chore: 重构Authorizer,减少类型转换

Author: TBXark

internal/server/api/web.go

@@ -34,7 +34,7 @@ func (w *Web) Identifier() string {
 
 func (w *Web) Run() error {
 
-	authorizer := jwtauth.NewJwtAuth(w.config.JWT)
+	authorizer := jwtauth.NewJwtAuth[int64](w.config.JWT)
 	authControl := auth.NewAuth[int64](jwtauth.AuthorizationPrefixBearer, authorizer)
 
 	zapLogger := log.ZapLogger().With(logfields.String("module", "api"))

internal/server/dash/web.go

@@ -43,8 +43,8 @@ const (
 )
 
 func (w *Web) Run() error {
-	authorizer := jwtauth.NewJwtAuth(w.config.AuthJWT)
-	authRefresher := jwtauth.NewJwtAuth(w.config.RefreshJWT)
+	authorizer := jwtauth.NewJwtAuth[int64](w.config.AuthJWT)
+	authRefresher := jwtauth.NewJwtAuth[int64](w.config.RefreshJWT)
 	authControl := auth.NewAuth[int64](jwtauth.AuthorizationPrefixBearer, authorizer)
 
 	zapLogger := log.ZapLogger().With(logfields.String("module", "dash"))

internal/service/api/auth.go

@@ -8,7 +8,6 @@ import (
 	"github.com/tbxark/sphere/internal/pkg/dao"
 	"github.com/tbxark/sphere/internal/pkg/database/ent"
 	"github.com/tbxark/sphere/internal/pkg/database/ent/userplatform"
-	"strconv"
 	"time"
 )
 
@@ -63,7 +62,7 @@ func (s *Service) AuthWxMini(ctx context.Context, req *apiv1.AuthWxMiniRequest)
 	if err != nil {
 		return nil, err
 	}
-	token, err := s.Authorizer.GenerateToken(strconv.Itoa(int(res.User.Id)), consts.WechatMiniPlatform+":"+wxUser.OpenID)
+	token, err := s.Authorizer.GenerateToken(res.User.Id, consts.WechatMiniPlatform+":"+wxUser.OpenID)
 	if err != nil {
 		return nil, err
 	}

internal/service/api/service.go

@@ -18,7 +18,7 @@ type Service struct {
 	Cache      cache.ByteCache
 	Wechat     *wechat.Wechat
 	Render     *render.Render
-	Authorizer authorizer.Authorizer
+	Authorizer authorizer.Authorizer[int64]
 	Auth       *auth.Auth[int64]
 	httpClient *http.Client
 }
@@ -36,7 +36,7 @@ func NewService(db *dao.Dao, wx *wechat.Wechat, store storage.Storage, cache cac
 	}
 }
 
-func (s *Service) Init(auth *auth.Auth[int64], authorizer authorizer.Authorizer) {
+func (s *Service) Init(auth *auth.Auth[int64], authorizer authorizer.Authorizer[int64]) {
 	s.Auth = auth
 	s.Authorizer = authorizer
 }

internal/service/dash/auth.go

@@ -24,12 +24,11 @@ type AdminToken struct {
 type AdminLoginResponseWrapper = ginx.DataResponse[AdminToken]
 
 func (s *Service) createToken(u *ent.Admin) (*AdminToken, error) {
-	id := strconv.Itoa(int(u.ID))
-	token, err := s.Authorizer.GenerateToken(id, u.Username, u.Roles...)
+	token, err := s.Authorizer.GenerateToken(u.ID, u.Username, u.Roles...)
 	if err != nil {
 		return nil, err
 	}
-	refresh, err := s.AuthRefresher.GenerateToken(id, u.Username)
+	refresh, err := s.AuthRefresher.GenerateToken(u.ID, u.Username)
 	if err != nil {
 		return nil, err
 	}

internal/service/dash/service.go

@@ -17,8 +17,8 @@ type Service struct {
 	WeChat  *wechat.Wechat
 	Render  *render.Render
 
