update

pkg/jwt/auth.go

@@ -1,77 +1,90 @@
-/*
-@Time : 2020/6/29 9:05
-@Author : xuyiqing
-@File : auth.py
-*/
-
 package jwt
 
 import (
-	"go_blog/models"
+	"errors"
+	"fmt"
+	"net/http"
+	"strings"
 	"time"
 
+	"go_blog/config"
+	"go_blog/models"
+
 	"github.com/gin-gonic/gin"
-	"github.com/golang-jwt/jwt"
-	"github.com/spf13/viper"
+	"github.com/golang-jwt/jwt/v5"
 )
 
-// 定义jwt载荷
-type UserClaims struct {
-	jwt.StandardClaims
-	ID       uint64 `json:"id"`
-	Username string `json:"username"`
+// 定义 JWT 密钥（从配置文件读取）
+var jwtSecret = []byte(config.GetJWTSecret())
+
+// CustomClaims 自定义 JWT 载荷（包含用户 ID）
+type CustomClaims struct {
+	UserID uint `json:"user_id"`
+	jwt.RegisteredClaims
 }
 
-// 根据payload查询user返回
-func (c *UserClaims) GetUserByID() *models.Account {
-	var user models.Account
-	models.DB.Model(&models.Account{}).First(&user, c.ID)
-	if user.ID > 0 {
-		return &user
-	} else {
-		return nil
-	}
-}
-
-// 生成jwt token字符串
-func GenToken(id uint64, username string) (string, error) {
-	expiredTime := time.Now().Add(time.Hour * time.Duration(24)).Unix()
-	claims := UserClaims{
-		jwt.StandardClaims{
-			ExpiresAt: expiredTime,
+// GenerateToken 生成 JWT 令牌
+func GenerateToken(user *models.Account) (string, error) {
+	expiresAt := jwt.NewNumericDate(time.Now().Add(24 * time.Hour)) // 令牌有效期 24 小时
+	claims := CustomClaims{
+		UserID: uint(user.ID),
+		RegisteredClaims: jwt.RegisteredClaims{
+			ExpiresAt: expiresAt,
+			Issuer:    "go_blog",
 		},
-		id,
-		username,
 	}
-	tokenClaims := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
-	token, err := tokenClaims.SignedString([]byte(viper.GetString("config.JwtSecretKey.secretKey")))
-	return token, err
+
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	return token.SignedString(jwtSecret)
 }
 
-// 验证token合法性
-func ValidateJwtToken(token string) (*UserClaims, error) {
-	tokenClaims, err := jwt.ParseWithClaims(token, &UserClaims{}, func(token *jwt.Token) (interface{}, error) {
-		return []byte(viper.GetString("config.JwtSecretKey.secretKey")), nil
-	})
-
-	if tokenClaims != nil {
-		if claims, ok := tokenClaims.Claims.(*UserClaims); ok && tokenClaims.Valid {
-			return claims, nil
+// VerifyToken 验证 JWT 令牌并返回用户信息
+func VerifyToken(tokenStr string) (*models.Account, error) { // 修改返回类型为 *models.Account
+	token, err := jwt.ParseWithClaims(tokenStr, &CustomClaims{}, func(token *jwt.Token) (interface{}, error) {
+		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
 		}
+		return jwtSecret, nil
+	})
+	if err != nil {
+		return nil, err
 	}
-	return nil, err
+
+	if claims, ok := token.Claims.(*CustomClaims); ok && token.Valid {
+		return models.GetAccountByID(claims.UserID) // 假设 models 包新增 GetAccountByID 方法
+	}
+	return nil, errors.New("invalid token")
 }
 
-// 断言设定ctx的当前用户
-func AssertUser(ctx *gin.Context) *models.Account {
-	currentUser, isExists := ctx.Get("CurrentUser")
-	if !isExists {
-		return nil
-	}
-	user, ok := currentUser.(*models.Account)
-	if ok {
-		return user
-	} else {
-		return nil
+// AuthRequired Gin 中间件：验证 JWT 令牌
+func AuthRequired() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		// 从请求头获取 Authorization 字段（格式：Bearer <token>）
+		authHeader := c.GetHeader("Authorization")
+		if authHeader == "" {
+			c.JSON(http.StatusUnauthorized, gin.H{"error": "请提供认证令牌"})
+			c.Abort()
+			return
+		}
+
+		// 解析令牌
+		parts := strings.SplitN(authHeader, " ", 2)
+		if len(parts) != 2 || parts[0] != "Bearer" {
+			c.JSON(http.StatusUnauthorized, gin.H{"error": "令牌格式错误（应为 Bearer <token>）"})
+			c.Abort()
+			return
+		}
+
+		// 验证令牌并获取用户
+		user, err := VerifyToken(parts[1])
+		if err != nil {
+			c.JSON(http.StatusUnauthorized, gin.H{"error": "无效或过期的令牌: " + err.Error()})
+			c.Abort()
+			return
+		}
+
+		// 将用户信息存入上下文（后续路由可通过 c.Get("user") 获取）
+		c.Set("user", user)
+		c.Next()
 	}
 }