pkg/common/storage/controller/auth.go

package controller

import (
	"context"

	"github.com/golang-jwt/jwt/v4"
	"github.com/openimsdk/open-im-server/v3/pkg/authverify"
	"github.com/openimsdk/open-im-server/v3/pkg/common/config"
	"github.com/openimsdk/open-im-server/v3/pkg/common/storage/cache"
	"github.com/openimsdk/open-im-server/v3/pkg/common/storage/cache/cachekey"
	"github.com/openimsdk/protocol/constant"
	"github.com/openimsdk/tools/errs"
	"github.com/openimsdk/tools/log"
	"github.com/openimsdk/tools/tokenverify"
)

type AuthDatabase interface {
	// If the result is empty, no error is returned.
	GetTokensWithoutError(ctx context.Context, userID string, platformID int) (map[string]int, error)
	// Create token
	CreateToken(ctx context.Context, userID string, platformID int) (string, error)

	BatchSetTokenMapByUidPid(ctx context.Context, tokens []string) error

	SetTokenMapByUidPid(ctx context.Context, userID string, platformID int, m map[string]int) error
}

type multiLoginConfig struct {
	Policy       int
	MaxNumOneEnd int
}

type authDatabase struct {
	cache        cache.TokenModel
	accessSecret string
	accessExpire int64
	multiLogin   multiLoginConfig
	adminUserIDs []string
}

func NewAuthDatabase(cache cache.TokenModel, accessSecret string, accessExpire int64, multiLogin config.MultiLogin, adminUserIDs []string) AuthDatabase {
	return &authDatabase{cache: cache, accessSecret: accessSecret, accessExpire: accessExpire, multiLogin: multiLoginConfig{
		Policy:       multiLogin.Policy,
		MaxNumOneEnd: multiLogin.MaxNumOneEnd,
	},
		adminUserIDs: adminUserIDs,
	}
}

// If the result is empty.
func (a *authDatabase) GetTokensWithoutError(ctx context.Context, userID string, platformID int) (map[string]int, error) {
	return a.cache.GetTokensWithoutError(ctx, userID, platformID)
}

func (a *authDatabase) SetTokenMapByUidPid(ctx context.Context, userID string, platformID int, m map[string]int) error {
	return a.cache.SetTokenMapByUidPid(ctx, userID, platformID, m)
}

func (a *authDatabase) BatchSetTokenMapByUidPid(ctx context.Context, tokens []string) error {
	setMap := make(map[string]map[string]any)
	for _, token := range tokens {
		claims, err := tokenverify.GetClaimFromToken(token, authverify.Secret(a.accessSecret))
		if err != nil {
			continue
		}
		key := cachekey.GetTokenKey(claims.UserID, claims.PlatformID)
		if v, ok := setMap[key]; ok {
			v[token] = constant.KickedToken
		} else {
			setMap[key] = map[string]any{
				token: constant.KickedToken,
			}
		}
	}
	if err := a.cache.BatchSetTokenMapByUidPid(ctx, setMap); err != nil {
		return err
	}
	return nil
}

// Create Token.
func (a *authDatabase) CreateToken(ctx context.Context, userID string, platformID int) (string, error) {
	tokens, err := a.cache.GetAllTokensWithoutError(ctx, userID)
	if err != nil {
		return "", err
	}

	deleteTokenKey, kickedTokenKey, err := a.checkToken(ctx, tokens, platformID)
	if err != nil {
		return "", err
	}
	if len(deleteTokenKey) != 0 {
		err = a.cache.DeleteTokenByUidPid(ctx, userID, platformID, deleteTokenKey)
		if err != nil {
			return "", err
		}
	}
	if len(kickedTokenKey) != 0 {
		for _, k := range kickedTokenKey {
			err := a.cache.SetTokenFlagEx(ctx, userID, platformID, k, constant.KickedToken)
			if err != nil {
				return "", err
			}
			log.ZDebug(ctx, "kicked token in create token", "token", k)
		}
	}

	claims := tokenverify.BuildClaims(userID, platformID, a.accessExpire)
	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
	tokenString, err := token.SignedString([]byte(a.accessSecret))
	if err != nil {
		return "", errs.WrapMsg(err, "token.SignedString")
	}

