🎨双token校验

2024-07-12 10:11:37 +08:00 · 2024-07-12 10:11:37 +08:00 · d74d7c579f
commit d74d7c579f
parent fb97082c0c
4 changed files with 58 additions and 5 deletions
--- a/component/jwt.go
+++ b/component/jwt.go
@ -15,7 +15,7 @@ import (
 )
 // jwt密钥
-const secret = "JQo7L1RYa8ArFWuj0wC9PyM3VzmDIfXZ2d5tsTOBhNgviE64bnKqGpSckxUlHey6"
+//const secret = "JQo7L1RYa8ArFWuj0wC9PyM3VzmDIfXZ2d5tsTOBhNgviE64bnKqGpSckxUlHey6"
 type JwtComponent struct {
 	ID string `json:"id"`
@ -33,10 +33,11 @@ func JWT() JwtComponent {
 // @description: 生成token
 // @receiver JwtComponent
 // @param userId
 // @param password
 // @return token
 // @return expireTime
 // @return err
-func (JwtComponent) GenerateToken(userId string) (token string, expireTime *jwt.NumericDate, err error) {
+func (JwtComponent) GenerateToken(userId, secret string) (token string, expireTime *jwt.NumericDate, err error) {
 	timeNow := time.Now().Local()
 	expireTime = jwt.NewNumericDate(timeNow.Add(7 * time.Hour))
 	notBefore := jwt.NewNumericDate(timeNow)
@ -70,7 +71,7 @@ func (JwtComponent) GenerateToken(userId string) (token string, expireTime *jwt.
 // @param token
 // @return *JwtComponent
 // @return error
-func (JwtComponent) ParseToken(token string) (*JwtComponent, error) {
+func (JwtComponent) ParseToken(token, secret string) (*JwtComponent, error) {
 	tokenStr := strings.Split(token, "Bearer ")[1]
 	t, err := jwt.ParseWithClaims(tokenStr, &JwtComponent{}, func(token *jwt.Token) (any, error) {
--- a/http/api/login.go
+++ b/http/api/login.go
@ -72,13 +72,14 @@ func (LoginApi) Login(c *gin.Context) {
 	}
 	// 生成token
-	token, expireAt, err := component.JWT().GenerateToken(user.Id)
+	token, expireAt, err := component.JWT().GenerateToken(user.Id, utils.Hash().SHA256(p.Password))
 	if err != nil {
 		log.Errorf("用户[%s]生成token失败: %v", user.Account, err.Error())
 		response.R(c).FailedWithError("登陆失败！")
 		return
 	}
 	c.Writer.Header().Set("X-TOKEN", utils.Hash().SHA256(p.Password))
 	response.R(c).OkWithData(map[string]any{
 		"token":    token,
 		"type":     "Bearer",
--- a/http/middleware/authorization.go
+++ b/http/middleware/authorization.go
@ -22,7 +22,14 @@ func Authorization() gin.HandlerFunc {
 			return
 		}
-		userClaims, err := component.JWT().ParseToken(token)
+		hashPassword := c.Request.Header.Get("X-TOKEN")
 		if hashPassword == "" {
 			response.R(c).AuthorizationFailed("未登陆")
 			c.Abort()
 			return
 		}
 		userClaims, err := component.JWT().ParseToken(token, hashPassword)
 		if err != nil {
 			response.R(c).AuthorizationFailed("未登陆")
 			c.Abort()
--- a/utils/hash.go
+++ b/utils/hash.go
@ -0,0 +1,44 @@
 package utils
 import (
 	"crypto/md5"
 	"crypto/sha256"
 	"crypto/sha512"
 	"encoding/hex"
 )
 type hash struct{}
 func Hash() hash {
 	return hash{}
 }
 // MD5
 // @description: MD5摘要
 // @param str
 // @return string
 func (hash) MD5(str string) string {
 	hs := md5.New()
 	hs.Write([]byte(str))
 	return hex.EncodeToString(hs.Sum(nil))
 }
 // SHA256
 // @description: SHA256
 // @param str
 // @return string
 func (hash) SHA256(str string) string {
 	hasher := sha256.New()
 	hasher.Write([]byte(str))
 	return hex.EncodeToString(hasher.Sum(nil))
 }
 // SHA512
 // @description: SHA512
 // @param str
 // @return string
 func (hash) SHA512(str string) string {
 	hasher := sha512.New()
 	hasher.Write([]byte(str))
 	return hex.EncodeToString(hasher.Sum(nil))
 }