blackteay/open-im-server
1
0
Fork 0
mirror of https://github.com/openimsdk/open-im-server.git synced 2025-10-26 05:02:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: optimise jwt_token

Browse Source
This commit is contained in:
Yaxian 2021-10-22 15:00:08 +08:00
parent e23ac21587
commit cee73540c9
2 changed files with 108 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

137
src/utils/jwt_token.go
View File

@ -55,7 +55,7 @@ func secret() jwt.Keyfunc {
} }
} }
func ParseToken(tokensString string) (claims *Claims, err error) { func getClaimFromToken(tokensString string) (*Claims, error) {
token, err := jwt.ParseWithClaims(tokensString, &Claims{}, secret()) token, err := jwt.ParseWithClaims(tokensString, &Claims{}, secret())
if err != nil { if err != nil {
if ve, ok := err.(*jwt.ValidationError); ok { if ve, ok := err.(*jwt.ValidationError); ok {
@ -71,73 +71,63 @@ func ParseToken(tokensString string) (claims *Claims, err error) {
} }
} }
if claims, ok := token.Claims.(*Claims); ok && token.Valid { if claims, ok := token.Claims.(*Claims); ok && token.Valid {
// 1.check userid and platform class 0 not exists and 1 exists return claims, nil
existsInterface, err := db.DB.ExistsUserIDAndPlatform(claims.UID, Platform2class[claims.Platform]) }
return nil, err
}
func ParseToken(tokensString string) (claims *Claims, err error) {
claims, err = getClaimFromToken(tokensString)
if err != nil {
return nil, err
}
// 1.check userid and platform class 0 not exists and 1 exists
existsInterface, err := db.DB.ExistsUserIDAndPlatform(claims.UID, Platform2class[claims.Platform])
if err != nil {
return nil, err
}
exists := existsInterface.(int64)
//get config multi login policy
if config.Config.MultiLoginPolicy.OnlyOneTerminalAccess {
//OnlyOneTerminalAccess policy need to check all terminal
//When only one end is allowed to log in, there is a situation that needs to be paid attention to. After PC login,
//mobile login should check two platform times. One of them is less than the redis storage time, which is the invalid token.
platform := "PC"
if Platform2class[claims.Platform] == "PC" {
platform = "Mobile"
}
existsInterface, err = db.DB.ExistsUserIDAndPlatform(claims.UID, platform)
if err != nil { if err != nil {
return nil, err return nil, err
} }
exists := existsInterface.(int64)
//get config multi login policy
if config.Config.MultiLoginPolicy.OnlyOneTerminalAccess {
//OnlyOneTerminalAccess policy need to check all terminal
//When only one end is allowed to log in, there is a situation that needs to be paid attention to. After PC login,
//mobile login should check two platform times. One of them is less than the redis storage time, which is the invalid token.
if Platform2class[claims.Platform] == "PC" {
existsInterface, err = db.DB.ExistsUserIDAndPlatform(claims.UID, "Mobile")
if err != nil {
return nil, err
}
exists = existsInterface.(int64)
if exists == 1 {
res, err := MakeTheTokenInvalid(*claims, "Mobile")
if err != nil {
return nil, err
}
if res {
return nil, TokenInvalid
}
}
} else {
existsInterface, err = db.DB.ExistsUserIDAndPlatform(claims.UID, "PC")
if err != nil {
return nil, err
}
exists = existsInterface.(int64)
if exists == 1 {
res, err := MakeTheTokenInvalid(*claims, "PC")
if err != nil {
return nil, err
}
if res {
return nil, TokenInvalid
}
}
}
if exists == 1 { exists = existsInterface.(int64)
res, err := MakeTheTokenInvalid(*claims, Platform2class[claims.Platform]) if exists == 1 {
if err != nil { res, err := MakeTheTokenInvalid(*claims, platform)
return nil, err if err != nil {
} return nil, err
if res {
return nil, TokenInvalid
}
} }
if res {
} else if config.Config.MultiLoginPolicy.MobileAndPCTerminalAccessButOtherTerminalKickEachOther { return nil, TokenInvalid
if exists == 1 {
res, err := MakeTheTokenInvalid(*claims, Platform2class[claims.Platform])
if err != nil {
return nil, err
}
if res {
return nil, TokenInvalid
}
} }
} }
return claims, nil
} }
return nil, TokenUnknown // config.Config.MultiLoginPolicy.MobileAndPCTerminalAccessButOtherTerminalKickEachOther == true
// or PC/Mobile validate success
// final check
if exists == 1 {
res, err := MakeTheTokenInvalid(*claims, Platform2class[claims.Platform])
if err != nil {
return nil, err
}
if res {
return nil, TokenInvalid
}
}
return claims, nil
} }
func MakeTheTokenInvalid(currentClaims Claims, platformClass string) (bool, error) { func MakeTheTokenInvalid(currentClaims Claims, platformClass string) (bool, error) {
@ -155,35 +145,16 @@ func MakeTheTokenInvalid(currentClaims Claims, platformClass string) (bool, erro
} }
return false, nil return false, nil
} }
func ParseRedisInterfaceToken(redisToken interface{}) (*Claims, error) { func ParseRedisInterfaceToken(redisToken interface{}) (*Claims, error) {
token, err := jwt.ParseWithClaims(string(redisToken.([]uint8)), &Claims{}, secret()) return getClaimFromToken(string(redisToken.([]uint8)))
if err != nil {
if ve, ok := err.(*jwt.ValidationError); ok {
if ve.Errors&jwt.ValidationErrorMalformed != 0 {
return nil, TokenMalformed
} else if ve.Errors&jwt.ValidationErrorExpired != 0 {
return nil, TokenExpired
} else if ve.Errors&jwt.ValidationErrorNotValidYet != 0 {
return nil, TokenNotValidYet
} else {
return nil, TokenInvalid
}
}
}
if claims, ok := token.Claims.(*Claims); ok && token.Valid {
return claims, nil
}
return nil, err
} }
//Validation token, false means failure, true means successful verification //Validation token, false means failure, true means successful verification
func VerifyToken(token, uid string) bool { func VerifyToken(token, uid string) bool {
claims, err := ParseToken(token) claims, err := ParseToken(token)
if err != nil { if err != nil || claims.UID != uid {
return false return false
} else if claims.UID != uid {
return false
} else {
return true
} }
return true
} }

