blackteay/open-im-server
1
0
Fork 0
mirror of https://github.com/openimsdk/open-im-server.git synced 2025-04-26 03:26:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update jwt token version (#27)

Browse Source 
* add sdk svr to docker script

* panic handle

* fix build from dockerfile on docker-compose

* Update deploy.Dockerfile

* log and scripts optimization

* ci: ignore files created by docker-compose (#19)

* feat: optimise get server ip (#20)

* feat: optimise get server ip

* feat: test ServerIP

* fix issue#15 (#18)

Co-authored-by: Gordon <46924906+FGadvancer@users.noreply.github.com>

* Modify bug for getting lastest seq

* Reduce the MongoDB version to adapt to a few machine (#22)

* Feature/optimise jwt token (#24)

* Pr branch (#25)

* fix update jwt-token version to avoid attackers to bypass intended access restrictions in situations with []string{} for m["aud"]

* del accountAddr

* Create codeql-analysis.yml

* del unuse filed

* fix update jwt-token version to avoid attackers to bypass intended access restrictions in situations with []string{} for m["aud"]

Co-authored-by: Gordon <1432970085@qq.com>
Co-authored-by: Yaxian <yaxian.gu@gmail.com>
Co-authored-by: Zzr <bhg889@163.com>
Co-authored-by: Gordon <46924906+FGadvancer@users.noreply.github.com>
Co-authored-by: brennanli <brennanli@tencent.com>
This commit is contained in:
Away 2021-10-25 11:08:10 +08:00 committed by GitHub
parent 8913ca161f
commit 65157ede23
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 19 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config/config.yaml
View File

@ -134,8 +134,8 @@ multiloginpolicy:
tokenpolicy: tokenpolicy:
accessSecret: "open_im_server" accessSecret: "open_im_server"
# Token effective time seconds as a unit # Token effective time seconds as a unit
#Seven days 7*24*60*60 #Seven days
accessExpire: 604800 accessExpire: 7
messagecallback: messagecallback:
callbackSwitch: false callbackSwitch: false

28
src/utils/jwt_token.go
View File

@ -19,24 +19,18 @@ var (
type Claims struct { type Claims struct {
UID string UID string
Platform string //login platform Platform string //login platform
jwt.StandardClaims jwt.RegisteredClaims
} }
func BuildClaims(uid, platform string, ttl int64) Claims { func BuildClaims(uid, platform string, ttl int64) Claims {
now := time.Now().Unix() now := time.Now()
//if ttl=-1 Permanent token
expiresAt := int64(-1)
if ttl != -1 {
expiresAt = now + ttl
}
return Claims{ return Claims{
UID: uid, UID: uid,
Platform: platform, Platform: platform,
StandardClaims: jwt.StandardClaims{ RegisteredClaims: jwt.RegisteredClaims{
ExpiresAt: expiresAt, //Expiration time ExpiresAt: jwt.NewNumericDate(now.Add(time.Duration(ttl*24) * time.Hour)), //Expiration time
IssuedAt: now, //Issuing time IssuedAt: jwt.NewNumericDate(now), //Issuing time
NotBefore: now, //Begin Effective time NotBefore: jwt.NewNumericDate(now), //Begin Effective time
}} }}
} }
@ -45,7 +39,7 @@ func CreateToken(userID string, platform int32) (string, int64, error) {
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims) token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
tokenString, err := token.SignedString([]byte(config.Config.TokenPolicy.AccessSecret)) tokenString, err := token.SignedString([]byte(config.Config.TokenPolicy.AccessSecret))
return tokenString, claims.ExpiresAt, err return tokenString, claims.ExpiresAt.Time.Unix(), err
} }
func secret() jwt.Keyfunc { func secret() jwt.Keyfunc {
@ -105,7 +99,7 @@ func ParseToken(tokensString string) (claims *Claims, err error) {
exists = existsInterface.(int64) exists = existsInterface.(int64)
if exists == 1 { if exists == 1 {
res, err := MakeTheTokenInvalid(*claims, platform) res, err := MakeTheTokenInvalid(claims, platform)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -118,7 +112,7 @@ func ParseToken(tokensString string) (claims *Claims, err error) {
// or PC/Mobile validate success // or PC/Mobile validate success
// final check // final check
if exists == 1 { if exists == 1 {
res, err := MakeTheTokenInvalid(*claims, Platform2class[claims.Platform]) res, err := MakeTheTokenInvalid(claims, Platform2class[claims.Platform])
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -129,7 +123,7 @@ func ParseToken(tokensString string) (claims *Claims, err error) {
return claims, nil return claims, nil
} }
func MakeTheTokenInvalid(currentClaims Claims, platformClass string) (bool, error) { func MakeTheTokenInvalid(currentClaims *Claims, platformClass string) (bool, error) {
storedRedisTokenInterface, err := db.DB.GetPlatformToken(currentClaims.UID, platformClass) storedRedisTokenInterface, err := db.DB.GetPlatformToken(currentClaims.UID, platformClass)
if err != nil { if err != nil {
return false, err return false, err
@ -139,7 +133,7 @@ func MakeTheTokenInvalid(currentClaims Claims, platformClass string) (bool, erro
return false, err return false, err
} }
//if issue time less than redis token then make this token invalid //if issue time less than redis token then make this token invalid
if currentClaims.IssuedAt < storedRedisPlatformClaims.IssuedAt { if currentClaims.IssuedAt.Time.Unix() < storedRedisPlatformClaims.IssuedAt.Time.Unix() {
return true, TokenInvalid return true, TokenInvalid
} }
return false, nil return false, nil

