From 0c8aa3c43b859afbb1cd1dd9b281f99d2f11a7bf Mon Sep 17 00:00:00 2001 From: Marvin Zhang Date: Sat, 27 Jul 2019 00:00:59 +0800 Subject: [PATCH] added jwt --- backend/main.go | 1 + backend/middlewares/auth.go | 22 ++++++++++++++++++- backend/routes/user.go | 5 +++-- backend/services/user.go | 42 +++++++++++++++++++++++++++++++++++++ backend/vendor/modules.txt | 1 + frontend/src/api/request.js | 6 +++++- 6 files changed, 73 insertions(+), 4 deletions(-) diff --git a/backend/main.go b/backend/main.go index de0d5beb..4728920a 100644 --- a/backend/main.go +++ b/backend/main.go @@ -82,6 +82,7 @@ func main() { if services.IsMaster() { // 中间件 app.Use(middlewares.CORSMiddleware()) + app.Use(middlewares.AuthorizationMiddleware()) // 路由 // 节点 diff --git a/backend/middlewares/auth.go b/backend/middlewares/auth.go index 168a05a2..1600c0e2 100644 --- a/backend/middlewares/auth.go +++ b/backend/middlewares/auth.go @@ -1,8 +1,28 @@ package middlewares -import "github.com/gin-gonic/gin" +import ( + "crawlab/routes" + "crawlab/services" + "github.com/gin-gonic/gin" + "net/http" +) func AuthorizationMiddleware() gin.HandlerFunc { return func(c *gin.Context) { + tokenStr := c.GetHeader("Authorization") + if c.Request.URL.Path == "/login" || (c.Request.URL.Path == "/users" && c.Request.Method == "PUT") { + c.Next() + } else { + _, err := services.CheckToken(tokenStr) + if err == nil { + c.Next() + } else { + c.AbortWithStatusJSON(http.StatusUnauthorized, routes.Response{ + Status: "ok", + Message: "unauthorized", + Error: "unauthorized", + }) + } + } } } diff --git a/backend/routes/user.go b/backend/routes/user.go index a869b281..72674cff 100644 --- a/backend/routes/user.go +++ b/backend/routes/user.go @@ -9,6 +9,7 @@ import ( "github.com/globalsign/mgo/bson" "github.com/pkg/errors" "net/http" + "strings" ) type UserListRequestData struct { @@ -83,7 +84,7 @@ func PutUser(c *gin.Context) { // 添加用户 user := model.User{ - Username: reqData.Username, + Username: strings.ToLower(reqData.Username), Password: utils.EncryptPassword(reqData.Password), Role: constants.RoleNormal, } @@ -113,7 +114,7 @@ func Login(c *gin.Context) { } // 获取用户 - user, err := model.GetUserByUsername(reqData.Username) + user, err := model.GetUserByUsername(strings.ToLower(reqData.Username)) if err != nil { HandleError(http.StatusUnauthorized, c, errors.New("not authorized")) return diff --git a/backend/services/user.go b/backend/services/user.go index 6fc7611c..fb688fd1 100644 --- a/backend/services/user.go +++ b/backend/services/user.go @@ -4,8 +4,10 @@ import ( "crawlab/constants" "crawlab/model" "crawlab/utils" + "errors" "github.com/apex/log" "github.com/dgrijalva/jwt-go" + "github.com/globalsign/mgo/bson" "github.com/spf13/viper" "runtime/debug" "time" @@ -43,3 +45,43 @@ func GetToken(username string) (tokenStr string, err error) { } return } + +func SecretFunc() jwt.Keyfunc { + return func(token *jwt.Token) (interface{}, error) { + return []byte(viper.GetString("server.secret")), nil + } +} + +func CheckToken(tokenStr string) (user model.User, err error) { + token, err := jwt.Parse(tokenStr, SecretFunc()) + if err != nil { + return + } + + claim, ok := token.Claims.(jwt.MapClaims) + if !ok { + err = errors.New("cannot convert claim to mapclaim") + return + } + + //验证token,如果token被修改过则为false + if !token.Valid { + err = errors.New("token is invalid") + return + } + + id := bson.ObjectIdHex(claim["id"].(string)) + username := claim["username"].(string) + user, err = model.GetUser(id) + if err != nil { + err = errors.New("cannot get user") + return + } + + if username != user.Username { + err = errors.New("username does not match") + return + } + + return +} diff --git a/backend/vendor/modules.txt b/backend/vendor/modules.txt index 26dd437f..57c7d3f1 100644 --- a/backend/vendor/modules.txt +++ b/backend/vendor/modules.txt @@ -2,6 +2,7 @@ github.com/apex/log # github.com/dgrijalva/jwt-go v3.2.0+incompatible github.com/dgrijalva/jwt-go +github.com/dgrijalva/jwt-go/request # github.com/fsnotify/fsnotify v1.4.7 github.com/fsnotify/fsnotify # github.com/gin-contrib/sse v0.0.0-20190301062529-5545eab6dad3 diff --git a/frontend/src/api/request.js b/frontend/src/api/request.js index aa165df0..4a7aa9cf 100644 --- a/frontend/src/api/request.js +++ b/frontend/src/api/request.js @@ -5,11 +5,15 @@ let baseUrl = process.env.VUE_APP_BASE_URL ? process.env.VUE_APP_BASE_URL : 'htt const request = (method, path, params, data) => { return new Promise((resolve, reject) => { const url = baseUrl + path + const headers = { + 'Authorization': window.localStorage.getItem('token') + } axios({ method, url, params, - data + data, + headers }) .then(resolve) .catch(reject)