refactor: auth (#7)

* refactor: dao
TensoRaws · Jul 14, 2024 · e259499 · e259499
1 parent 500306f
commit e259499
Show file tree

Hide file tree

Showing 14 changed files with 96 additions and 106 deletions.
diff --git a/.gitignore b/.gitignore
@@ -118,4 +118,3 @@ $RECYCLE.BIN/
 
 # Air
 tmp
-conf/nuxbt.yml
diff --git a/README.md b/README.md
@@ -1 +1,27 @@
 # NuxBT-Backend
+
+### Dev
+
+lint
+
+```shell
+make lint
+```
+
+test
+
+```shell
+make test
+```
+
+gorm gen
+
+```shell
+make gen
+```
+
+build
+
+```shell
+make build
+```
diff --git a/conf/nuxbt.yml b/conf/nuxbt.yml
@@ -17,22 +17,22 @@ log:
 
 db:
   type: mysql # mysql, postgres
-  host: 192.168.178.131
+  host: 127.0.0.1
   port: 5432
   username: root
   password: 123456
   database: nuxbt
   ssl: false
 
 redis:
-  host: 192.168.178.131
+  host: 127.0.0.1
   port: 6379
   password:
   poolSize: 1000
 
 oss:
   type: minio # minio, cos
-  endpoint: 192.168.178.131:9000
+  endpoint: 127.0.0.1:9000
   accessKey: ChYm7ufIwNAOzq6PQPCA
   secretKey: udicP52IwRbmo2hf6lFvjUS7NP5BhlAdsGNIuDE5
   region: local

diff --git a/internal/middleware/cache/ip_limiter.go b/internal/middleware/cache/ip_limiter.go
@@ -11,9 +11,10 @@ import (
 	redisLimiter "github.com/ulule/limiter/v3/drivers/store/redis"
 )
 
-func NewRateLimiter(redisClient *cache.Client, limit int, slidingWindow time.Duration) gin.HandlerFunc {
+// NewRateLimiter returns a new instance of a rate limiter middleware.
+func NewRateLimiter(redisClient *cache.Client, limit int, t time.Duration) gin.HandlerFunc {
 	rate := limiter.Rate{
-		Period: slidingWindow,
+		Period: t,
 		Limit:  int64(limit),
 	}
 	store, err := redisLimiter.NewStore(redisClient.C)

diff --git a/internal/middleware/cache/jwt_blacklist.go b/internal/middleware/cache/jwt_blacklist.go
diff --git a/internal/middleware/cache/response.go b/internal/middleware/cache/response.go
@@ -11,7 +11,7 @@ import (
 	"github.com/gin-gonic/gin"
 )
 
-// Response 缓存接口响应的中间件
+// Response 缓存接口响应的中间件，queryFilter 为需要去除的 query 参数，使用其他的来构建缓存 key
 func Response(redisClient *cache.Client, ttl time.Duration, queryFilter ...string) gin.HandlerFunc {
 	redisStore := persist.NewRedisStore(redisClient.C)
 

diff --git a/internal/middleware/jwt/auth.go b/internal/middleware/jwt/auth.go
@@ -1,27 +1,47 @@
 package jwt
 
 import (
+	"github.com/TensoRaws/NuxBT-Backend/module/cache"
+	"github.com/TensoRaws/NuxBT-Backend/module/log"
 	"github.com/TensoRaws/NuxBT-Backend/module/util"
 	"github.com/gin-gonic/gin"
 )
 