	if err = a.cache.SetTokenFlagEx(ctx, userID, platformID, tokenString, constant.NormalToken); err != nil {
		return "", err
	}

	return tokenString, nil
}

func (a *authDatabase) checkToken(ctx context.Context, tokens map[int]map[string]int, platformID int) ([]string, []string, error) {
	// todo: Move the logic for handling old data to another location.
	var (
		loginTokenMap  = make(map[int][]string) // The length of the value of the map must be greater than 0
		deleteToken    = make([]string, 0)
		kickToken      = make([]string, 0)
		adminToken     = make([]string, 0)
		unkickTerminal = ""
	)

	for plfID, tks := range tokens {
		for k, v := range tks {
			_, err := tokenverify.GetClaimFromToken(k, authverify.Secret(a.accessSecret))
			if err != nil || v != constant.NormalToken {
				deleteToken = append(deleteToken, k)
			} else {
				if plfID != constant.AdminPlatformID {
					loginTokenMap[plfID] = append(loginTokenMap[plfID], k)
				} else {
					adminToken = append(adminToken, k)
				}
			}
		}
	}

	switch a.multiLogin.Policy {
	case constant.DefalutNotKick:
		for plt, ts := range loginTokenMap {
			l := len(ts)
			if platformID == plt {
				l++
			}
			limit := a.multiLogin.MaxNumOneEnd
			if l > limit {
				kickToken = append(kickToken, ts[:l-limit]...)
			}
		}
	case constant.AllLoginButSameTermKick:
		for plt, ts := range loginTokenMap {
			kickToken = append(kickToken, ts[:len(ts)-1]...)
			if plt == platformID {
				kickToken = append(kickToken, ts[len(ts)-1])
			}
		}
	case constant.PCAndOther:
		unkickTerminal = constant.TerminalPC
		if constant.PlatformIDToClass(platformID) != unkickTerminal {
			for plt, ts := range loginTokenMap {
				if constant.PlatformIDToClass(plt) != unkickTerminal {
					kickToken = append(kickToken, ts...)
				}
			}
		} else {
			var (
				preKick   []string
				isReserve = true
			)
			for plt, ts := range loginTokenMap {
				if constant.PlatformIDToClass(plt) != unkickTerminal {
					// Keep a token from another end
					if isReserve {
						isReserve = false
						kickToken = append(kickToken, ts[:len(ts)-1]...)
						preKick = append(preKick, ts[len(ts)-1])
						continue
					} else {
						// Prioritize keeping Android
						if plt == constant.AndroidPlatformID {
							kickToken = append(kickToken, preKick...)
							kickToken = append(kickToken, ts[:len(ts)-1]...)
						} else {
							kickToken = append(kickToken, ts...)
						}
					}
				}
			}
		}
	case constant.AllLoginButSameClassKick:
		var (
			reserved = make(map[string]struct{})
		)

		for plt, ts := range loginTokenMap {
			if constant.PlatformIDToClass(plt) == constant.PlatformIDToClass(platformID) {
				kickToken = append(kickToken, ts...)
			} else {
				if _, ok := reserved[constant.PlatformIDToClass(plt)]; !ok {
					reserved[constant.PlatformIDToClass(plt)] = struct{}{}
					kickToken = append(kickToken, ts[:len(ts)-1]...)
					continue
				} else {
					kickToken = append(kickToken, ts...)
				}
			}
		}
	default:
		return nil, nil, errs.New("unknown multiLogin policy").Wrap()
	}

	//var adminTokenMaxNum = a.multiLogin.MaxNumOneEnd
	//l := len(adminToken)
	//if platformID == constant.AdminPlatformID {
	//	l++
	//}
	//if l > adminTokenMaxNum {
	//	kickToken = append(kickToken, adminToken[:l-adminTokenMaxNum]...)
	//}
	if platformID == constant.AdminPlatformID {
		kickToken = append(kickToken, adminToken...)
	}
	return deleteToken, kickToken, nil
}
feat: use robot to migrate code 2023-06-30 09:45:02 +08:00			`package controller`

