pkg/common/tokenverify/jwt_token.go

package tokenverify

import (
	"Open_IM/pkg/common/config"
	"Open_IM/pkg/common/constant"
	"Open_IM/pkg/common/tracelog"
	"Open_IM/pkg/utils"
	"context"
	"github.com/golang-jwt/jwt/v4"
	"time"
)

type Claims struct {
	UID      string
	Platform string //login platform
	jwt.RegisteredClaims
}

func BuildClaims(uid, platform string, ttl int64) Claims {
	now := time.Now()
	before := now.Add(-time.Minute * 5)
	return Claims{
		UID:      uid,
		Platform: platform,
		RegisteredClaims: jwt.RegisteredClaims{
			ExpiresAt: jwt.NewNumericDate(now.Add(time.Duration(ttl*24) * time.Hour)), //Expiration time
			IssuedAt:  jwt.NewNumericDate(now),                                        //Issuing time
			NotBefore: jwt.NewNumericDate(before),                                     //Begin Effective time
		}}
}

func secret() jwt.Keyfunc {
	return func(token *jwt.Token) (interface{}, error) {
		return []byte(config.Config.TokenPolicy.AccessSecret), nil
	}
}

func GetClaimFromToken(tokensString string) (*Claims, error) {
	token, err := jwt.ParseWithClaims(tokensString, &Claims{}, secret())
	if err != nil {
		if ve, ok := err.(*jwt.ValidationError); ok {
			if ve.Errors&jwt.ValidationErrorMalformed != 0 {
				return nil, utils.Wrap(constant.ErrTokenMalformed, "")
			} else if ve.Errors&jwt.ValidationErrorExpired != 0 {
				return nil, utils.Wrap(constant.ErrTokenExpired, "")
			} else if ve.Errors&jwt.ValidationErrorNotValidYet != 0 {
				return nil, utils.Wrap(constant.ErrTokenNotValidYet, "")
			} else {
				return nil, utils.Wrap(constant.ErrTokenUnknown, "")
			}
		} else {
			return nil, utils.Wrap(constant.ErrTokenUnknown, "")
		}
	} else {
		if claims, ok := token.Claims.(*Claims); ok && token.Valid {
			return claims, nil
		}
		return nil, utils.Wrap(constant.ErrTokenUnknown, "")
	}
}

func CheckAccessV3(ctx context.Context, ownerUserID string) (err error) {
	opUserID := tracelog.GetOpUserID(ctx)
	defer func() {
		tracelog.SetCtxInfo(ctx, utils.GetFuncName(1), err, "OpUserID", opUserID, "ownerUserID", ownerUserID)
	}()
	if utils.IsContain(opUserID, config.Config.Manager.AppManagerUid) {
		return nil
	}
	if opUserID == ownerUserID {
		return nil
	}
	return constant.ErrIdentity.Wrap(utils.GetSelfFuncName())
}

func IsAppManagerUid(ctx context.Context) bool {
	return utils.IsContain(tracelog.GetOpUserID(ctx), config.Config.Manager.AppManagerUid)
}

func CheckAdmin(ctx context.Context) error {
	if utils.IsContain(tracelog.GetOpUserID(ctx), config.Config.Manager.AppManagerUid) {
		return nil
	}
	return constant.ErrIdentity.Wrap()
}

func ParseRedisInterfaceToken(redisToken interface{}) (*Claims, error) {
	return GetClaimFromToken(string(redisToken.([]uint8)))
}
func IsManagerUserID(opUserID string) bool {
	return utils.IsContain(opUserID, config.Config.Manager.AppManagerUid)
}
errcode 2023-02-09 14:40:49 +08:00			`package tokenverify`
multi terminal kick eachOther 2021-11-25 14:12:52 +08:00
			`import (`
			`"Open_IM/pkg/common/config"`
			`"Open_IM/pkg/common/constant"`
errcode 2023-01-30 11:14:18 +08:00			`"Open_IM/pkg/common/tracelog"`
notification 2021-12-23 17:22:49 +08:00			`"Open_IM/pkg/utils"`
errCode 2023-01-04 17:21:33 +08:00			`"context"`
jwt import update 2022-09-21 09:13:58 +08:00			`"github.com/golang-jwt/jwt/v4"`
Error code standardization 2023-01-31 20:33:33 +08:00			`"time"`
multi terminal kick eachOther 2021-11-25 14:12:52 +08:00			`)`

			`type Claims struct {`
			`UID string`
			`Platform string //login platform`
			`jwt.RegisteredClaims`
			`}`

			`func BuildClaims(uid, platform string, ttl int64) Claims {`
			`now := time.Now()`
Set the token activity time to five minutes ago 2022-08-15 15:40:36 +08:00			`before := now.Add(-time.Minute * 5)`
multi terminal kick eachOther 2021-11-25 14:12:52 +08:00			`return Claims{`
			`UID: uid,`
			`Platform: platform,`
			`RegisteredClaims: jwt.RegisteredClaims{`
			`ExpiresAt: jwt.NewNumericDate(now.Add(time.Duration(ttl24) time.Hour)), //Expiration time`
			`IssuedAt: jwt.NewNumericDate(now), //Issuing time`
Set the token activity time to five minutes ago 2022-08-15 15:40:36 +08:00			`NotBefore: jwt.NewNumericDate(before), //Begin Effective time`
multi terminal kick eachOther 2021-11-25 14:12:52 +08:00			`}}`
			`}`

