diff --git a/component/jwt.go b/component/jwt.go index 4e58ea7..2361581 100644 --- a/component/jwt.go +++ b/component/jwt.go @@ -15,7 +15,7 @@ import ( ) // jwt密钥 -const secret = "JQo7L1RYa8ArFWuj0wC9PyM3VzmDIfXZ2d5tsTOBhNgviE64bnKqGpSckxUlHey6" +//const secret = "JQo7L1RYa8ArFWuj0wC9PyM3VzmDIfXZ2d5tsTOBhNgviE64bnKqGpSckxUlHey6" type JwtComponent struct { ID string `json:"id"` @@ -33,10 +33,11 @@ func JWT() JwtComponent { // @description: 生成token // @receiver JwtComponent // @param userId +// @param password // @return token // @return expireTime // @return err -func (JwtComponent) GenerateToken(userId string) (token string, expireTime *jwt.NumericDate, err error) { +func (JwtComponent) GenerateToken(userId, secret string) (token string, expireTime *jwt.NumericDate, err error) { timeNow := time.Now().Local() expireTime = jwt.NewNumericDate(timeNow.Add(7 * time.Hour)) notBefore := jwt.NewNumericDate(timeNow) @@ -70,7 +71,7 @@ func (JwtComponent) GenerateToken(userId string) (token string, expireTime *jwt. // @param token // @return *JwtComponent // @return error -func (JwtComponent) ParseToken(token string) (*JwtComponent, error) { +func (JwtComponent) ParseToken(token, secret string) (*JwtComponent, error) { tokenStr := strings.Split(token, "Bearer ")[1] t, err := jwt.ParseWithClaims(tokenStr, &JwtComponent{}, func(token *jwt.Token) (any, error) { diff --git a/http/api/login.go b/http/api/login.go index c93f358..bb5d94a 100644 --- a/http/api/login.go +++ b/http/api/login.go @@ -72,13 +72,14 @@ func (LoginApi) Login(c *gin.Context) { } // 生成token - token, expireAt, err := component.JWT().GenerateToken(user.Id) + token, expireAt, err := component.JWT().GenerateToken(user.Id, utils.Hash().SHA256(p.Password)) if err != nil { log.Errorf("用户[%s]生成token失败: %v", user.Account, err.Error()) response.R(c).FailedWithError("登陆失败!") return } + c.Writer.Header().Set("X-TOKEN", utils.Hash().SHA256(p.Password)) response.R(c).OkWithData(map[string]any{ "token": token, "type": "Bearer", diff --git a/http/middleware/authorization.go b/http/middleware/authorization.go index 24719db..46a60d4 100644 --- a/http/middleware/authorization.go +++ b/http/middleware/authorization.go @@ -22,7 +22,14 @@ func Authorization() gin.HandlerFunc { return } - userClaims, err := component.JWT().ParseToken(token) + hashPassword := c.Request.Header.Get("X-TOKEN") + if hashPassword == "" { + response.R(c).AuthorizationFailed("未登陆") + c.Abort() + return + } + + userClaims, err := component.JWT().ParseToken(token, hashPassword) if err != nil { response.R(c).AuthorizationFailed("未登陆") c.Abort() diff --git a/utils/hash.go b/utils/hash.go new file mode 100644 index 0000000..ce5df2d --- /dev/null +++ b/utils/hash.go @@ -0,0 +1,44 @@ +package utils + +import ( + "crypto/md5" + "crypto/sha256" + "crypto/sha512" + "encoding/hex" +) + +type hash struct{} + +func Hash() hash { + return hash{} +} + +// MD5 +// @description: MD5摘要 +// @param str +// @return string +func (hash) MD5(str string) string { + hs := md5.New() + hs.Write([]byte(str)) + return hex.EncodeToString(hs.Sum(nil)) +} + +// SHA256 +// @description: SHA256 +// @param str +// @return string +func (hash) SHA256(str string) string { + hasher := sha256.New() + hasher.Write([]byte(str)) + return hex.EncodeToString(hasher.Sum(nil)) +} + +// SHA512 +// @description: SHA512 +// @param str +// @return string +func (hash) SHA512(str string) string { + hasher := sha512.New() + hasher.Write([]byte(str)) + return hex.EncodeToString(hasher.Sum(nil)) +}