			`import (`
			`"context"`
fix: redis save error when KickTokens (#3002 ) 2024-12-25 18:07:25 +08:00
feat: format openim make lint code (#1997 ) 2024-03-04 21:32:07 +08:00			`"github.com/golang-jwt/jwt/v4"`
			`"github.com/openimsdk/open-im-server/v3/pkg/authverify"`
feat: merge js sdk (#2856 ) 2024-11-14 14:35:18 +08:00			`"github.com/openimsdk/open-im-server/v3/pkg/common/config"`
refactor: db refactor and cache key add. (#2320 ) 2024-05-27 11:58:36 +08:00			`"github.com/openimsdk/open-im-server/v3/pkg/common/storage/cache"`
feat: merge js sdk (#2856 ) 2024-11-14 14:35:18 +08:00			`"github.com/openimsdk/open-im-server/v3/pkg/common/storage/cache/cachekey"`
refactor: 3.7.0 code conventions. (#2148 ) 2024-04-19 22:23:08 +08:00			`"github.com/openimsdk/protocol/constant"`
			`"github.com/openimsdk/tools/errs"`
feat: merge js sdk (#2856 ) 2024-11-14 14:35:18 +08:00			`"github.com/openimsdk/tools/log"`
refactor: 3.7.0 code conventions. (#2148 ) 2024-04-19 22:23:08 +08:00			`"github.com/openimsdk/tools/tokenverify"`
feat: use robot to migrate code 2023-06-30 09:45:02 +08:00			`)`

			`type AuthDatabase interface {`
feat: Integrate Comprehensive E2E Testing for GoChat (#1906 ) 2024-03-04 12:12:14 +08:00			`// If the result is empty, no error is returned.`
feat: use robot to migrate code 2023-06-30 09:45:02 +08:00			`GetTokensWithoutError(ctx context.Context, userID string, platformID int) (map[string]int, error)`
feat: Integrate Comprehensive E2E Testing for GoChat (#1906 ) 2024-03-04 12:12:14 +08:00			`// Create token`
feat: use robot to migrate code 2023-06-30 09:45:02 +08:00			`CreateToken(ctx context.Context, userID string, platformID int) (string, error)`
refactor: 3.7.0 code conventions. (#2148 ) 2024-04-19 22:23:08 +08:00
feat: Add More Multi Login Policy (#2770 ) 2024-10-24 15:02:44 +08:00			`BatchSetTokenMapByUidPid(ctx context.Context, tokens []string) error`

refactor: 3.7.0 code conventions. (#2148 ) 2024-04-19 22:23:08 +08:00			`SetTokenMapByUidPid(ctx context.Context, userID string, platformID int, m map[string]int) error`
feat: use robot to migrate code 2023-06-30 09:45:02 +08:00			`}`

feat: Add More Multi Login Policy (#2770 ) 2024-10-24 15:02:44 +08:00			`type multiLoginConfig struct {`
fix: del login Policy (#2825 ) 2024-11-22 15:49:16 +08:00			`Policy int`
			`MaxNumOneEnd int`
feat: Add More Multi Login Policy (#2770 ) 2024-10-24 15:02:44 +08:00			`}`

feat: use robot to migrate code 2023-06-30 09:45:02 +08:00			`type authDatabase struct {`
feat: Add More Multi Login Policy (#2770 ) 2024-10-24 15:02:44 +08:00			`cache cache.TokenModel`
			`accessSecret string`
			`accessExpire int64`
			`multiLogin multiLoginConfig`
fix: admin token limit (#2871 ) 2024-11-22 12:25:28 +08:00			`adminUserIDs []string`
feat: use robot to migrate code 2023-06-30 09:45:02 +08:00			`}`

