改版token验证规则

go/gopath/src/fohow.com/apps/init.go

@@ -2,6 +2,7 @@ package apps
 
 import (
 	"fmt"
+	"fohow.com/apps/models/token_model"
 	"regexp"
 	"strings"
 	// "time"
@@ -14,9 +15,6 @@ import (
 	// "fohow.com/apps/models/balance_model"
 	"fohow.com/apps/models/channel_gzh_qrcode_model"
 	"fohow.com/apps/models/user_model"
-	// "fohow.com/libs/tool"
-	// "fohow.com/libs/wx_mp"
-	"fohow.com/libs/tool"
 )
 
 const (
@@ -66,7 +64,7 @@ var (
 	// 登录相关
 	HasLogin            = []string{"hasLogin", "已登录"}
 	HasLogout           = []string{"hasLogout", "已登出"}
-	UserNeedLogin       = []string{"userNeedLogin", "需要用户登录"}
+	UserNeedLogin       = []string{"userNeedLogin", "授权无效，需要用户登录"}
 	UserAuthorizeFailed = []string{"userAuthorizeFailed", "用户授权失败"}
 	UserNeedTel         = []string{"userNeedTel", "需要用户绑定手机"}
 	UserTelNotMatch     = []string{"userTelNotMatch", "手机号码不匹配，请使用当前登录用户的号码"}
@@ -425,11 +423,14 @@ func checkWxUserLogin(ctx *context.Context) {
 					ctx.Output.JSON(errCode, true, true)
 				}
 				inputToken = authorizationData[1]
-				err, tel := tool.CheckToken(inputToken)
-				user := user_model.GetByTel(tel, true)
-				wxUser := user_model.GetWxUserByUserId(user.Id, true)
+				var wxUser *user_model.WxUser
+				var user *user_model.User
+				user_token, err := token_model.ValidateToken(inputToken)
+				if err == nil {
+					user = user_model.GetByTel(user_token.Tel, true)
+				}
 
-				if err != nil || (user == nil) || (wxUser == nil) {
+				if err != nil || user == nil {
 					// 验证 Token 无效
 					errCode := &ErrCode{
 						Code:     UserNeedLogin[0],
@@ -441,6 +442,8 @@ func checkWxUserLogin(ctx *context.Context) {
 					ctx.Output.JSON(errCode, true, true)
 
 				} else {
+					wxUser = user_model.GetWxUserByUserId(user.Id, true)
+
 					ctx.Output.Session(SessionUserKey, wxUser.UserId)
 					ctx.Output.Session(SessionWxUserKey, wxUser.Id)
 				}

go/gopath/src/fohow.com/apps/models/token_model/init.go

@@ -0,0 +1,14 @@
+package token_model
+
+import (
+	"github.com/astaxie/beego"
+)
+
+var KEY string
+var DEFAULT_EXPIRE_SECONDS int
+
+func init() {
+	KEY = beego.AppConfig.String("TokenSecrets")
+	tokenexp, _ := beego.AppConfig.Int("Tokenexp")
+	DEFAULT_EXPIRE_SECONDS = tokenexp
+}

