package main import ( "chat/services/board" "fmt" "log" "net/http" "os" "time" "github.com/gin-contrib/cors" "github.com/gin-contrib/sessions" "github.com/gin-contrib/sessions/cookie" "github.com/gin-gonic/gin" "github.com/golang-jwt/jwt" "github.com/google/go-github/v50/github" "github.com/joho/godotenv" "gorm.io/driver/mysql" "gorm.io/gorm" ) var db *gorm.DB var jwtSecret = []byte("JWT_SECRET") func init() { err := godotenv.Load() if err != nil { log.Fatal("Error loading .env file") } } func main() { initDB() router := gin.Default() store := cookie.NewStore([]byte("secret")) router.Use(sessions.Sessions("my-session", store)) router.Use(cors.New(cors.Config{ AllowOrigins: []string{"*"}, AllowMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS", "HEAD"}, AllowHeaders: []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"}, AllowCredentials: true, })) router.GET("/", func(ctx *gin.Context) { ctx.Writer.WriteString("hello world") }) router.GET("/auth/idt", board.IdentityHandler) router.POST("/auth/signin/sso", board.SSOHandler) router.Run(":8000") } func initDB() { dsn := os.Getenv("MYSQL_DSN") db, err := gorm.Open(mysql.Open(dsn), &gorm.Config{}) if err != nil { log.Fatal("Error opening database:", err) } // db.AutoMigrate() sqlDB, err := db.DB() if err != nil { log.Fatal("Error connecting to database:", err) } sqlDB.SetMaxIdleConns(10) sqlDB.SetMaxOpenConns(100) sqlDB.SetConnMaxLifetime(time.Hour) log.Println("Database connection established") } func storeStateToDB(state, code string) error { query := "INSERT INTO oauth_state (state, code) VALUES (?, ?)" err := db.Exec(query, state, code).Error if err != nil { return err } return nil } func verifyState(state, code string) bool { query := "SELECT COUNT(*) FROM oauth_state WHERE state = ? AND code = ?" row := db.Exec(query, state, code) var count int err := row.Scan(&count) if err != nil { log.Println("Error verifying state:", err) return false } if count == 0 { return false } return true } func storeUserToDB(user *github.User) error { query := "INSERT INTO users (id, login, email) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE login = VALUES(login), email = VALUES(email)" err := db.Exec(query, user.GetID(), user.GetLogin(), user.GetEmail()).Error if err != nil { return err } return nil } // Generate a signed JWT containing the user ID as a claim. func generateJWT(userID int64) (string, error) { token := jwt.New(jwt.SigningMethodHS256) claims := jwt.MapClaims{ "sub": userID, "exp": time.Now().Add(24 * time.Hour).Unix(), } token.Claims = claims signedToken, err := token.SignedString(jwtSecret) if err != nil { return "", err } return signedToken, nil } func verifyJWTToken(tokenString string) { // 验证 token tokenValue, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { // 该函数用于验证令牌的签名方法是否正确 if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"]) } return jwtSecret, nil }) if err != nil { fmt.Println("Error parsing token string:", err) return } // 获取声明信息 if claims, ok := tokenValue.Claims.(jwt.MapClaims); ok && tokenValue.Valid { // fmt.Println("Authorized:", claims["authorized"]) fmt.Println("User:", claims["user"]) fmt.Println("Expiration time:", time.Unix(int64(claims["exp"].(float64)), 0)) } else { fmt.Println("Invalid token.") } } // Middleware to require authentication via JWT. func requireAuth() gin.HandlerFunc { return func(c *gin.Context) { tokenString := c.GetHeader("Authorization") if tokenString == "" { c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Missing Authorization header."}) return } token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"]) } return jwtSecret, nil }) if err != nil { if err == jwt.ErrSignatureInvalid { c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid token signature."}) return } c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid token."}) return } claims, ok := token.Claims.(jwt.MapClaims) if !ok || !token.Valid { c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid token claims."}) return } userID, ok := claims["sub"].(float64) if !ok { c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid subject claim type."}) return } // Use the userID to look up the user in your database or perform other authorization logic. // ... // If authorized, set the user ID on the Gin context for use by downstream handlers. c.Set("userID", int64(userID)) c.Next() } }