fix: admin token limit (#2871 ) 2024-11-22 12:25:28 +08:00			`func NewAuthDatabase(cache cache.TokenModel, accessSecret string, accessExpire int64, multiLogin config.MultiLogin, adminUserIDs []string) AuthDatabase {`
feat: Add More Multi Login Policy (#2770 ) 2024-10-24 15:02:44 +08:00			`return &authDatabase{cache: cache, accessSecret: accessSecret, accessExpire: accessExpire, multiLogin: multiLoginConfig{`
			`Policy: multiLogin.Policy,`
			`MaxNumOneEnd: multiLogin.MaxNumOneEnd,`
fix: del login Policy (#2825 ) 2024-11-22 15:49:16 +08:00			`},`
			`adminUserIDs: adminUserIDs,`
fix: admin token limit (#2871 ) 2024-11-22 12:25:28 +08:00			`}`
feat: use robot to migrate code 2023-06-30 09:45:02 +08:00			`}`

feat: Integrate Comprehensive E2E Testing for GoChat (#1906 ) 2024-03-04 12:12:14 +08:00			`// If the result is empty.`
			`func (a *authDatabase) GetTokensWithoutError(ctx context.Context, userID string, platformID int) (map[string]int, error) {`
feat: use robot to migrate code 2023-06-30 09:45:02 +08:00			`return a.cache.GetTokensWithoutError(ctx, userID, platformID)`
			`}`

refactor: 3.7.0 code conventions. (#2148 ) 2024-04-19 22:23:08 +08:00			`func (a *authDatabase) SetTokenMapByUidPid(ctx context.Context, userID string, platformID int, m map[string]int) error {`
			`return a.cache.SetTokenMapByUidPid(ctx, userID, platformID, m)`
			`}`

feat: Add More Multi Login Policy (#2770 ) 2024-10-24 15:02:44 +08:00			`func (a *authDatabase) BatchSetTokenMapByUidPid(ctx context.Context, tokens []string) error {`
fix: redis save error when KickTokens (#3002 ) 2024-12-25 18:07:25 +08:00			`setMap := make(map[string]map[string]any)`
feat: Add More Multi Login Policy (#2770 ) 2024-10-24 15:02:44 +08:00			`for _, token := range tokens {`
			`claims, err := tokenverify.GetClaimFromToken(token, authverify.Secret(a.accessSecret))`
			`if err != nil {`
			`continue`
fix: check error in BatchSetTokenMapByUidPid (#3076 ) 2025-01-22 14:38:27 +08:00			`}`
			`key := cachekey.GetTokenKey(claims.UserID, claims.PlatformID)`
			`if v, ok := setMap[key]; ok {`
			`v[token] = constant.KickedToken`
feat: Add More Multi Login Policy (#2770 ) 2024-10-24 15:02:44 +08:00			`} else {`
fix: check error in BatchSetTokenMapByUidPid (#3076 ) 2025-01-22 14:38:27 +08:00			`setMap[key] = map[string]any{`
			`token: constant.KickedToken,`
feat: Add More Multi Login Policy (#2770 ) 2024-10-24 15:02:44 +08:00			`}`
			`}`
			`}`
			`if err := a.cache.BatchSetTokenMapByUidPid(ctx, setMap); err != nil {`
			`return err`
			`}`
			`return nil`
			`}`