-	Authorizer    authorizer.Authorizer
-	AuthRefresher authorizer.Authorizer
+	Authorizer    authorizer.Authorizer[int64]
+	AuthRefresher authorizer.Authorizer[int64]
 	Auth          *auth.Auth[int64]
 	ACL           *auth.ACL
 }
@@ -34,7 +34,7 @@ func NewService(db *dao.Dao, wx *wechat.Wechat, store storage.Storage, cache cac
 	}
 }
 
-func (s *Service) Init(auth *auth.Auth[int64], authorizer authorizer.Authorizer, authRefresher authorizer.Authorizer) {
+func (s *Service) Init(auth *auth.Auth[int64], authorizer authorizer.Authorizer[int64], authRefresher authorizer.Authorizer[int64]) {
 	s.Auth = auth
 	s.Authorizer = authorizer
 	s.AuthRefresher = authRefresher

pkg/server/auth/authorizer/parser.go

@@ -1,29 +1,36 @@
 package authorizer
 
-import "time"
+import (
+	"golang.org/x/exp/constraints"
+	"time"
+)
 
-type Claims struct {
-	Subject  string
-	Username string
-	Roles    string
-	Exp      int64
+type UID interface {
+	constraints.Integer | string
+}
+
+type Claims[T UID] struct {
+	UID     T
+	Subject string
+	Roles   string
+	Exp     int64
 }
 
 type Token struct {
 	Token     string
 	ExpiresAt time.Time
 }
 
-type Parser interface {
-	ParseToken(token string) (*Claims, error)
+type Parser[T UID] interface {
+	ParseToken(token string) (*Claims[T], error)
 	ParseRoles(roles string) []string
 }
 
-type Generator interface {
-	GenerateToken(subject, username string, roles ...string) (*Token, error)
+type Generator[T UID] interface {
+	GenerateToken(uid T, subject string, roles ...string) (*Token, error)
 }
 
-type Authorizer interface {
-	Parser
-	Generator
+type Authorizer[T UID] interface {
+	Parser[T]
+	Generator[T]
 }

pkg/server/auth/jwtauth/jwt.go

@@ -12,57 +12,48 @@ import (
 const (
 	AuthorizationPrefixBearer = "Bearer"
 	DefaultTokenDuration      = time.Hour * 24 * 7
-	DefaultRefreshDuration    = time.Hour * 24 * 7
 )
 
-var _ authorizer.Authorizer = &JwtAuth{}
+var _ authorizer.Authorizer[int64] = &JwtAuth[int64]{}
 
-type SignedDetails struct {
+type SignedDetails[T authorizer.UID] struct {
 	jwt.StandardClaims
-	Username string `json:"username,omitempty"`
-	Roles    string `json:"roles,omitempty"`
+	UID   T      `json:"uid,omitempty"`
+	Roles string `json:"roles,omitempty"`
 }
 
-type JwtAuth struct {
-	secret                []byte
-	signingMethod         jwt.SigningMethod
-	signedTokenDuration   time.Duration
-	signedRefreshDuration time.Duration
-	mu                    sync.RWMutex // 添加互斥锁
+type JwtAuth[T authorizer.UID] struct {
+	secret              []byte
+	signingMethod       jwt.SigningMethod
+	signedTokenDuration time.Duration
+	mu                  sync.RWMutex // 添加互斥锁
 }
 
-type Option func(*JwtAuth)
+type Option[T authorizer.UID] func(*JwtAuth[T])
 
-func NewJwtAuth(secret string, opts ...Option) *JwtAuth {
-	ja := &JwtAuth{
-		secret:                []byte(secret),
-		signingMethod:         jwt.SigningMethodHS256,
-		signedTokenDuration:   DefaultTokenDuration,
-		signedRefreshDuration: DefaultRefreshDuration,
+func NewJwtAuth[T authorizer.UID](secret string, opts ...Option[T]) *JwtAuth[T] {
+	ja := &JwtAuth[T]{
+		secret:              []byte(secret),
+		signingMethod:       jwt.SigningMethodHS256,
+		signedTokenDuration: DefaultTokenDuration,
 	}
 	for _, opt := range opts {
 		opt(ja)
 	}
 	return ja
 }
 
