feat: optimise jwt_token

2025-10-25 12:42:12 +08:00 · 2021-10-22 15:00:08 +08:00 · 2021-10-22 15:00:08 +08:00 · cee73540c9
commit cee73540c9
parent e23ac21587
2 changed files with 108 additions and 83 deletions
--- a/src/utils/jwt_token.go
+++ b/src/utils/jwt_token.go
@ -55,7 +55,7 @@ func secret() jwt.Keyfunc {
 	}
 }

-func ParseToken(tokensString string) (claims *Claims, err error) {
+func getClaimFromToken(tokensString string) (*Claims, error) {
 	token, err := jwt.ParseWithClaims(tokensString, &Claims{}, secret())
 	if err != nil {
 		if ve, ok := err.(*jwt.ValidationError); ok {
@ -71,73 +71,63 @@ func ParseToken(tokensString string) (claims *Claims, err error) {
 		}
 	}
 	if claims, ok := token.Claims.(*Claims); ok && token.Valid {
-		//	1.check userid and platform class   0 not exists and  1 exists
-		existsInterface, err := db.DB.ExistsUserIDAndPlatform(claims.UID, Platform2class[claims.Platform])
+		return claims, nil
+	}
+	return nil, err
+}
+
+func ParseToken(tokensString string) (claims *Claims, err error) {
+	claims, err = getClaimFromToken(tokensString)
+
+	if err != nil {
+		return nil, err
+	}
+
+	//	1.check userid and platform class   0 not exists and  1 exists
+	existsInterface, err := db.DB.ExistsUserIDAndPlatform(claims.UID, Platform2class[claims.Platform])
+	if err != nil {
+		return nil, err
+	}
+	exists := existsInterface.(int64)
+	//get config multi login policy
+	if config.Config.MultiLoginPolicy.OnlyOneTerminalAccess {
+		//OnlyOneTerminalAccess policy need to check all terminal
+		//When only one end is allowed to log in, there is a situation that needs to be paid attention to. After PC login,
+		//mobile login should check two platform times. One of them is less than the redis storage time, which is the invalid token.
+		platform := "PC"
+		if Platform2class[claims.Platform] == "PC" {
+			platform = "Mobile"
+		}
+
+		existsInterface, err = db.DB.ExistsUserIDAndPlatform(claims.UID, platform)
 		if err != nil {
 			return nil, err
 		}
-		exists := existsInterface.(int64)
-		//get config multi login policy
-		if config.Config.MultiLoginPolicy.OnlyOneTerminalAccess {
-			//OnlyOneTerminalAccess policy need to check all terminal
-			//When only one end is allowed to log in, there is a situation that needs to be paid attention to. After PC login,
-			//mobile login should check two platform times. One of them is less than the redis storage time, which is the invalid token.
-			if Platform2class[claims.Platform] == "PC" {
-				existsInterface, err = db.DB.ExistsUserIDAndPlatform(claims.UID, "Mobile")
-				if err != nil {
-					return nil, err
-				}
-				exists = existsInterface.(int64)
-				if exists == 1 {
-					res, err := MakeTheTokenInvalid(*claims, "Mobile")
-					if err != nil {
-						return nil, err
-					}
-					if res {
-						return nil, TokenInvalid
-					}
-				}
-			} else {
-				existsInterface, err = db.DB.ExistsUserIDAndPlatform(claims.UID, "PC")
-				if err != nil {
-					return nil, err
-				}
-				exists = existsInterface.(int64)
-				if exists == 1 {
-					res, err := MakeTheTokenInvalid(*claims, "PC")
-					if err != nil {
-						return nil, err
-					}
-					if res {
-						return nil, TokenInvalid
-					}
-				}
-			}

-			if exists == 1 {
-				res, err := MakeTheTokenInvalid(*claims, Platform2class[claims.Platform])
-				if err != nil {
-					return nil, err
-				}
-				if res {
-					return nil, TokenInvalid
-				}
+		exists = existsInterface.(int64)
+		if exists == 1 {
+			res, err := MakeTheTokenInvalid(*claims, platform)
+			if err != nil {
+				return nil, err
 			}
-
-		} else if config.Config.MultiLoginPolicy.MobileAndPCTerminalAccessButOtherTerminalKickEachOther {
-			if exists == 1 {
-				res, err := MakeTheTokenInvalid(*claims, Platform2class[claims.Platform])
-				if err != nil {
-					return nil, err
-				}
-				if res {
-					return nil, TokenInvalid
-				}
+			if res {
+				return nil, TokenInvalid
 			}
 		}
-		return claims, nil
 	}
-	return nil, TokenUnknown
+	// config.Config.MultiLoginPolicy.MobileAndPCTerminalAccessButOtherTerminalKickEachOther == true
+	// or  PC/Mobile validate success
+	// final check
+	if exists == 1 {
+		res, err := MakeTheTokenInvalid(*claims, Platform2class[claims.Platform])
+		if err != nil {
+			return nil, err
+		}
+		if res {
+			return nil, TokenInvalid
+		}
+	}
+	return claims, nil
 }

