package k8s_manager import ( "errors" "github.com/gin-gonic/gin" "github.com/golang-jwt/jwt/v4" "net/http" "strings" "time" ) type MyClaims struct { Username string `json:"username"` jwt.RegisteredClaims } var mySecret = []byte("ABCDEFGHIJKLMN") const TokenExpireDuration = time.Hour * 24 * 30 * 24 func GenerateToken(username string) (string, error) { c := MyClaims{ Username: username, RegisteredClaims: jwt.RegisteredClaims{ ExpiresAt: &jwt.NumericDate{Time: time.Now().Add(TokenExpireDuration)}, Issuer: "cg-k8s", }, } token := jwt.NewWithClaims(jwt.SigningMethodHS256, c) return token.SignedString(mySecret) } func ParseToken(tokenString string) (*MyClaims, error) { token, err := jwt.ParseWithClaims(tokenString, &MyClaims{}, func(token *jwt.Token) (i interface{}, err error) { return mySecret, nil }) if err != nil { return nil, err } if claims, ok := token.Claims.(*MyClaims); ok && token.Valid { // 校验token return claims, nil } return nil, errors.New("invalid token") } func JWTAuthMiddleware(c *gin.Context) { authHeader := c.Request.Header.Get("Authorization") if authHeader == "" { var err error authHeader, err = c.Cookie("Authorization") if err != nil { authHeader = "" } } if authHeader == "debug_special_key:83bsiablwtxv13" { c.Set("username", "cg_wmj") return } if authHeader == "" { c.JSON(http.StatusUnauthorized, gin.H{ "code": http.StatusUnauthorized, "msg": "No Authorized Token.", }) c.Abort() return } parts := strings.SplitN(authHeader, " ", 2) if !(len(parts) == 2 && parts[0] == "Bearer") { c.JSON(http.StatusUnauthorized, gin.H{ "code": http.StatusUnauthorized, "msg": "Wrong Authorization Format.", }) c.Abort() return } mc, err := ParseToken(parts[1]) if err != nil { c.JSON(http.StatusUnauthorized, gin.H{ "code": http.StatusUnauthorized, "msg": "Wrong Token.", }) c.Abort() return } c.Set("username", mc.Username) }