 // RequireAuth 鉴权中间件
 // 如果用户携带的 token 验证通过，将 user_id 存入上下文中然后执行下一个 Handler
-func RequireAuth() gin.HandlerFunc {
+func RequireAuth(redisClient *cache.Client, addBlacklist bool) gin.HandlerFunc {
 	return func(c *gin.Context) {
-		// 从输入的 url 中查询 token 值
-		token := c.Query("token")
-		// auth = [[header][claims][signature]]
-		// 解析 token
+		// 从请求头中获取 token
+		token := c.Request.Header.Get("Authorization")
+
+		log.Logger.Info("Get token successfully")
+
+		// 检查 Token 是否存在于 Redis 黑名单中
+		exists := redisClient.Exists(token).Val()
+		if exists > 0 {
+			log.Logger.Info("Token has been blacklisted")
+			util.AbortWithMsg(c, "Token has been blacklisted")
+			return
+		}
+		// 如果 Token 不在黑名单中，继续处理请求
 		claims, err := ParseToken(token)
 		if err != nil {
 			util.AbortWithMsg(c, "TOKEN IS INVALID, Please Log In")
 			return
 		}
-
 		userID := claims.ID
+		// 在上下文中存储 token 和 user_id
+		c.Set("token", token)
 		c.Set("user_id", userID)
 		// 放行
 		c.Next()
+
+		// 如果启用拉黑模式，处理请求拉黑 Token
+		if addBlacklist {
+			err := redisClient.Set(token, "", GetJWTTokenExpiredDuration()).Err()
+			if err != nil {
+				log.Logger.Error("Error adding token to blacklist: " + err.Error())
+			}
+		}
 	}
 }
diff --git a/internal/middleware/jwt/jwt.go b/internal/middleware/jwt/jwt.go
@@ -12,27 +12,14 @@ import (
 	"github.com/golang-jwt/jwt/v5"
 )
 
-var (
-	TokenExpiredDuration time.Duration
-	mySigningKey         []byte
-)
-
 // GetJWTTokenExpiredDuration 根据配置文件获取 jwt 的过期时间
 func GetJWTTokenExpiredDuration() time.Duration {
-	if TokenExpiredDuration != 0 {
-		return TokenExpiredDuration
-	}
-	TokenExpiredDuration = time.Minute * time.Duration(config.JwtConfig.Timeout)
-	return TokenExpiredDuration
+	return time.Minute * time.Duration(config.JwtConfig.Timeout)
 }
 
 // GetJWTSigningKey 根据配置文件获取 jwt 的签名密钥
 func GetJWTSigningKey() []byte {
-	if len(mySigningKey) != 0 {
-		return mySigningKey
-	}
-	mySigningKey = []byte(config.JwtConfig.Key)
-	return mySigningKey
+	return []byte(config.JwtConfig.Key)
 }
 
 // GenerateToken 生成 jwt(json web token)

diff --git a/internal/router/api/v1/api.go b/internal/router/api/v1/api.go
@@ -36,23 +36,18 @@ func NewAPI() *gin.Engine {
 			user.POST("login", user_service.Login)
 			// 用户登出
 			user.POST("logout",
-				middleware_cache.JWTBlacklist(cache.Clients[cache.JWTBlacklist], true), // 把 token 拉黑
-				jwt.RequireAuth(),
+				jwt.RequireAuth(cache.Clients[cache.JWTBlacklist], true), // 把 token 拉黑
 				user_service.Logout,
 			)
 			// 用户信息
 			user.GET("profile/me",
-				middleware_cache.JWTBlacklist(cache.Clients[cache.JWTBlacklist], false),
-				jwt.RequireAuth(),
-				middleware_cache.Response(cache.Clients[cache.RespCache], 1*time.Minute),
+				jwt.RequireAuth(cache.Clients[cache.JWTBlacklist], false),
 				user_service.ProfileMe,
 			)
-			//修改密码
+			// 修改密码
 			user.POST("password/reset",
-				middleware_cache.JWTBlacklist(cache.Clients[cache.JWTBlacklist], true), // 把 token 拉黑
-				jwt.RequireAuth(),
-				middleware_cache.Response(cache.Clients[cache.RespCache], 1*time.Minute),
-				user_service.ReSetPass)
+				jwt.RequireAuth(cache.Clients[cache.JWTBlacklist], true), // 把 token 拉黑
+				user_service.ResetPassword)
 		}
 	}
 

diff --git a/internal/service/user/dao.go → internal/service/common/dao/user.go b/internal/service/user/dao.go → internal/service/common/dao/user.go
@@ -1,4 +1,4 @@
-package user
+package dao
 
 import (
 	"github.com/TensoRaws/NuxBT-Backend/dal/model"
@@ -13,14 +13,17 @@ func CreateUser(user *model.User) (err error) {
 	return err
 }
 
