forked from appleboy/gin-jwt
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathpatch
More file actions
117 lines (105 loc) · 3.27 KB
/
Copy pathpatch
File metadata and controls
117 lines (105 loc) · 3.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
diff --git a/auth_jwt.go b/auth_jwt.go
index cc1bafd..187671b 100644
--- a/auth_jwt.go
+++ b/auth_jwt.go
@@ -64,12 +64,15 @@ type GinJWTMiddleware struct {
// - "query:<name>"
// - "cookie:<name>"
TokenLookup string
+
+ currentToken string
}
// Login form structure.
type Login struct {
Username string `form:"username" json:"username" binding:"required"`
Password string `form:"password" json:"password" binding:"required"`
+ Timeout int `form:"timeout" json:"timeout"`
}
// MiddlewareInit initialize jwt configs.
@@ -135,6 +138,11 @@ func (mw *GinJWTMiddleware) MiddlewareFunc() gin.HandlerFunc {
func (mw *GinJWTMiddleware) middlewareImpl(c *gin.Context) {
token, err := mw.parseToken(c)
+ if token.Raw != mw.currentToken {
+ mw.unauthorized(c, http.StatusUnauthorized, "Token was refreshed")
+ return
+ }
+
if err != nil {
mw.unauthorized(c, http.StatusUnauthorized, err.Error())
return
@@ -190,6 +198,10 @@ func (mw *GinJWTMiddleware) LoginHandler(c *gin.Context) {
userID = loginVals.Username
}
+ if loginVals.Timeout > 0 {
+ mw.Timeout = time.Duration(loginVals.Timeout) * time.Hour
+ }
+
expire := time.Now().Add(mw.Timeout)
claims["id"] = userID
claims["exp"] = expire.Unix()
@@ -202,6 +214,9 @@ func (mw *GinJWTMiddleware) LoginHandler(c *gin.Context) {
return
}
+ //
+ mw.currentToken = tokenString
+
c.JSON(http.StatusOK, gin.H{
"token": tokenString,
"expire": expire.Format(time.RFC3339),
@@ -221,27 +236,32 @@ func (mw *GinJWTMiddleware) RefreshHandler(c *gin.Context) {
mw.unauthorized(c, http.StatusUnauthorized, "Token is expired.")
return
}
+ /*
+ // Create the token
+ newToken := jwt.New(jwt.GetSigningMethod(mw.SigningAlgorithm))
+ newClaims := newToken.Claims.(jwt.MapClaims)
- // Create the token
- newToken := jwt.New(jwt.GetSigningMethod(mw.SigningAlgorithm))
- newClaims := newToken.Claims.(jwt.MapClaims)
-
- for key := range claims {
- newClaims[key] = claims[key]
- }
-
+ for key := range claims {
+ newClaims[key] = claims[key]
+ }
+ expire := time.Now().Add(mw.Timeout)
+ newClaims["id"] = claims["id"]
+ newClaims["exp"] = expire.Unix()
+ newClaims["orig_iat"] = origIat
+ */
expire := time.Now().Add(mw.Timeout)
- newClaims["id"] = claims["id"]
- newClaims["exp"] = expire.Unix()
- newClaims["orig_iat"] = origIat
+ claims["exp"] = expire.Unix()
- tokenString, err := newToken.SignedString(mw.Key)
+ tokenString, err := token.SignedString(mw.Key)
if err != nil {
mw.unauthorized(c, http.StatusUnauthorized, "Create JWT Token faild")
return
}
+ //
+ mw.currentToken = tokenString
+
c.JSON(http.StatusOK, gin.H{
"token": tokenString,
"expire": expire.Format(time.RFC3339),
@@ -288,12 +308,13 @@ func (mw *GinJWTMiddleware) jwtFromHeader(c *gin.Context, key string) (string, e
return "", errors.New("auth header empty")
}
- parts := strings.SplitN(authHeader, " ", 2)
- if !(len(parts) == 2 && parts[0] == "Bearer") {
- return "", errors.New("invalid auth header")
- }
+ // parts := strings.SplitN(authHeader, " ", 2)
+ // if !(len(parts) == 2 && parts[0] == "Bearer") {
+ // return "", errors.New("invalid auth header")
+ // }
- return parts[1], nil
+ // return parts[1], nil
+ return authHeader, nil
}
func (mw *GinJWTMiddleware) jwtFromQuery(c *gin.Context, key string) (string, error) {