One 、 Basic introduction

Json web token (JWT), Is a kind of implementation based on the JSON Open standards for （(RFC7519). The token Designed to be compact and safe , Especially for single sign in of distributed sites （SSO） scene .JWT The declaration of is generally used to pass the authenticated user identity information between the identity provider and the service provider , To get resources from the resource server , You can also add some additional declaration information that other business logic requires , The token It can also be used directly for authentication , It can also be encrypted .

Two 、 download

go get -v "github.com/dgrijalva/jwt-go"

3、 ... and 、 Use

1、 Set relevant variables and structures

type JwtClaims struct {
     //token  Add user information , verification token User information may be used later 
	jwt.StandardClaims
	UserID   int    `json:"user_id"`
	UserName string `json:"user_name"`
	Password string `json:"password"`
}

var (
	Secret     = "YuFen" // Add salt ： Signature key 
	ExpireTime = 20      //token Effective time  20s
)

2、 Create a method generation token

func GetToken(claims *JwtClaims) (string, error) {
    
	token := jwt.NewWithClaims(jwt.SigningMethodES256, claims) // Follow the specified signature method , and claims To encrypt 
	signedString, err := token.SignedString([]byte(Secret))    // Generated token Use key signature Secret To encrypt 
	if err != nil {
    
		return "", err
	}
	return signedString, nil
}

3 、 stay login（） Get build token Information needed

func UserLogin(c *gin.Context) {
    
	var user model.User
	user.Name = c.PostForm("Name")
	user.Password = c.PostForm("Password")
	err := model.UserLogin(user)
	if err != nil {
    
		c.JSON(http.StatusBadRequest, gin.H{
    
			"msg": " Login failed ",
			//"data":Users,
			//401 （ unauthorized ）  Request for authentication .  For pages that need to log in , The server may return this response .
		})
	} else {
    
		C, _ = model.GetUser(user.Name)
		claims := &utils.JwtClaims{
    
			UserID:   C.Id,
			UserName: C.Name,
			Password: C.Password,
		}
		claims.IssuedAt = time.Now().Unix()
		claims.ExpiresAt = time.Now().Add(time.Second * time.Duration(utils.ExpireTime)).Unix()
		s, err := utils.GetToken(claims)
		if err != nil {
    
			c.String(http.StatusNotFound, err.Error())
			return
		}
		c.JSON(http.StatusOK, gin.H{
    
			"msg": " Login successful ",
			"jwt": s,
		})
	}
}

4、 Pair generated token To decrypt

func verifyAction(strToken string) (*JWTClaims, error) {
    
	token, err := jwt.ParseWithClaims(strToken, &JWTClaims{
    }, func(token *jwt.Token) (interface{
    }, error) {
    
		return []byte(Secret), nil // This function is carried by the front end Token Perform relevant decryption , Get the before encryption token data 
	})
	if err != nil {
    
		return nil, errors.New(ErrorReason_ReLogin)
	}
	claims, ok := token.Claims.(*JWTClaims) //  According to the decrypted token obtain claims Statement information 
	if !ok {
    
		return nil, errors.New(ErrorReason_ReLogin)
	}
	if err := token.Claims.Valid(); err != nil {
    
		return nil, errors.New(ErrorReason_ReLogin)
	}
	return claims, nil

verifyAction（） There is also a core that is token.Claims.Valid() （ This function is to verify token Is it invalid ）

The principle of failure ： It's simple , That is in login Obtained when logging in token We have set the expiration time , It's on it 10 second . Then when the function is executed , It will automatically determine whether the current time and expiration time are overdue , Not overdue , It means normal use , Otherwise, an error will be reported and returned , Finally, execute the error response errors.New(ErrorReason_ReLogin)

5、 to update token

func refresh(c *gin.Context) {
    
	strToken := c.Query("token")
	claims, err := verifyAction(strToken)
 
	if err != nil {
    
		c.String(http.StatusNotFound, err.Error())
		return
	}
	claims.ExpiresAt = time.Now().Unix() + (claims.ExpiresAt - claims.IssuedAt) //  Expiration time 
	signedToken, err := getToken(claims)
	if err != nil {
    
		c.String(http.StatusNotFound, err.Error())
		return
	}
	c.String(http.StatusOK, signedToken)
}