123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778 |
- package auth_jwt
- import (
- "fmt"
- "github.com/dgrijalva/jwt-go"
- "github.com/gogf/gf/errors/gerror"
- "time"
- )
- const (
- SecretKey = "ZHNmZ2Z5cnR5amttZ25iZGZzZ2V3dzQ1NDM2NHJkYXNnZGZnamdoajM0ZGZnaHJ0dTY="
- TokenDuration = 15 * time.Minute
- )
- // JWTManager is a JSON web token manager
- type JWTManager struct {
- secretKey string
- tokenDuration time.Duration
- }
- //UserClaims 自定义的JWT声明,包含一些用户信息
- type UserClaims struct {
- jwt.StandardClaims
- Username string `json:"username"`
- Roles []string `json:"roles"`
- }
- // NewJWTManager returns a new JWT manager
- func NewJWTManager(secretKey string, tokenDuration time.Duration) *JWTManager {
- if secretKey == "" {
- secretKey = SecretKey
- }
- return &JWTManager{secretKey, tokenDuration}
- }
- // Generate generates and signs a new token for a user
- func (manager *JWTManager) CreateToken(Id, userName string, Roles []string) (string, error) {
- token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
- "iss": "VioUser viodoc.com", // Issuer,该JWT的签发者
- "aud": "viodoc.com", //目标受众
- "nbf": time.Now().Unix(), //不早于
- "exp": time.Now().Add(time.Hour).Unix(), // Expiration Time,过期时间
- "sub": "VioUser viodoc.com", // Subject,主题
- "Id": Id,
- "username": userName,
- "Roles": Roles,
- })
- return token.SignedString([]byte(manager.secretKey))
- }
- // Verify 验证token字符串,如果token有效,则返回用户声明
- func (manager *JWTManager) Verify(accessToken string) (*UserClaims, error) {
- token, err := jwt.ParseWithClaims(
- accessToken, &UserClaims{}, func(token *jwt.Token) (interface{}, error) {
- if token.Header["alg"] != "HS256" {
- return nil, gerror.New("算法有误,只支持HS256算法")
- }
- return []byte(manager.secretKey), nil
- })
- if err != nil {
- return nil, fmt.Errorf(err.Error())
- }
- claims, ok := token.Claims.(*UserClaims)
- if !ok {
- return nil, fmt.Errorf("token定义无效")
- }
- return claims, nil
- }
- //从token中获取用户唯一标识
- func userClaimFromToken(tokenInfo UserClaims) string {
- return tokenInfo.Username
- }
|