-func WithTokenDuration(d time.Duration) Option {
-	return func(ja *JwtAuth) {
+func WithTokenDuration[T authorizer.UID](d time.Duration) Option[T] {
+	return func(ja *JwtAuth[T]) {
 		ja.signedTokenDuration = d
 	}
 }
 
-func WithRefreshTokenDuration(d time.Duration) Option {
-	return func(ja *JwtAuth) {
-		ja.signedRefreshDuration = d
-	}
-}
-
-func (g *JwtAuth) GenerateToken(subject, username string, roles ...string) (*authorizer.Token, error) {
+func (g *JwtAuth[T]) GenerateToken(uid T, subject string, roles ...string) (*authorizer.Token, error) {
 	expiresAt := time.Now().Local().Add(g.signedTokenDuration)
-	claims := &SignedDetails{
-		Username: username,
-		Roles:    strings.Join(roles, ","),
+	claims := &SignedDetails[T]{
+		UID:   uid,
+		Roles: strings.Join(roles, ","),
 		StandardClaims: jwt.StandardClaims{
 			Subject:   subject,
 			ExpiresAt: expiresAt.Unix(),
@@ -80,8 +71,8 @@ func (g *JwtAuth) GenerateToken(subject, username string, roles ...string) (*aut
 	}, nil
 }
 
-func (g *JwtAuth) ParseToken(signedToken string) (*authorizer.Claims, error) {
-	claims := &SignedDetails{}
+func (g *JwtAuth[T]) ParseToken(signedToken string) (*authorizer.Claims[T], error) {
+	claims := &SignedDetails[T]{}
 	_, err := jwt.ParseWithClaims(signedToken, claims, func(token *jwt.Token) (interface{}, error) {
 		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
 			return nil, jwt.ErrSignatureInvalid
@@ -91,26 +82,20 @@ func (g *JwtAuth) ParseToken(signedToken string) (*authorizer.Claims, error) {
 	if err != nil {
 		return nil, err
 	}
-	return &authorizer.Claims{
-		Subject:  claims.Subject,
-		Username: claims.Username,
-		Roles:    claims.Roles,
-		Exp:      claims.ExpiresAt,
+	return &authorizer.Claims[T]{
+		UID:     claims.UID,
+		Subject: claims.Subject,
+		Roles:   claims.Roles,
+		Exp:     claims.ExpiresAt,
 	}, nil
 }
 
-func (g *JwtAuth) ParseRoles(roles string) []string {
+func (g *JwtAuth[T]) ParseRoles(roles string) []string {
 	return strings.Split(roles, ",")
 }
 
-func (g *JwtAuth) SetTokenDuration(duration time.Duration) {
+func (g *JwtAuth[T]) SetTokenDuration(duration time.Duration) {
 	g.mu.Lock()
 	defer g.mu.Unlock()
 	g.signedTokenDuration = duration
 }
-
-func (g *JwtAuth) SetRefreshTokenDuration(duration time.Duration) {
-	g.mu.Lock()
-	defer g.mu.Unlock()
-	g.signedRefreshDuration = duration
-}

pkg/server/auth/jwtauth/jwt_test.go

@@ -6,7 +6,7 @@ import (
 )
 
 func TestJwtAuth_ParseToken(t *testing.T) {
-	auth := NewJwtAuth("secret")
+	auth := NewJwtAuth[string]("secret")
 	token, err := auth.GenerateToken("1", "username", "admin")
 	if err != nil {
 		t.Error(err)
@@ -15,14 +15,14 @@ func TestJwtAuth_ParseToken(t *testing.T) {
 	if err != nil {
 		t.Error(err)
 	}
-	if claims.Username != "username" {
-		t.Error("username not match")
+	if claims.Subject != "username" {
+		t.Error("subject not match")
 	}
 	if claims.Roles != "admin" {
 		t.Error("roles not match")
 	}
-	if claims.Subject != "1" {
-		t.Error("subject not match")
+	if claims.UID != "1" {
+		t.Error("uid not match")
 	}
 	auth.SetTokenDuration(0)
 	token, err = auth.GenerateToken("1", "username", "admin")

