-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathauth.go
87 lines (71 loc) · 2.09 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
package water
import (
"github.com/golang-jwt/jwt/v4"
"github.com/golang-jwt/jwt/v4/request"
"net/http"
"os"
"strings"
"time"
)
func SetAuthToken(uniqueUser, issuer, privateKeyPath string, expire time.Duration) (tokenString string, err error) {
privateKey, err := os.ReadFile(privateKeyPath)
if err != nil {
return "", err
}
signingKey, err := jwt.ParseRSAPrivateKeyFromPEM(privateKey)
if err != nil {
return "", err
}
claims := jwt.RegisteredClaims{
ID: uniqueUser,
Issuer: issuer,
ExpiresAt: jwt.NewNumericDate(time.Now().Add(expire)),
}
token := jwt.NewWithClaims(jwt.SigningMethodRS512, claims)
tokenString, err = token.SignedString(signingKey)
if err != nil {
return "", err
}
parts := strings.Split(tokenString, ".")
if len(parts) != 3 {
return "", jwt.ErrTokenSignatureInvalid
}
return tokenString, nil
}
// ParseFromRequest 兼容 http,ws
func ParseFromRequest(req *http.Request, publicKeyPath string) (uniqueUser, issuer, signature string, err error) {
token, err := request.ParseFromRequest(req, request.AuthorizationHeaderExtractor, func(t *jwt.Token) (any, error) {
publicKey, innErr := os.ReadFile(publicKeyPath)
if innErr != nil {
return "", innErr
}
return jwt.ParseRSAPublicKeyFromPEM(publicKey)
}, request.WithClaims(&jwt.RegisteredClaims{}))
if token != nil && token.Valid {
return parseToken(token)
}
// 兼容 ws
if wsp := req.Header.Get("Sec-Websocket-Protocol"); len(wsp) > 0 {
token, err = jwt.ParseWithClaims(wsp, &jwt.RegisteredClaims{}, func(t *jwt.Token) (any, error) {
publicKey, innErr := os.ReadFile(publicKeyPath)
if innErr != nil {
return "", innErr
}
return jwt.ParseRSAPublicKeyFromPEM(publicKey)
})
if err != nil {
return "", "", "", err
}
if token.Valid {
return parseToken(token)
}
}
return "", "", "", jwt.ErrTokenSignatureInvalid
}
func parseToken(token *jwt.Token) (uniqueUser, issuer, signature string, err error) {
claims, ok := token.Claims.(*jwt.RegisteredClaims)
if !ok {
return "", "", "", jwt.ErrTokenInvalidClaims
}
return claims.ID, claims.Issuer, token.Signature, nil
}