196 lines
4.9 KiB
Go
196 lines
4.9 KiB
Go
package main
|
|
|
|
import (
|
|
"chat/services/board"
|
|
"fmt"
|
|
"log"
|
|
"net/http"
|
|
"os"
|
|
"time"
|
|
|
|
"github.com/gin-contrib/cors"
|
|
"github.com/gin-contrib/sessions"
|
|
"github.com/gin-contrib/sessions/cookie"
|
|
"github.com/gin-gonic/gin"
|
|
"github.com/golang-jwt/jwt"
|
|
"github.com/google/go-github/v50/github"
|
|
"github.com/joho/godotenv"
|
|
"gorm.io/driver/mysql"
|
|
"gorm.io/gorm"
|
|
)
|
|
|
|
var db *gorm.DB
|
|
var jwtSecret = []byte("JWT_SECRET")
|
|
|
|
func init() {
|
|
err := godotenv.Load()
|
|
if err != nil {
|
|
log.Fatal("Error loading .env file")
|
|
}
|
|
}
|
|
|
|
func main() {
|
|
initDB()
|
|
|
|
router := gin.Default()
|
|
|
|
store := cookie.NewStore([]byte("secret"))
|
|
router.Use(sessions.Sessions("my-session", store))
|
|
|
|
router.Use(cors.New(cors.Config{
|
|
AllowOrigins: []string{"*"},
|
|
AllowMethods: []string{"GET", "POST", "PUT", "DELETE", "OPTIONS", "HEAD"},
|
|
AllowHeaders: []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"},
|
|
AllowCredentials: true,
|
|
}))
|
|
router.GET("/", func(ctx *gin.Context) { ctx.Writer.WriteString("hello world") })
|
|
router.GET("/auth/idt", board.IdentityHandler)
|
|
router.POST("/auth/signin/sso", board.SSOHandler)
|
|
|
|
router.Run(":8000")
|
|
}
|
|
|
|
func initDB() {
|
|
dsn := os.Getenv("MYSQL_DSN")
|
|
db, err := gorm.Open(mysql.Open(dsn), &gorm.Config{})
|
|
if err != nil {
|
|
log.Fatal("Error opening database:", err)
|
|
}
|
|
// db.AutoMigrate()
|
|
sqlDB, err := db.DB()
|
|
if err != nil {
|
|
log.Fatal("Error connecting to database:", err)
|
|
}
|
|
sqlDB.SetMaxIdleConns(10)
|
|
sqlDB.SetMaxOpenConns(100)
|
|
sqlDB.SetConnMaxLifetime(time.Hour)
|
|
|
|
log.Println("Database connection established")
|
|
}
|
|
|
|
func storeStateToDB(state, code string) error {
|
|
query := "INSERT INTO oauth_state (state, code) VALUES (?, ?)"
|
|
err := db.Exec(query, state, code).Error
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func verifyState(state, code string) bool {
|
|
query := "SELECT COUNT(*) FROM oauth_state WHERE state = ? AND code = ?"
|
|
row := db.Exec(query, state, code)
|
|
|
|
var count int
|
|
err := row.Scan(&count)
|
|
if err != nil {
|
|
log.Println("Error verifying state:", err)
|
|
return false
|
|
}
|
|
|
|
if count == 0 {
|
|
return false
|
|
}
|
|
|
|
return true
|
|
}
|
|
|
|
func storeUserToDB(user *github.User) error {
|
|
query := "INSERT INTO users (id, login, email) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE login = VALUES(login), email = VALUES(email)"
|
|
|
|
err := db.Exec(query, user.GetID(), user.GetLogin(), user.GetEmail()).Error
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// Generate a signed JWT containing the user ID as a claim.
|
|
func generateJWT(userID int64) (string, error) {
|
|
token := jwt.New(jwt.SigningMethodHS256)
|
|
claims := jwt.MapClaims{
|
|
"sub": userID,
|
|
"exp": time.Now().Add(24 * time.Hour).Unix(),
|
|
}
|
|
token.Claims = claims
|
|
|
|
signedToken, err := token.SignedString(jwtSecret)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return signedToken, nil
|
|
}
|
|
|
|
func verifyJWTToken(tokenString string) {
|
|
// 验证 token
|
|
tokenValue, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
|
|
// 该函数用于验证令牌的签名方法是否正确
|
|
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
|
return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
|
|
}
|
|
|
|
return jwtSecret, nil
|
|
})
|
|
if err != nil {
|
|
fmt.Println("Error parsing token string:", err)
|
|
return
|
|
}
|
|
|
|
// 获取声明信息
|
|
if claims, ok := tokenValue.Claims.(jwt.MapClaims); ok && tokenValue.Valid {
|
|
// fmt.Println("Authorized:", claims["authorized"])
|
|
fmt.Println("User:", claims["user"])
|
|
fmt.Println("Expiration time:", time.Unix(int64(claims["exp"].(float64)), 0))
|
|
} else {
|
|
fmt.Println("Invalid token.")
|
|
}
|
|
}
|
|
|
|
// Middleware to require authentication via JWT.
|
|
func requireAuth() gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
tokenString := c.GetHeader("Authorization")
|
|
if tokenString == "" {
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Missing Authorization header."})
|
|
return
|
|
}
|
|
|
|
token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
|
|
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
|
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
|
|
}
|
|
return jwtSecret, nil
|
|
})
|
|
|
|
if err != nil {
|
|
if err == jwt.ErrSignatureInvalid {
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid token signature."})
|
|
return
|
|
}
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid token."})
|
|
return
|
|
}
|
|
|
|
claims, ok := token.Claims.(jwt.MapClaims)
|
|
if !ok || !token.Valid {
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid token claims."})
|
|
return
|
|
}
|
|
|
|
userID, ok := claims["sub"].(float64)
|
|
if !ok {
|
|
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid subject claim type."})
|
|
return
|
|
}
|
|
|
|
// Use the userID to look up the user in your database or perform other authorization logic.
|
|
// ...
|
|
// If authorized, set the user ID on the Gin context for use by downstream handlers.
|
|
c.Set("userID", int64(userID))
|
|
c.Next()
|
|
}
|
|
}
|