76 lines
2.1 KiB
Go
76 lines
2.1 KiB
Go
package middleware
|
|
|
|
import (
|
|
"strconv"
|
|
"time"
|
|
|
|
"git.echol.cn/loser/ai_proxy/server/global"
|
|
"git.echol.cn/loser/ai_proxy/server/model/common/response"
|
|
"git.echol.cn/loser/ai_proxy/server/model/system"
|
|
"git.echol.cn/loser/ai_proxy/server/service"
|
|
"git.echol.cn/loser/ai_proxy/server/utils"
|
|
"github.com/gin-gonic/gin"
|
|
"go.uber.org/zap"
|
|
)
|
|
|
|
var jwtService = service.ServiceGroupApp.SystemServiceGroup.JwtService
|
|
|
|
func JWTAuth() gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
// 从请求头获取 token
|
|
token := utils.GetToken(c)
|
|
if token == "" {
|
|
response.FailWithDetailed(gin.H{"reload": true}, "未登录或非法访问", c)
|
|
c.Abort()
|
|
return
|
|
}
|
|
|
|
// 检查 JWT 黑名单
|
|
if jwtService.IsBlacklist(token) {
|
|
response.FailWithDetailed(gin.H{"reload": true}, "您的帐户异地登陆或令牌失效", c)
|
|
utils.ClearToken(c)
|
|
c.Abort()
|
|
return
|
|
}
|
|
|
|
// 解析 token
|
|
j := utils.NewJWT()
|
|
claims, err := j.ParseToken(token)
|
|
if err != nil {
|
|
if err == utils.TokenExpired {
|
|
response.FailWithDetailed(gin.H{"reload": true}, "授权已过期", c)
|
|
utils.ClearToken(c)
|
|
c.Abort()
|
|
return
|
|
}
|
|
response.FailWithDetailed(gin.H{"reload": true}, err.Error(), c)
|
|
utils.ClearToken(c)
|
|
c.Abort()
|
|
return
|
|
}
|
|
|
|
// Token 续期检查
|
|
if claims.ExpiresAt.Unix()-time.Now().Unix() < claims.BufferTime {
|
|
dr, _ := utils.ParseDuration(global.GVA_CONFIG.JWT.ExpiresTime)
|
|
claims.ExpiresAt = utils.NewNumericDate(time.Now().Add(dr))
|
|
newToken, _ := j.CreateTokenByOldToken(token, *claims)
|
|
newClaims, _ := j.ParseToken(newToken)
|
|
c.Header("new-token", newToken)
|
|
c.Header("new-expires-at", strconv.FormatInt(newClaims.ExpiresAt.Unix(), 10))
|
|
utils.SetToken(c, newToken, int(dr.Seconds()))
|
|
if global.GVA_CONFIG.System.UseMultipoint {
|
|
RedisJwtToken, err := jwtService.GetRedisJWT(newClaims.Username)
|
|
if err != nil {
|
|
global.GVA_LOG.Error("get redis jwt failed", zap.Error(err))
|
|
} else {
|
|
_ = jwtService.JsonInBlacklist(system.JwtBlacklist{Jwt: RedisJwtToken})
|
|
}
|
|
_ = jwtService.SetRedisJWT(newToken, newClaims.Username)
|
|
}
|
|
}
|
|
|
|
c.Set("claims", claims)
|
|
c.Next()
|
|
}
|
|
}
|