refactor

axetroy · axetroy · commit 68b4e1e32529 · 2020-01-17T02:33:41.000+08:00
diff --git a/.env b/.env
@@ -2,7 +2,7 @@
 
 # 服务器设置
 PORT=9000 # HTTP 监听端口. 默认 8080
-SECRET_KEY=some_str_for_jwt_token # 签发 JWT token 的密钥，密钥不可泄漏
+JWT_TOKEN=some_str_for_jwt_token # 签发 JWT token 的密钥，更换密钥则导致所有用户授权取消。密钥不可泄漏
 SECRET=astaxie12798akljzmknm.ahkjkljl;k # 密钥，用于加密，一旦更换密钥，则解密加密过的密码将失效. 须是32位的[]byte
 TLS_CERT= # TLS 的证书文件路径
 TLS_KEY= # TLS 的 key 文件路径
diff --git a/internal/app/config/common.go b/internal/app/config/common.go
@@ -15,7 +15,7 @@ type common struct {
 	MachineId int64  `json:"machine_id"` // 机器 ID, 用于分布式生成 ID，每个节点的 ID 都应该不一样，并且最大值为 1024
 	Mode      string `json:"mode"`       // 运行模式, 开发模式还是生产模式
 	Exiting   bool   `json:"exiting"`    // 进程是否出于正在退出的状态，用户优雅的退出进程
-	Secret    string `json:"secret"`     // 加密密钥
+	Secret    string `json:"secret"`     // 加密密钥，用于加密密码
 }
 
 var Common *common
diff --git a/internal/app/config/http.go b/internal/app/config/http.go
@@ -10,24 +10,24 @@ type TLS struct {
 	Key  string `json:"key"`  // Key 文件
 }
 
-type user struct {
+type http struct {
 	Domain string `json:"domain"` // 用户端 API 绑定的域名, 例如 https://example.com
 	Port   string `json:"port"`   // 用户端 API 监听的端口
 	Secret string `json:"secret"` // 用户端密钥，用于加密/解密 token
 	TLS    *TLS   `json:"tls"`
 }
 
-var User user
+var Http http
 
 func init() {
-	User.Port = dotenv.GetByDefault("PORT", "8080")
-	User.Secret = dotenv.GetByDefault("SECRET_KEY", "user")
+	Http.Port = dotenv.GetByDefault("PORT", "8080")
+	Http.Secret = dotenv.GetByDefault("JWT_TOKEN", "some_str_for_jwt_token")
 
 	TlsCert := dotenv.GetByDefault("TLS_CERT", "")
 	TlsKey := dotenv.GetByDefault("TLS_KEY", "")
 
 	if TlsCert != "" && TlsKey != "" {
-		User.TLS = &TLS{
+		Http.TLS = &TLS{
 			Cert: TlsCert,
 			Key:  TlsKey,
 		}
diff --git a/internal/app/middleware/authenticate.go b/internal/app/middleware/authenticate.go
@@ -2,10 +2,11 @@
 package middleware
 
 import (
-	schema2 "github.com/axetroy/wsm/internal/app/schema"
 	"net/http"
 
+	"github.com/axetroy/wsm/internal/app/config"
 	"github.com/axetroy/wsm/internal/app/exception"
+	"github.com/axetroy/wsm/internal/app/schema"
 	"github.com/axetroy/wsm/internal/library/token"
 	"github.com/gin-gonic/gin"
 )
@@ -20,11 +21,11 @@ func Authenticate(isAdmin bool) gin.HandlerFunc {
 		var (
 			err         error
 			tokenString string
-			status      = schema2.StatusFail
+			status      = schema.StatusFail
 		)
 		defer func() {
 			if err != nil {
-				c.JSON(http.StatusOK, schema2.Response{
+				c.JSON(http.StatusOK, schema.Response{
 					Status:  status,
 					Message: err.Error(),
 					Data:    nil,
@@ -49,7 +50,7 @@ func Authenticate(isAdmin bool) gin.HandlerFunc {
 			}
 		}
 
-		if claims, er := token.Parse(tokenString, isAdmin); er != nil {
+		if claims, er := token.Parse(config.Http.Secret, tokenString); er != nil {
 			err = er
 			status = exception.InvalidToken.Code()
 			return
diff --git a/internal/app/serve.go b/internal/app/serve.go
@@ -16,7 +16,7 @@ import (
 )
 
 func Serve() error {
-	port := config.User.Port
+	port := config.Http.Port
 
 	s := &http.Server{
 		Addr:           ":" + port,
@@ -27,7 +27,7 @@ func Serve() error {
 	}
 
 	go func() {
-		if config.User.TLS != nil {
+		if config.Http.TLS != nil {
 			TLSConfig := &tls.Config{
 				MinVersion:               tls.VersionTLS11,
 				CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
@@ -47,7 +47,7 @@ func Serve() error {
 
 			log.Printf("Listen on:  %s\n", s.Addr)
 
