add models / services / handlers of user / token / 2fa, add web server command

2026-05-18 16:54:25 +08:00 · 2020-10-17 20:01:24 +08:00
parent c9ae001aef
commit 60c31e8894
18 changed files with 1649 additions and 2 deletions
@@ -0,0 +1,79 @@
+package middlewares
+
+import (
+	"time"
+
+	"github.com/mayswind/lab/pkg/core"
+	"github.com/mayswind/lab/pkg/errs"
+	"github.com/mayswind/lab/pkg/log"
+	"github.com/mayswind/lab/pkg/services"
+	"github.com/mayswind/lab/pkg/utils"
+)
+
+func JWTAuthorization(c *core.Context) {
+	claims, err := getTokenClaims(c)
+
+	if err != nil {
+		utils.PrintErrorResult(c, err)
+		return
+	}
+
+	if claims.Type == core.USER_TOKEN_TYPE_REQUIRE_2FA {
+		log.WarnfWithRequestId(c, "[authorization.JWTAuthorization] user \"uid:%s\" token requires 2fa", claims.Id)
+		utils.PrintErrorResult(c, errs.ErrTokenRequire2FA)
+		return
+	}
+
+	if claims.Type != core.USER_TOKEN_TYPE_NORMAL {
+		log.WarnfWithRequestId(c, "[authorization.JWTAuthorization] user \"uid:%s\" token type is invalid", claims.Id)
+		utils.PrintErrorResult(c, errs.ErrInvalidTokenType)
+		return
+	}
+
+	c.SetTokenClaims(claims)
+	c.Next()
+}
+
+func JWTTwoFactorAuthorization(c *core.Context) {
+	claims, err := getTokenClaims(c)
+
+	if err != nil {
+		utils.PrintErrorResult(c, err)
+		return
+	}
+
+	if claims.Type != core.USER_TOKEN_TYPE_REQUIRE_2FA {
+		log.WarnfWithRequestId(c, "[authorization.JWTTwoFactorAuthorization] user \"uid:%s\" token is not need two factor authorization", claims.Id)
+		utils.PrintErrorResult(c, errs.ErrTokenNotRequire2FA)
+		return
+	}
+
+	c.SetTokenClaims(claims)
+	c.Next()
+}
+
+func getTokenClaims(c *core.Context) (*core.UserTokenClaims, *errs.Error) {
+	token, claims, err := services.Tokens.ParseToken(c)
+
+	if err != nil {
+		log.WarnfWithRequestId(c, "[authorization.getTokenClaims] failed to parse token, because %s", err.Error())
+		return nil, errs.ErrUnauthorizedAccess
+	}
+
+	if !token.Valid {
+		log.WarnfWithRequestId(c, "[authorization.getTokenClaims] token is invalid")
+		return nil, errs.ErrInvalidToken
+	}
+
+	if !claims.VerifyExpiresAt(time.Now().Unix(), true) {
+		log.WarnfWithRequestId(c, "[authorization.getTokenClaims] token is expired")
+		return nil, errs.ErrTokenExpired
+	}
+
+	if claims.Id == "" {
+		log.WarnfWithRequestId(c, "[authorization.getTokenClaims] user id in token is empty")
+		return nil, errs.ErrInvalidToken
+	}
+
+	return claims, nil
+}