 func MakeTheTokenInvalid(currentClaims Claims, platformClass string) (bool, error) {
@ -155,35 +145,16 @@ func MakeTheTokenInvalid(currentClaims Claims, platformClass string) (bool, erro
 	}
 	return false, nil
 }
+
 func ParseRedisInterfaceToken(redisToken interface{}) (*Claims, error) {
-	token, err := jwt.ParseWithClaims(string(redisToken.([]uint8)), &Claims{}, secret())
-	if err != nil {
-		if ve, ok := err.(*jwt.ValidationError); ok {
-			if ve.Errors&jwt.ValidationErrorMalformed != 0 {
-				return nil, TokenMalformed
-			} else if ve.Errors&jwt.ValidationErrorExpired != 0 {
-				return nil, TokenExpired
-			} else if ve.Errors&jwt.ValidationErrorNotValidYet != 0 {
-				return nil, TokenNotValidYet
-			} else {
-				return nil, TokenInvalid
-			}
-		}
-	}
-	if claims, ok := token.Claims.(*Claims); ok && token.Valid {
-		return claims, nil
-	}
-	return nil, err
+	return getClaimFromToken(string(redisToken.([]uint8)))
 }

 //Validation token, false means failure, true means successful verification
 func VerifyToken(token, uid string) bool {
 	claims, err := ParseToken(token)
-	if err != nil {
+	if err != nil || claims.UID != uid {
 		return false
-	} else if claims.UID != uid {
-		return false
-	} else {
-		return true
 	}
+	return true
 }
--- a/src/utils/jwt_token_test.go
+++ b/src/utils/jwt_token_test.go
@ -1,6 +1,7 @@
 package utils

 import (
+	"Open_IM/src/common/config"
 	"testing"
 	"time"

@ -30,3 +31,56 @@ func Test_BuildClaims(t *testing.T) {
 	assert.Equal(t, claim.StandardClaims.IssuedAt, now, "StandardClaims.IssuedAt should be equal")
 	assert.Equal(t, claim.StandardClaims.NotBefore, now, "StandardClaims.NotBefore should be equal")
 }
+
+func Test_CreateToken(t *testing.T) {
+	uid := "1"
+	accountAddr := "accountAddr"
+	platform := int32(1)
+	now := time.Now().Unix()
+
+	tokenString, expiresAt, err := CreateToken(uid, accountAddr, platform)
+
+	assert.NotEmpty(t, tokenString)
+	assert.Equal(t, expiresAt, 604800+now)
+	assert.Nil(t, err)
+}
+
+func Test_VerifyToken(t *testing.T) {
+	uid := "1"
+	accountAddr := "accountAddr"
+	platform := int32(1)
+	tokenString, _, _ := CreateToken(uid, accountAddr, platform)
+	result := VerifyToken(tokenString, uid)
+	assert.True(t, result)
+	result = VerifyToken(tokenString, "2")
+	assert.False(t, result)
+}
+
+func Test_ParseRedisInterfaceToken(t *testing.T) {
+	uid := "1"
+	accountAddr := "accountAddr"
+	platform := int32(1)
+	tokenString, _, _ := CreateToken(uid, accountAddr, platform)
+
+	claims, err := ParseRedisInterfaceToken([]uint8(tokenString))
+	assert.Nil(t, err)
+	assert.Equal(t, claims.UID, uid)
+
+	// timeout
+	config.Config.TokenPolicy.AccessExpire = -80
+	tokenString, _, _ = CreateToken(uid, accountAddr, platform)
+	claims, err = ParseRedisInterfaceToken([]uint8(tokenString))
+	assert.Equal(t, err, TokenExpired)
+	assert.Nil(t, claims)
+}
+
+func Test_ParseToken(t *testing.T) {
+	uid := "1"
+	accountAddr := "accountAddr"
+	platform := int32(1)
+	tokenString, _, _ := CreateToken(uid, accountAddr, platform)
+	claims, err := ParseToken(tokenString)
+	if err == nil {
+		assert.Equal(t, claims.UID, uid)
+	}
+}