12
src/utils/jwt_token_test.go
View File

@ -17,18 +17,18 @@ func Test_BuildClaims(t *testing.T) {
assert.Equal(t, claim.UID, uid, "uid should equal") assert.Equal(t, claim.UID, uid, "uid should equal")
assert.Equal(t, claim.Platform, platform, "platform should equal") assert.Equal(t, claim.Platform, platform, "platform should equal")
assert.Equal(t, claim.StandardClaims.ExpiresAt, int64(-1), "StandardClaims.ExpiresAt should be equal") assert.Equal(t, claim.RegisteredClaims.ExpiresAt, int64(-1), "StandardClaims.ExpiresAt should be equal")
// time difference within 1s // time difference within 1s
assert.Equal(t, claim.StandardClaims.IssuedAt, now, "StandardClaims.IssuedAt should be equal") assert.Equal(t, claim.RegisteredClaims.IssuedAt, now, "StandardClaims.IssuedAt should be equal")
assert.Equal(t, claim.StandardClaims.NotBefore, now, "StandardClaims.NotBefore should be equal") assert.Equal(t, claim.RegisteredClaims.NotBefore, now, "StandardClaims.NotBefore should be equal")
ttl = int64(60) ttl = int64(60)
now = time.Now().Unix() now = time.Now().Unix()
claim = BuildClaims(uid, platform, ttl) claim = BuildClaims(uid, platform, ttl)
// time difference within 1s // time difference within 1s
assert.Equal(t, claim.StandardClaims.ExpiresAt, int64(60)+now, "StandardClaims.ExpiresAt should be equal") assert.Equal(t, claim.RegisteredClaims.ExpiresAt, int64(60)+now, "StandardClaims.ExpiresAt should be equal")
assert.Equal(t, claim.StandardClaims.IssuedAt, now, "StandardClaims.IssuedAt should be equal") assert.Equal(t, claim.RegisteredClaims.IssuedAt, now, "StandardClaims.IssuedAt should be equal")
assert.Equal(t, claim.StandardClaims.NotBefore, now, "StandardClaims.NotBefore should be equal") assert.Equal(t, claim.RegisteredClaims.NotBefore, now, "StandardClaims.NotBefore should be equal")
} }
func Test_CreateToken(t *testing.T) { func Test_CreateToken(t *testing.T) {