clz/billai
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
billai/server/handler/auth.go
CHE LIANG ZHAO 3b7c1cd82b chore(release): v1.0.7 
- README/CHANGELOG: add v1.0.7 entry\n- Server: JWT expiry validated server-side (401 codes)\n- Web: logout/redirect on 401; proxy forwards Authorization\n- Server: bill service uses repository consistently
2026-01-16 11:15:05 +08:00

189 lines
4.0 KiB
Go
Raw Permalink Blame History

package handler
import (
"crypto/sha256"
"encoding/hex"
"errors"
"net/http"
"time"
"billai-server/config"
"github.com/gin-gonic/gin"
"github.com/golang-jwt/jwt/v5"
)
// LoginRequest 登录请求
type LoginRequest struct {
Username string `json:"username" binding:"required"`
Password string `json:"password" binding:"required"`
}
// LoginResponse 登录响应
type LoginResponse struct {
Token string `json:"token"`
User config.UserInfo `json:"user"`
}
// Claims JWT claims
type Claims struct {
Username string `json:"username"`
Name string `json:"name"`
Role string `json:"role"`
jwt.RegisteredClaims
}
// hashPassword 对密码进行 SHA-256 哈希
func hashPassword(password string) string {
hash := sha256.Sum256([]byte(password))
return hex.EncodeToString(hash[:])
}
// Login 用户登录
func Login(c *gin.Context) {
var req LoginRequest
if err := c.ShouldBindJSON(&req); err != nil {
c.JSON(http.StatusBadRequest, gin.H{
"success": false,
"error": "请输入用户名和密码",
})
return
}
// 查找用户
var foundUser *config.UserInfo
for _, user := range config.Global.Users {
if user.Username == req.Username {
foundUser = &user
break
}
}
if foundUser == nil {
c.JSON(http.StatusUnauthorized, gin.H{
"success": false,
"error": "用户名或密码错误",
})
return
}
// 验证密码(支持明文比较和哈希比较)
passwordMatch := foundUser.Password == req.Password ||
foundUser.Password == hashPassword(req.Password)
if !passwordMatch {
c.JSON(http.StatusUnauthorized, gin.H{
"success": false,
"error": "用户名或密码错误",
})
return
}
// 生成 JWT Token
expiry := config.Global.TokenExpiry
if expiry <= 0 {
expiry = 168 // 默认 7 天
}
claims := &Claims{
Username: foundUser.Username,
Name: foundUser.Name,
Role: foundUser.Role,
RegisteredClaims: jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Duration(expiry) * time.Hour)),
IssuedAt: jwt.NewNumericDate(time.Now()),
Subject: foundUser.Username,
},
}
secret := config.Global.JWTSecret
if secret == "" {
secret = "billai-default-secret"
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
tokenString, err := token.SignedString([]byte(secret))
if err != nil {
c.JSON(http.StatusInternalServerError, gin.H{
"success": false,
"error": "生成 Token 失败",
})
return
}
c.JSON(http.StatusOK, gin.H{
"success": true,
"data": LoginResponse{
Token: tokenString,
User: config.UserInfo{
Username: foundUser.Username,
Name: foundUser.Name,
Email: foundUser.Email,
Role: foundUser.Role,
},
},
})
}
// ValidateToken 验证 Token
func ValidateToken(c *gin.Context) {
tokenString := c.GetHeader("Authorization")
if tokenString == "" {
c.JSON(http.StatusUnauthorized, gin.H{
"success": false,
"error": "未提供 Token",
"code": "TOKEN_MISSING",
})
return
}
// 移除 "Bearer " 前缀
if len(tokenString) > 7 && tokenString[:7] == "Bearer " {
tokenString = tokenString[7:]
}
secret := config.Global.JWTSecret
if secret == "" {
secret = "billai-default-secret"
}
token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) {
return []byte(secret), nil
}, jwt.WithValidMethods([]string{jwt.SigningMethodHS256.Name}))
if err != nil || !token.Valid {
code := "TOKEN_INVALID"
message := "Token 无效"
if err != nil && errors.Is(err, jwt.ErrTokenExpired) {
code = "TOKEN_EXPIRED"
message = "Token 已过期"
}
c.JSON(http.StatusUnauthorized, gin.H{
"success": false,
"error": message,
"code": code,
})
return
}
claims, ok := token.Claims.(*Claims)
if !ok {
c.JSON(http.StatusUnauthorized, gin.H{
"success": false,
"error": "Token 解析失败",
"code": "TOKEN_INVALID",
})
return
}
c.JSON(http.StatusOK, gin.H{
"success": true,
"data": config.UserInfo{
Username: claims.Username,
Name: claims.Name,
Role: claims.Role,
},
})
}
Reference in New Issue View Git Blame Copy Permalink