added jwt

2026-01-22 17:31:03 +01:00 · 2019-07-27 00:00:59 +08:00
parent 9a032aa1fa
commit 0c8aa3c43b
6 changed files with 73 additions and 4 deletions
--- a/backend/main.go
+++ b/backend/main.go
@@ -82,6 +82,7 @@ func main() {
 	if services.IsMaster() {
 		// 中间件
 		app.Use(middlewares.CORSMiddleware())
+		app.Use(middlewares.AuthorizationMiddleware())

 		// 路由
 		// 节点
--- a/backend/middlewares/auth.go
+++ b/backend/middlewares/auth.go
@@ -1,8 +1,28 @@
 package middlewares

-import "github.com/gin-gonic/gin"
+import (
+	"crawlab/routes"
+	"crawlab/services"
+	"github.com/gin-gonic/gin"
+	"net/http"
+)

 func AuthorizationMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
+		tokenStr := c.GetHeader("Authorization")
+		if c.Request.URL.Path == "/login" || (c.Request.URL.Path == "/users" && c.Request.Method == "PUT") {
+			c.Next()
+		} else {
+			_, err := services.CheckToken(tokenStr)
+			if err == nil {
+				c.Next()
+			} else {
+				c.AbortWithStatusJSON(http.StatusUnauthorized, routes.Response{
+					Status:  "ok",
+					Message: "unauthorized",
+					Error:   "unauthorized",
+				})
+			}
+		}
 	}
 }
--- a/backend/routes/user.go
+++ b/backend/routes/user.go
@@ -9,6 +9,7 @@ import (
 	"github.com/globalsign/mgo/bson"
 	"github.com/pkg/errors"
 	"net/http"
+	"strings"
 )

 type UserListRequestData struct {
@@ -83,7 +84,7 @@ func PutUser(c *gin.Context) {

 	// 添加用户
 	user := model.User{
-		Username: reqData.Username,
+		Username: strings.ToLower(reqData.Username),
 		Password: utils.EncryptPassword(reqData.Password),
 		Role:     constants.RoleNormal,
 	}
@@ -113,7 +114,7 @@ func Login(c *gin.Context) {
 	}

 	// 获取用户
-	user, err := model.GetUserByUsername(reqData.Username)
+	user, err := model.GetUserByUsername(strings.ToLower(reqData.Username))
 	if err != nil {
 		HandleError(http.StatusUnauthorized, c, errors.New("not authorized"))
 		return
--- a/backend/services/user.go
+++ b/backend/services/user.go
@@ -4,8 +4,10 @@ import (
 	"crawlab/constants"
 	"crawlab/model"
 	"crawlab/utils"
+	"errors"
 	"github.com/apex/log"
 	"github.com/dgrijalva/jwt-go"
+	"github.com/globalsign/mgo/bson"
 	"github.com/spf13/viper"
 	"runtime/debug"
 	"time"
@@ -43,3 +45,43 @@ func GetToken(username string) (tokenStr string, err error) {
 	}
 	return
 }
+
+func SecretFunc() jwt.Keyfunc {
+	return func(token *jwt.Token) (interface{}, error) {
+		return []byte(viper.GetString("server.secret")), nil
+	}
+}
+
+func CheckToken(tokenStr string) (user model.User, err error) {
+	token, err := jwt.Parse(tokenStr, SecretFunc())
+	if err != nil {
+		return
+	}
+
+	claim, ok := token.Claims.(jwt.MapClaims)
+	if !ok {
+		err = errors.New("cannot convert claim to mapclaim")
+		return
+	}
+
+	//验证token，如果token被修改过则为false
+	if !token.Valid {
+		err = errors.New("token is invalid")
+		return
+	}
+
+	id := bson.ObjectIdHex(claim["id"].(string))
+	username := claim["username"].(string)
+	user, err = model.GetUser(id)
+	if err != nil {
+		err = errors.New("cannot get user")
+		return
+	}
+
+	if username != user.Username {
+		err = errors.New("username does not match")
+		return
+	}
+
+	return
+}
--- a/backend/vendor/modules.txt
+++ b/backend/vendor/modules.txt
@@ -2,6 +2,7 @@
 github.com/apex/log
 # github.com/dgrijalva/jwt-go v3.2.0+incompatible
 github.com/dgrijalva/jwt-go
+github.com/dgrijalva/jwt-go/request
 # github.com/fsnotify/fsnotify v1.4.7
 github.com/fsnotify/fsnotify
 # github.com/gin-contrib/sse v0.0.0-20190301062529-5545eab6dad3
--- a/frontend/src/api/request.js
+++ b/frontend/src/api/request.js
@@ -5,11 +5,15 @@ let baseUrl = process.env.VUE_APP_BASE_URL ? process.env.VUE_APP_BASE_URL : 'htt
 const request = (method, path, params, data) => {
  return new Promise((resolve, reject) => {
    const url = baseUrl + path
+    const headers = {
+      'Authorization': window.localStorage.getItem('token')
+    }
    axios({
      method,
      url,
      params,
-      data
+      data,
+      headers
    })
      .then(resolve)
      .catch(reject)