-			if err := s.ListenAndServeTLS(config.User.TLS.Cert, config.User.TLS.Key); err != nil {
+			if err := s.ListenAndServeTLS(config.Http.TLS.Cert, config.Http.TLS.Key); err != nil {
 				log.Fatalln(err)
 			}
 		} else {
diff --git a/internal/app/user/login.go b/internal/app/user/login.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"time"
 
+	"github.com/axetroy/wsm/internal/app/config"
 	"github.com/axetroy/wsm/internal/app/db"
 	"github.com/axetroy/wsm/internal/app/exception"
 	"github.com/axetroy/wsm/internal/app/schema"
@@ -93,7 +94,7 @@ func LoginWithUsername(c *controller.Context) (res schema.Response) {
 	data.UpdatedAt = userInfo.UpdatedAt.Format(time.RFC3339Nano)
 
 	// generate token
-	if t, er := token.Generate(userInfo.Id, false); er != nil {
+	if t, er := token.Generate(config.Http.Secret, userInfo.Id); er != nil {
 		err = er
 		return
 	} else {
diff --git a/internal/library/token/generate.go b/internal/library/token/generate.go
@@ -9,38 +9,29 @@ import (
 )
 
 // generate jwt token
-func Generate(userId string, isAdmin bool) (tokenString string, err error) {
-	var (
-		issuer string
-		key    string
-	)
-
-	if isAdmin {
-		issuer = "admin"
-		key = adminSecreteKey
-	} else {
-		issuer = "user"
-		key = userSecreteKey
-	}
-
+func Generate(secret, userId string) (tokenString string, err error) {
 	// 生成token
 	c := ClaimsInternal{
 		util.Base64Encode(userId),
 		jwt.StandardClaims{
 			Audience:  userId,
 			Id:        userId,
 			ExpiresAt: time.Now().Add(time.Hour * time.Duration(6)).Unix(),
-			Issuer:    issuer,
+			Issuer:    "user",
 			IssuedAt:  time.Now().Unix(),
 			NotBefore: time.Now().Unix(),
 		},
 	}
 
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, c)
 
-	tokenString, err = token.SignedString([]byte(key))
+	tokenString, err = token.SignedString([]byte(secret))
+
+	if err != nil {
+		return "", err
+	}
 
-	tokenString = Prefix + " " + tokenString
+	tokenString = JoinPrefixToken(tokenString)
 
 	return
 }
diff --git a/internal/library/token/parse.go b/internal/library/token/parse.go
@@ -10,18 +10,11 @@ import (
 )
 
 // parse jwt token
-func Parse(tokenString string, isAdmin bool) (claims Claims, err error) {
+func Parse(secret, tokenString string) (claims Claims, err error) {
 	var (
 		token *jwt.Token
-		key   string
 	)
 
-	if isAdmin {
-		key = adminSecreteKey
-	} else {
-		key = userSecreteKey
-	}
-
 	if strings.HasPrefix(tokenString, Prefix+" ") == false {
 		err = exception.InvalidAuth
 		return
@@ -37,7 +30,7 @@ func Parse(tokenString string, isAdmin bool) (claims Claims, err error) {
 	c := ClaimsInternal{}
 
 	if token, err = jwt.ParseWithClaims(tokenString, &c, func(token *jwt.Token) (interface{}, error) {
-		return []byte(key), nil
+		return []byte(secret), nil
 	}); err != nil {
 		if strings.HasPrefix(err.Error(), "token is expired by") {
 			err = exception.TokenExpired
diff --git a/internal/library/token/token.go b/internal/library/token/token.go
@@ -10,11 +10,6 @@ const (
 	AuthField = "Authorization"
 )
 
-var (
-	userSecreteKey  string
-	adminSecreteKey string
-)
-
 type Claims struct {
 	Uid string `json:"uid"`
 	jwt.StandardClaims

Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ type common struct {`
`15`	`15`	MachineId int64 `json:"machine_id"` // 机器 ID, 用于分布式生成 ID，每个节点的 ID 都应该不一样，并且最大值为 1024
`16`	`16`	Mode string `json:"mode"` // 运行模式, 开发模式还是生产模式
`17`	`17`	Exiting bool `json:"exiting"` // 进程是否出于正在退出的状态，用户优雅的退出进程
`18`		- Secret string `json:"secret"` // 加密密钥
	`18`	+ Secret string `json:"secret"` // 加密密钥，用于加密密码
`19`	`19`	`}`
`20`	`20`
`21`	`21`	`var Common *common`