			`func secret() jwt.Keyfunc {`
			`return func(token *jwt.Token) (interface{}, error) {`
			`return []byte(config.Config.TokenPolicy.AccessSecret), nil`
			`}`
			`}`

token modify 2021-11-30 15:37:51 +08:00			`func GetClaimFromToken(tokensString string) (*Claims, error) {`
multi terminal kick eachOther 2021-11-25 14:12:52 +08:00			`token, err := jwt.ParseWithClaims(tokensString, &Claims{}, secret())`
			`if err != nil {`
			`if ve, ok := err.(*jwt.ValidationError); ok {`
			`if ve.Errors&jwt.ValidationErrorMalformed != 0 {`
1 2023-01-12 16:47:28 +08:00			`return nil, utils.Wrap(constant.ErrTokenMalformed, "")`
multi terminal kick eachOther 2021-11-25 14:12:52 +08:00			`} else if ve.Errors&jwt.ValidationErrorExpired != 0 {`
1 2023-01-12 16:47:28 +08:00			`return nil, utils.Wrap(constant.ErrTokenExpired, "")`
multi terminal kick eachOther 2021-11-25 14:12:52 +08:00			`} else if ve.Errors&jwt.ValidationErrorNotValidYet != 0 {`
1 2023-01-12 16:47:28 +08:00			`return nil, utils.Wrap(constant.ErrTokenNotValidYet, "")`
multi terminal kick eachOther 2021-11-25 14:12:52 +08:00			`} else {`
1 2023-01-12 16:47:28 +08:00			`return nil, utils.Wrap(constant.ErrTokenUnknown, "")`
multi terminal kick eachOther 2021-11-25 14:12:52 +08:00			`}`
			`} else {`
1 2023-01-12 16:47:28 +08:00			`return nil, utils.Wrap(constant.ErrTokenUnknown, "")`
multi terminal kick eachOther 2021-11-25 14:12:52 +08:00			`}`
			`} else {`
			`if claims, ok := token.Claims.(*Claims); ok && token.Valid {`
			`return claims, nil`
			`}`
1 2023-01-12 16:47:28 +08:00			`return nil, utils.Wrap(constant.ErrTokenUnknown, "")`
multi terminal kick eachOther 2021-11-25 14:12:52 +08:00			`}`
			`}`

1 2023-01-29 15:23:14 +08:00			`func CheckAccessV3(ctx context.Context, ownerUserID string) (err error) {`
Error code standardization 2023-01-31 20:33:33 +08:00			`opUserID := tracelog.GetOpUserID(ctx)`
1 2023-01-12 17:52:14 +08:00			`defer func() {`
errcode 2023-01-30 11:10:26 +08:00			`tracelog.SetCtxInfo(ctx, utils.GetFuncName(1), err, "OpUserID", opUserID, "ownerUserID", ownerUserID)`
1 2023-01-12 17:52:14 +08:00			`}()`
			`if utils.IsContain(opUserID, config.Config.Manager.AppManagerUid) {`
			`return nil`
			`}`
1 2023-01-29 15:23:14 +08:00			`if opUserID == ownerUserID {`
CreateGroup rpc 2023-01-06 11:49:11 +08:00			`return nil`
			`}`
1 2023-01-12 18:03:07 +08:00			`return constant.ErrIdentity.Wrap(utils.GetSelfFuncName())`
CreateGroup rpc 2023-01-06 11:49:11 +08:00			`}`

1 2023-02-01 17:22:42 +08:00			`func IsAppManagerUid(ctx context.Context) bool {`
			`return utils.IsContain(tracelog.GetOpUserID(ctx), config.Config.Manager.AppManagerUid)`
			`}`

1 2023-01-17 17:43:30 +08:00			`func CheckAdmin(ctx context.Context) error {`
Error code standardization 2023-01-31 20:33:33 +08:00			`if utils.IsContain(tracelog.GetOpUserID(ctx), config.Config.Manager.AppManagerUid) {`
1 2023-01-17 17:43:30 +08:00			`return nil`
			`}`
			`return constant.ErrIdentity.Wrap()`
			`}`

multi terminal kick eachOther 2021-11-25 14:12:52 +08:00			`func ParseRedisInterfaceToken(redisToken interface{}) (*Claims, error) {`
token modify 2021-11-30 15:37:51 +08:00			`return GetClaimFromToken(string(redisToken.([]uint8)))`
multi terminal kick eachOther 2021-11-25 14:12:52 +08:00			`}`
Error code standardization 2023-02-13 21:36:08 +08:00			`func IsManagerUserID(opUserID string) bool {`
			`return utils.IsContain(opUserID, config.Config.Manager.AppManagerUid)`
			`}`