feat: Integrate Comprehensive E2E Testing for GoChat (#1906 ) 2024-03-04 12:12:14 +08:00			`// Create Token.`
feat: use robot to migrate code 2023-06-30 09:45:02 +08:00			`func (a *authDatabase) CreateToken(ctx context.Context, userID string, platformID int) (string, error) {`
fix: AdminToken save to redis && limit 1 for each userID (#3224 ) 2025-03-13 17:17:50 +08:00			`tokens, err := a.cache.GetAllTokensWithoutError(ctx, userID)`
			`if err != nil {`
			`return "", err`
			`}`
fix: admin token limit (#2871 ) 2024-11-22 12:25:28 +08:00
fix: AdminToken save to redis && limit 1 for each userID (#3224 ) 2025-03-13 17:17:50 +08:00			`deleteTokenKey, kickedTokenKey, err := a.checkToken(ctx, tokens, platformID)`
			`if err != nil {`
			`return "", err`
			`}`
			`if len(deleteTokenKey) != 0 {`
			`err = a.cache.DeleteTokenByUidPid(ctx, userID, platformID, deleteTokenKey)`
fix: admin token limit (#2871 ) 2024-11-22 12:25:28 +08:00			`if err != nil {`
			`return "", err`
			`}`
fix: AdminToken save to redis && limit 1 for each userID (#3224 ) 2025-03-13 17:17:50 +08:00			`}`
			`if len(kickedTokenKey) != 0 {`
			`for _, k := range kickedTokenKey {`
			`err := a.cache.SetTokenFlagEx(ctx, userID, platformID, k, constant.KickedToken)`
Fix token (#2653 ) 2024-09-25 11:05:48 +08:00			`if err != nil {`
			`return "", err`
			`}`
fix: AdminToken save to redis && limit 1 for each userID (#3224 ) 2025-03-13 17:17:50 +08:00			`log.ZDebug(ctx, "kicked token in create token", "token", k)`
Fix token (#2653 ) 2024-09-25 11:05:48 +08:00			`}`
			`}`
Fix lint errors in modified code (#1952 ) 2024-02-26 10:55:36 +08:00
feat: use robot to migrate code 2023-06-30 09:45:02 +08:00			`claims := tokenverify.BuildClaims(userID, platformID, a.accessExpire)`
			`token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)`
			`tokenString, err := token.SignedString([]byte(a.accessSecret))`
			`if err != nil {`
refactor: 3.7.0 code conventions. (#2148 ) 2024-04-19 22:23:08 +08:00			`return "", errs.WrapMsg(err, "token.SignedString")`
feat: use robot to migrate code 2023-06-30 09:45:02 +08:00			`}`
fix:create auth token can add expire time (#2352 ) 2024-06-24 16:11:19 +08:00
fix: AdminToken save to redis && limit 1 for each userID (#3224 ) 2025-03-13 17:17:50 +08:00			`if err = a.cache.SetTokenFlagEx(ctx, userID, platformID, tokenString, constant.NormalToken); err != nil {`
			`return "", err`
fix:create auth token can add expire time (#2352 ) 2024-06-24 16:11:19 +08:00			`}`
fix: admin token limit (#2871 ) 2024-11-22 12:25:28 +08:00
fix:create auth token can add expire time (#2352 ) 2024-06-24 16:11:19 +08:00			`return tokenString, nil`
feat: use robot to migrate code 2023-06-30 09:45:02 +08:00			`}`
Fix token (#2653 ) 2024-09-25 11:05:48 +08:00
feat: Add More Multi Login Policy (#2770 ) 2024-10-24 15:02:44 +08:00			`func (a *authDatabase) checkToken(ctx context.Context, tokens map[int]map[string]int, platformID int) ([]string, []string, error) {`
			`// todo: Move the logic for handling old data to another location.`
			`var (`
			`loginTokenMap = make(map[int][]string) // The length of the value of the map must be greater than 0`
			`deleteToken = make([]string, 0)`
			`kickToken = make([]string, 0)`
			`adminToken = make([]string, 0)`
			`unkickTerminal = ""`
			`)`

			`for plfID, tks := range tokens {`
			`for k, v := range tks {`
			`_, err := tokenverify.GetClaimFromToken(k, authverify.Secret(a.accessSecret))`
			`if err != nil \|\| v != constant.NormalToken {`
			`deleteToken = append(deleteToken, k)`
			`} else {`
			`if plfID != constant.AdminPlatformID {`
			`loginTokenMap[plfID] = append(loginTokenMap[plfID], k)`
			`} else {`
			`adminToken = append(adminToken, k)`
			`}`
			`}`
			`}`
			`}`

