🎨优化token生成以及加强验证

2024-06-18 15:20:17 +08:00 · 2024-06-18 15:20:17 +08:00 · 3e112cb672
commit 3e112cb672
parent 1950150f42
6 changed files with 45 additions and 7 deletions
--- a/component/captcha_store.go
+++ b/component/captcha_store.go
@ -3,6 +3,7 @@ package component
 import (
 	"context"
 	"fmt"
+	"os"
 	"strings"
 	"time"
 	"wireguard-dashboard/client"
@ -49,8 +50,8 @@ func (CaptchaStore) Get(id string, clear bool) string {
 // @param clear
 // @return bool
 func (c CaptchaStore) Verify(id, answer string, clear bool) bool {
-	//if os.Getenv("GIN_MODE") != "release" {
-	//	return true
-	//}
+	if os.Getenv("GIN_MODE") != "release" {
+		return true
+	}
 	return strings.ToUpper(answer) == strings.ToUpper(c.Get(id, clear))
 }
--- a/component/jwt.go
+++ b/component/jwt.go
@ -6,9 +6,11 @@ import (
 	"fmt"
 	"gitee.ltd/lxh/logger/log"
 	"github.com/golang-jwt/jwt/v5"
+	"github.com/google/uuid"
 	"strings"
 	"time"
 	"wireguard-dashboard/client"
+	"wireguard-dashboard/config"
 	"wireguard-dashboard/constant"
 )

@ -16,7 +18,7 @@ const Secret = "IK8MSs76Pb2VJxleTDadf1Wzu3h9QROLv0XtmnCUErYgBG5wAyjk4cioqFZHNpZG

 type JwtClaims struct {
 	ID string `json:"id"`
-	jwt.RegisteredClaims `json:"-"`
+	jwt.RegisteredClaims
 }

 func JWT() JwtClaims {
@ -36,10 +38,12 @@ func (j JwtClaims) GenerateToken(userId string) (token string, expireTime *jwt.N
 	claims := JwtClaims{
 		ID: userId,
 		RegisteredClaims: jwt.RegisteredClaims{
-			Subject:   "wireguard-dashboard",
+			Issuer:    config.Config.Http.Endpoint, // 颁发站点
+			Subject:   "wg-dashboard",
 			ExpiresAt: expireTime,
 			NotBefore: notBefore,
 			IssuedAt:  issuedAt,
+			ID:        uuid.NewString(),
 		},
 	}

--- a/config/http.go
+++ b/config/http.go
@ -2,4 +2,5 @@ package config

 type http struct {
 	Port     uint   `yaml:"port"`
+	Endpoint string `yaml:"endpoint"`
 }
--- a/middleware/authorization.go
+++ b/middleware/authorization.go
@ -28,6 +28,13 @@ func Authorization() gin.HandlerFunc {
 			return
 		}

+		// 如果token的颁发者与请求的站点不一致，则直接给它狗日的丢出去
+		if userClaims.Issuer != utils.GetHost(c.Request.Header.Get("Referer")) {
+			utils.GinResponse(c).AuthorizationFailed()
+			c.Abort()
+			return
+		}
+
 		// 查询用户
 		user, err := repository.User().GetUserById(userClaims.ID)
 		if err != nil {
--- a/utils/url.go
+++ b/utils/url.go
@ -0,0 +1,16 @@
+package utils
+
+import "net/url"
+
+// GetHost
+// @description: 获取指定地址的host
+// @param addr
+// @return string
+func GetHost(addr string) string {
+	uu, err := url.Parse(addr)
+	if err != nil {
+		return ""
+	}
+
+	return uu.Host
+}
--- a/web-src/src/utils/http/index.ts
+++ b/web-src/src/utils/http/index.ts
@ -163,6 +163,15 @@ class PureHttp {
          resolve(response);
        })
        .catch(error => {
+          // 401直接跳转回去
+          if (error.response.status === 401) {
+            router.replace({
+              path: "/login",
+              query: {
+                redirect: router.currentRoute.value.fullPath
+              }
+            });
+          }
          if (error.response === null || error.response === undefined) {
            message(error.message, { type: "error" });
          } else {