go/gopath/src/fohow.com/apps/models/token_model/token.go

@@ -0,0 +1,109 @@
+package token_model
+
+import (
+	"fmt"
+	"github.com/astaxie/beego"
+	"github.com/dgrijalva/jwt-go"
+	"time"
+)
+
+type User struct {
+	Id   int64  `json:"id"`
+	Tel  string `json:"tel"`
+	Name string `json:"json"`
+}
+
+// JWT -- json web token
+// HEADER PAYLOAD SIGNATURE
+// This struct is the PAYLOAD
+type MyCustomClaims struct {
+	User
+	jwt.StandardClaims
+}
+
+//刷新jwt token
+func RefreshToken(tokenString string) (string, error) {
+	// first get previous token
+	token, err := jwt.ParseWithClaims(
+		tokenString,
+		&MyCustomClaims{},
+		func(token *jwt.Token) (interface{}, error) {
+			return []byte(KEY), nil
+		})
+	claims, ok := token.Claims.(*MyCustomClaims)
+	if !ok || !token.Valid {
+		return "", err
+	}
+	mySigningKey := []byte(KEY)
+	expireAt := time.Now().Add(time.Second * time.Duration(DEFAULT_EXPIRE_SECONDS)).Unix()
+	newClaims := MyCustomClaims{
+		claims.User,
+		jwt.StandardClaims{
+			ExpiresAt: expireAt,
+			Issuer:    claims.User.Name,
+			IssuedAt:  time.Now().Unix(),
+		},
+	}
+	// generate new token with new claims
+	newToken := jwt.NewWithClaims(jwt.SigningMethodHS256, newClaims)
+	tokenStr, err := newToken.SignedString(mySigningKey)
+	if err != nil {
+		beego.BeeLogger.Error("generate new fresh json web token failed !! error :%v", err)
+		return "", err
+	}
+	return tokenStr, err
+}
+
+//验证jtw token
+func ValidateToken(tokenString string) (info User, err error) {
+	token, err := jwt.ParseWithClaims(
+		tokenString,
+		&MyCustomClaims{},
+		func(token *jwt.Token) (interface{}, error) {
+			return []byte(KEY), nil
+		})
+	if claims, ok := token.Claims.(*MyCustomClaims); ok && token.Valid {
+		//fmt.Printf("%v %v", claims.User, claims.StandardClaims.ExpiresAt)
+		//fmt.Println("token will be expired at ", time.Unix(claims.StandardClaims.ExpiresAt, 0))
+		info = claims.User
+	} else {
+		beego.BeeLogger.Error("validate tokenString failed !!!:%v", err)
+	}
+	return info, err
+}
+
+//获取jwt token
+func GenerateToken(info *User, expiredSeconds int) (tokenString string, err error) {
+	if expiredSeconds == 0 {
+		expiredSeconds = DEFAULT_EXPIRE_SECONDS
+	}
+	// Create the Claims
+	mySigningKey := []byte(KEY)
+	expireAt := time.Now().Add(time.Second * time.Duration(expiredSeconds)).Unix()
+	beego.BeeLogger.Warn("token will be expired at %v ", time.Unix(expireAt, 0))
+
+	// pass parameter to this func or not
+	user := *info
+	claims := MyCustomClaims{
+		user,
+		jwt.StandardClaims{
+			ExpiresAt: expireAt,
+			Issuer:    user.Name,
+			IssuedAt:  time.Now().Unix(),
+		},
+	}
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	tokenStr, err := token.SignedString(mySigningKey)
+	if err != nil {
+		beego.BeeLogger.Error("generate json web token failed !! error : %v", err)
+	} else {
+		tokenString = tokenStr
+	}
+	return
+}
+
+// return this result to client then all later request should have header "Authorization: Bearer <token> "
+func getHeaderTokenValue(tokenString string) string {
+	//Authorization: Bearer <token>
+	return fmt.Sprintf("Bearer %s", tokenString)
+}

go/gopath/src/fohow.com/conf/app.conf

@@ -133,7 +133,7 @@ OuBiaoMchCertFile= "/opt/wxpay/oubiao/apiclient_cert.pem"
 OuBiaoMchKeyFile = "/opt/wxpay/oubiao/apiclient_key.pem"
 
 #JWT TOKEN
-Tokenexp = "3600"
+Tokenexp = 3600
 TokenSecrets = "gt69m8b144lr5a6ifjdavheeln4qmmzhqhyy9tudcemazz3es7relb945zep54g4"
 
 #http source
@@ -266,7 +266,7 @@ OuBiaoMchCertFile= "/opt/wxpay/oubiao/apiclient_cert.pem"
 OuBiaoMchKeyFile = "/opt/wxpay/oubiao/apiclient_key.pem"
 
 #JWT TOKEN
-Tokenexp = "3600"
+Tokenexp = 3600
 TokenSecrets = "gt69m8b144lr5a6ifjdavheeln4qmmzhqhyy9tudcemazz3es7relb945zep54g4"
 
 #http source

go/gopath/src/fohow.com/libs/tool/token.go

@@ -1,42 +0,0 @@
-package tool
-
-import (
-	"fmt"
-	"github.com/astaxie/beego"
-	"github.com/dgrijalva/jwt-go"
-	"strconv"
-	"time"
-)
-
-func CreateToken(Phone string) string {
-	token := jwt.New(jwt.SigningMethodHS256)
-	claims := make(jwt.MapClaims)
-	tokenexp, _ := strconv.Atoi(beego.AppConfig.String("Tokenexp"))
-	claims["exp"] = time.Now().Add(time.Hour * time.Duration(tokenexp)).Unix()
-	claims["iat"] = time.Now().Unix()
-	claims["phone"] = Phone
-	token.Claims = claims
-	tokenString, _ := token.SignedString([]byte(beego.AppConfig.String("TokenSecrets")))
-	return tokenString
-}
-
-func CheckToken(tokenString string) (err error, phone string) {
-	Phone := ""
-	token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
-		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
-			return nil, fmt.Errorf("Unexpected signing method")
-		}
-		return []byte(beego.AppConfig.String("TokenSecrets")), nil
-	})
-	//beego.BeeLogger.Warn("token--%v",token)
-	//beego.BeeLogger.Warn("err--%v",err)
-
-	if err != nil {
-		beego.BeeLogger.Warn("err--%v", err)
-		return err, Phone
-	} else {
-		claims, _ := token.Claims.(jwt.MapClaims)
-		Phone = claims["phone"].(string)
-	}
-	return nil, Phone
-}