			`switch a.multiLogin.Policy {`
Fix token (#2653 ) 2024-09-25 11:05:48 +08:00			`case constant.DefalutNotKick:`
feat: Add More Multi Login Policy (#2770 ) 2024-10-24 15:02:44 +08:00			`for plt, ts := range loginTokenMap {`
			`l := len(ts)`
			`if platformID == plt {`
			`l++`
			`}`
			`limit := a.multiLogin.MaxNumOneEnd`
			`if l > limit {`
			`kickToken = append(kickToken, ts[:l-limit]...)`
			`}`
Fix token (#2653 ) 2024-09-25 11:05:48 +08:00			`}`
			`case constant.AllLoginButSameTermKick:`
feat: Add More Multi Login Policy (#2770 ) 2024-10-24 15:02:44 +08:00			`for plt, ts := range loginTokenMap {`
			`kickToken = append(kickToken, ts[:len(ts)-1]...)`
			`if plt == platformID {`
			`kickToken = append(kickToken, ts[len(ts)-1])`
			`}`
			`}`
			`case constant.PCAndOther:`
Update login policy (#2822 ) 2024-11-01 14:49:31 +08:00			`unkickTerminal = constant.TerminalPC`
feat: Add More Multi Login Policy (#2770 ) 2024-10-24 15:02:44 +08:00			`if constant.PlatformIDToClass(platformID) != unkickTerminal {`
			`for plt, ts := range loginTokenMap {`
			`if constant.PlatformIDToClass(plt) != unkickTerminal {`
			`kickToken = append(kickToken, ts...)`
			`}`
			`}`
			`} else {`
			`var (`
			`preKick []string`
			`isReserve = true`
			`)`
			`for plt, ts := range loginTokenMap {`
			`if constant.PlatformIDToClass(plt) != unkickTerminal {`
			`// Keep a token from another end`
			`if isReserve {`
			`isReserve = false`
			`kickToken = append(kickToken, ts[:len(ts)-1]...)`
			`preKick = append(preKick, ts[len(ts)-1])`
			`continue`
			`} else {`
			`// Prioritize keeping Android`
			`if plt == constant.AndroidPlatformID {`
			`kickToken = append(kickToken, preKick...)`
			`kickToken = append(kickToken, ts[:len(ts)-1]...)`
			`} else {`
			`kickToken = append(kickToken, ts...)`
			`}`
			`}`
			`}`
			`}`
			`}`
Update login policy (#2822 ) 2024-11-01 14:49:31 +08:00			`case constant.AllLoginButSameClassKick:`
feat: Add More Multi Login Policy (#2770 ) 2024-10-24 15:02:44 +08:00			`var (`
Update login policy (#2822 ) 2024-11-01 14:49:31 +08:00			`reserved = make(map[string]struct{})`
feat: Add More Multi Login Policy (#2770 ) 2024-10-24 15:02:44 +08:00			`)`

			`for plt, ts := range loginTokenMap {`
			`if constant.PlatformIDToClass(plt) == constant.PlatformIDToClass(platformID) {`
			`kickToken = append(kickToken, ts...)`
			`} else {`
Update login policy (#2822 ) 2024-11-01 14:49:31 +08:00			`if _, ok := reserved[constant.PlatformIDToClass(plt)]; !ok {`
			`reserved[constant.PlatformIDToClass(plt)] = struct{}{}`
feat: Add More Multi Login Policy (#2770 ) 2024-10-24 15:02:44 +08:00			`kickToken = append(kickToken, ts[:len(ts)-1]...)`
			`continue`
			`} else {`
			`kickToken = append(kickToken, ts...)`
			`}`
			`}`
			`}`
Fix token (#2653 ) 2024-09-25 11:05:48 +08:00			`default:`
feat: Add More Multi Login Policy (#2770 ) 2024-10-24 15:02:44 +08:00			`return nil, nil, errs.New("unknown multiLogin policy").Wrap()`
			`}`

fix: admin token limit (#2871 ) 2024-11-22 12:25:28 +08:00			`//var adminTokenMaxNum = a.multiLogin.MaxNumOneEnd`
			`//l := len(adminToken)`
			`//if platformID == constant.AdminPlatformID {`
			`// l++`
			`//}`
			`//if l > adminTokenMaxNum {`
			`// kickToken = append(kickToken, adminToken[:l-adminTokenMaxNum]...)`
			`//}`
fix: AdminToken save to redis && limit 1 for each userID (#3224 ) 2025-03-13 17:17:50 +08:00			`if platformID == constant.AdminPlatformID {`
			`kickToken = append(kickToken, adminToken...)`
			`}`
feat: Add More Multi Login Policy (#2770 ) 2024-10-24 15:02:44 +08:00			`return deleteToken, kickToken, nil`
Fix token (#2653 ) 2024-09-25 11:05:48 +08:00			`}`