54
src/utils/jwt_token_test.go
View File

@ -1,6 +1,7 @@
package utils package utils
import ( import (
"Open_IM/src/common/config"
"testing" "testing"
"time" "time"
@ -30,3 +31,56 @@ func Test_BuildClaims(t *testing.T) {
assert.Equal(t, claim.StandardClaims.IssuedAt, now, "StandardClaims.IssuedAt should be equal") assert.Equal(t, claim.StandardClaims.IssuedAt, now, "StandardClaims.IssuedAt should be equal")
assert.Equal(t, claim.StandardClaims.NotBefore, now, "StandardClaims.NotBefore should be equal") assert.Equal(t, claim.StandardClaims.NotBefore, now, "StandardClaims.NotBefore should be equal")
} }
func Test_CreateToken(t *testing.T) {
uid := "1"
accountAddr := "accountAddr"
platform := int32(1)
now := time.Now().Unix()
tokenString, expiresAt, err := CreateToken(uid, accountAddr, platform)
assert.NotEmpty(t, tokenString)
assert.Equal(t, expiresAt, 604800+now)
assert.Nil(t, err)
}
func Test_VerifyToken(t *testing.T) {
uid := "1"
accountAddr := "accountAddr"
platform := int32(1)
tokenString, _, _ := CreateToken(uid, accountAddr, platform)
result := VerifyToken(tokenString, uid)
assert.True(t, result)
result = VerifyToken(tokenString, "2")
assert.False(t, result)
}
func Test_ParseRedisInterfaceToken(t *testing.T) {
uid := "1"
accountAddr := "accountAddr"
platform := int32(1)
tokenString, _, _ := CreateToken(uid, accountAddr, platform)
claims, err := ParseRedisInterfaceToken([]uint8(tokenString))
assert.Nil(t, err)
assert.Equal(t, claims.UID, uid)
// timeout
config.Config.TokenPolicy.AccessExpire = -80
tokenString, _, _ = CreateToken(uid, accountAddr, platform)
claims, err = ParseRedisInterfaceToken([]uint8(tokenString))
assert.Equal(t, err, TokenExpired)
assert.Nil(t, claims)
}
func Test_ParseToken(t *testing.T) {
uid := "1"
accountAddr := "accountAddr"
platform := int32(1)
tokenString, _, _ := CreateToken(uid, accountAddr, platform)
claims, err := ParseToken(tokenString)
if err == nil {
assert.Equal(t, claims.UID, uid)
}
}