wireguard-dashboard/http/middleware/authorization.go

package middleware

import (
	"fmt"
	"github.com/gin-gonic/gin"
	"github.com/google/uuid"
	"strings"
	"time"
	"wireguard-ui/component"
	"wireguard-ui/global/constant"
	"wireguard-ui/http/response"
	"wireguard-ui/service"
	"wireguard-ui/utils"
)

// Authorization
// @description: 授权中间件
// @return gin.HandlerFunc
func Authorization() gin.HandlerFunc {
	return func(c *gin.Context) {
		token := c.GetHeader("Authorization")
		if token == "" || !strings.HasPrefix(token, "Bearer ") {
			response.R(c).AuthorizationFailed("未登陆")
			c.Abort()
			return
		}

		hashPassword := c.Request.Header.Get("X-TOKEN")
		if hashPassword == "" {
			response.R(c).AuthorizationFailed("未登陆")
			c.Abort()
			return
		}

		userClaims, err := component.JWT().ParseToken(token, hashPassword)
		if err != nil {
			response.R(c).AuthorizationFailed("未登陆")
			c.Abort()
			return
		}

		// 如果token的颁发者与请求的站点不一致那么就给它抬出去
		if userClaims.Issuer != utils.WebSite().GetHost(c.Request.Header.Get("Referer")) {
			response.R(c).AuthorizationFailed("未登陆")
			c.Abort()
			return
		}

		// 查询用户
		user, err := service.User().GetUserById(userClaims.ID)
		if err != nil {
			response.R(c).FailedWithError("用户不存在")
			c.Abort()
			return
		}

		if user.Status != constant.Enabled {
			response.R(c).FailedWithError("用户状态异常，请联系管理员处理！")
			c.Abort()
			return
		}

		// 将用户信息放入上下文
		c.Set("user", &user)

		if c.Request.RequestURI == "/api/user/logout" {
			c.Next()
		}

		// 生成一个新token
		secret := component.JWT().GenerateSecret(user.Password, uuid.NewString(), time.Now().Local().String())
		tokenStr, _, err := component.JWT().GenerateToken(user.Id, secret, userClaims.ExpiresAt.Time, time.Now().Local())
		if err != nil {
			response.R(c).AuthorizationFailed("校验失败")
			c.Abort()
			return
		}

		c.Writer.Header().Set("Authorization", fmt.Sprintf("Bearer %s", tokenStr))
		c.Writer.Header().Set("X-TOKEN", secret)
		c.Next()
	}
}
:toda: 2024-07-05 14:41:35 +08:00			`package middleware`

			`import (`
:art:每次请求都重新生成token 2024-07-12 16:32:31 +08:00			`"fmt"`
:toda: 2024-07-05 14:41:35 +08:00			`"github.com/gin-gonic/gin"`
:art:每次请求都重新生成token 2024-07-12 16:32:31 +08:00			`"github.com/google/uuid"`
:toda: 2024-07-05 14:41:35 +08:00			`"strings"`
:art:每次请求都重新生成token 2024-07-12 16:32:31 +08:00			`"time"`
:toda: 2024-07-05 14:41:35 +08:00			`"wireguard-ui/component"`
			`"wireguard-ui/global/constant"`
			`"wireguard-ui/http/response"`
			`"wireguard-ui/service"`
			`"wireguard-ui/utils"`
			`)`

			`// Authorization`
			`// @description: 授权中间件`
			`// @return gin.HandlerFunc`
			`func Authorization() gin.HandlerFunc {`
			`return func(c *gin.Context) {`
			`token := c.GetHeader("Authorization")`
			`if token == "" \|\| !strings.HasPrefix(token, "Bearer ") {`
			`response.R(c).AuthorizationFailed("未登陆")`
			`c.Abort()`
			`return`
			`}`

:art:双token校验 2024-07-12 10:11:37 +08:00			`hashPassword := c.Request.Header.Get("X-TOKEN")`
			`if hashPassword == "" {`
			`response.R(c).AuthorizationFailed("未登陆")`
			`c.Abort()`
			`return`
			`}`

			`userClaims, err := component.JWT().ParseToken(token, hashPassword)`
:toda: 2024-07-05 14:41:35 +08:00			`if err != nil {`
			`response.R(c).AuthorizationFailed("未登陆")`
			`c.Abort()`
			`return`
			`}`

:art:优化以下 2024-07-11 16:21:08 +08:00			`// 如果token的颁发者与请求的站点不一致那么就给它抬出去`
:toda: 2024-07-05 14:41:35 +08:00			`if userClaims.Issuer != utils.WebSite().GetHost(c.Request.Header.Get("Referer")) {`
			`response.R(c).AuthorizationFailed("未登陆")`
			`c.Abort()`
			`return`
			`}`

			`// 查询用户`
			`user, err := service.User().GetUserById(userClaims.ID)`
			`if err != nil {`
			`response.R(c).FailedWithError("用户不存在")`
			`c.Abort()`
			`return`
			`}`

			`if user.Status != constant.Enabled {`
			`response.R(c).FailedWithError("用户状态异常，请联系管理员处理！")`
			`c.Abort()`
			`return`
			`}`

			`// 将用户信息放入上下文`
			`c.Set("user", &user)`
:art:每次请求都重新生成token 2024-07-12 16:32:31 +08:00
:art: 2024-08-06 14:49:05 +08:00			`if c.Request.RequestURI == "/api/user/logout" {`
			`c.Next()`
			`}`

:art:每次请求都重新生成token 2024-07-12 16:32:31 +08:00			`// 生成一个新token`
			`secret := component.JWT().GenerateSecret(user.Password, uuid.NewString(), time.Now().Local().String())`
:art:优化 2024-07-12 17:18:04 +08:00			`tokenStr, _, err := component.JWT().GenerateToken(user.Id, secret, userClaims.ExpiresAt.Time, time.Now().Local())`
:art:每次请求都重新生成token 2024-07-12 16:32:31 +08:00			`if err != nil {`
			`response.R(c).AuthorizationFailed("校验失败")`
			`c.Abort()`
			`return`
			`}`

			`c.Writer.Header().Set("Authorization", fmt.Sprintf("Bearer %s", tokenStr))`
			`c.Writer.Header().Set("X-TOKEN", secret)`
:toda: 2024-07-05 14:41:35 +08:00			`c.Next()`
			`}`
			`}`