-// 修改用户密码
-func SetUserPass(user *model.User, newpass string) (err error) {
+// SetUserPassword 修改用户密码
+func SetUserPassword(user *model.User, newpass string) (err error) {
 	u := query.User
 	password, err := bcrypt.GenerateFromPassword([]byte(newpass), bcrypt.DefaultCost)
 	if err != nil {
 		return err
 	}
-	u.Where(u.UserID.Eq(user.UserID)).Update(u.Password, string(password))
+	_, err = u.Where(u.UserID.Eq(user.UserID)).Update(u.Password, string(password))
+	if err != nil {
+		return err
+	}
 	return err
 }
 

diff --git a/internal/service/user/login.go b/internal/service/user/login.go
@@ -2,6 +2,7 @@ package user
 
 import (
 	"github.com/TensoRaws/NuxBT-Backend/internal/middleware/jwt"
+	"github.com/TensoRaws/NuxBT-Backend/internal/service/common/dao"
 	"github.com/TensoRaws/NuxBT-Backend/module/util"
 	"github.com/gin-gonic/gin"
 	"golang.org/x/crypto/bcrypt"
@@ -25,7 +26,7 @@ func Login(c *gin.Context) {
 	}
 
 	// GORM 查询
-	user, err := GetUserByEmail(req.Email)
+	user, err := dao.GetUserByEmail(req.Email)
 	if err != nil {
 		util.AbortWithMsg(c, "User not found")
 		return

diff --git a/internal/service/user/profile.go b/internal/service/user/profile.go
@@ -3,6 +3,7 @@ package user
 import (
 	"strconv"
 
+	"github.com/TensoRaws/NuxBT-Backend/internal/service/common/dao"
 	"github.com/TensoRaws/NuxBT-Backend/module/log"
 	"github.com/TensoRaws/NuxBT-Backend/module/util"
 	"github.com/gin-gonic/gin"
@@ -31,13 +32,13 @@ func ProfileMe(c *gin.Context) {
 		return
 	}
 
-	user, err := GetUserByID(int32(userID))
+	user, err := dao.GetUserByID(int32(userID))
 	if err != nil {
 		util.AbortWithMsg(c, "User not found")
 		return
 	}
 
-	roles, err := GetUserRolesByID(int32(userID))
+	roles, err := dao.GetUserRolesByID(int32(userID))
 	if err != nil {
 		log.Logger.Info("Failed to get user roles: " + err.Error())
 		roles = []string{}

diff --git a/internal/service/user/register.go b/internal/service/user/register.go
@@ -5,14 +5,16 @@ import (
 	"time"
 
 	"github.com/TensoRaws/NuxBT-Backend/dal/model"
+	"github.com/TensoRaws/NuxBT-Backend/internal/service/common/dao"
 	"github.com/TensoRaws/NuxBT-Backend/module/config"
 	"github.com/TensoRaws/NuxBT-Backend/module/log"
 	"github.com/TensoRaws/NuxBT-Backend/module/util"
 	"github.com/gin-gonic/gin"
 	"golang.org/x/crypto/bcrypt"
 )
 
-// RegisterRequest Query binding 需要打 form 标签
+// RegisterRequest
+// Query binding 需要打 form 标签，Body json binding 需要打 json 标签
 type RegisterRequest struct {
 	Username       string  `json:"username" binding:"required"`
 	Password       string  `json:"password" binding:"required"`
@@ -45,7 +47,7 @@ func Register(c *gin.Context) {
 		// do something
 		// 未实现
 		// OOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO
-		log.Logger.Info("invitation code: ", *req.InvitationCode)
+		log.Logger.Info("invitation code: " + *req.InvitationCode)
 	}
 	password, err := bcrypt.GenerateFromPassword([]byte(req.Password), bcrypt.DefaultCost)
 	if err != nil {
@@ -54,7 +56,7 @@ func Register(c *gin.Context) {
 		return
 	}
 	// 注册
-	err = CreateUser(&model.User{
+	err = dao.CreateUser(&model.User{
 		Username:   req.Username,
 		Email:      req.Email,
 		Password:   string(password),
@@ -66,7 +68,7 @@ func Register(c *gin.Context) {
 		return
 	}
 
-	user, err := GetUserByEmail(req.Email)
+	user, err := dao.GetUserByEmail(req.Email)
 	if err != nil {
 		util.AbortWithMsg(c, "failed to get user by email")
 		log.Logger.Error("failed to get user by email: " + err.Error())
Original file line number	Diff line number	Diff line change
Expand Up		@@ -118,4 +118,3 @@ $RECYCLE.BIN/

		# Air
		tmp
		conf/nuxbt.yml