pkg/server/auth/tmaauth/tma.go

@@ -3,13 +3,12 @@ package tmaauth
 import (
 	"github.com/tbxark/sphere/pkg/server/auth/authorizer"
 	initdata "github.com/telegram-mini-apps/init-data-golang"
-	"strconv"
 	"time"
 )
 
 const AuthorizationPrefixTMA = "tma"
 
-var _ authorizer.Parser = &TmaAuth{}
+var _ authorizer.Parser[int64] = &TmaAuth{}
 
 type TmaAuth struct {
 	token string
@@ -23,7 +22,7 @@ func NewTmaAuth(token string) *TmaAuth {
 	}
 }
 
-func (t *TmaAuth) ParseToken(token string) (*authorizer.Claims, error) {
+func (t *TmaAuth) ParseToken(token string) (*authorizer.Claims[int64], error) {
 	err := initdata.Validate(token, t.token, t.expIn)
 	if err != nil {
 		return nil, err
@@ -32,11 +31,11 @@ func (t *TmaAuth) ParseToken(token string) (*authorizer.Claims, error) {
 	if err != nil {
 		return nil, err
 	}
-	return &authorizer.Claims{
-		Subject:  strconv.Itoa(int(initData.Chat.ID)),
-		Username: initData.Chat.Username,
-		Roles:    string(initData.Chat.Type),
-		Exp:      initData.AuthDate().Add(t.expIn).Unix(),
+	return &authorizer.Claims[int64]{
+		UID:     initData.Chat.ID,
+		Subject: initData.Chat.Username,
+		Roles:   string(initData.Chat.Type),
+		Exp:     initData.AuthDate().Add(t.expIn).Unix(),
 	}, nil
 }
 

pkg/server/middleware/auth/auth.go

@@ -3,12 +3,11 @@ package auth
 import (
 	"context"
 	"github.com/tbxark/sphere/pkg/server/auth/authorizer"
-	"golang.org/x/exp/constraints"
 )
 
 const (
-	ContextKeyID        = "uid"
-	ContextKeyUsername  = "username"
+	ContextKeyUID       = "uid"
+	ContextKeySubject   = "subject"
 	ContextKeyRoles     = "roles"
 	AuthorizationHeader = "Authorization"
 )
@@ -31,29 +30,25 @@ var (
 	PermissionError = Error{403, "permission denied"}
 )
 
-type ID interface {
-	constraints.Integer | string
-}
-
-type Auth[I ID] struct {
+type Auth[I authorizer.UID] struct {
 	zeroID I
 	prefix string
-	parser authorizer.Parser
+	parser authorizer.Parser[I]
 }
 
 type AccessControl interface {
 	IsAllowed(role, resource string) bool
 }
 
-func NewAuth[I ID](prefix string, parser authorizer.Parser) *Auth[I] {
+func NewAuth[I authorizer.UID](prefix string, parser authorizer.Parser[I]) *Auth[I] {
 	return &Auth[I]{
 		prefix: prefix,
 		parser: parser,
 	}
 }
 
 func (a *Auth[I]) GetCurrentID(ctx context.Context) (I, error) {
-	raw := ctx.Value(ContextKeyID)
+	raw := ctx.Value(ContextKeyUID)
 	if raw == nil {
 		return a.zeroID, NeedLoginError
 	}
@@ -65,7 +60,7 @@ func (a *Auth[I]) GetCurrentID(ctx context.Context) (I, error) {
 }
 
 func (a *Auth[I]) GetCurrentUsername(ctx context.Context) (string, error) {
-	raw := ctx.Value(ContextKeyUsername)
+	raw := ctx.Value(ContextKeySubject)
 	username, ok := raw.(string)
 	if !ok {
 		return "", NeedLoginError