	"time"
 
+)
 
 
 func StringToInt(id string) int {
 
 	if id != "" {
 
@@ -11,3 +15,13 @@ func StringToInt(id string) int {
 
 	}
 
 	return -1
 
 }
 
+
 
+func RandomString(n int) string {
 
+	var letters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
 
+	rand.Seed(time.Now().Unix())
 
+	b := make([]rune, n)
 
+	for i := range b {
 
+		b[i] = letters[rand.Intn(len(letters))]
 
+	}
 
+	return string(b)
 
+}