package/token-go
1
0
Fork 0
mirror of https://github.com/weloe/token-go.git synced 2025-10-05 07:26:50 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: support double token

Browse Source
This commit is contained in:
weloe
2023-11-01 04:08:05 +08:00
parent 8a6c8eba30
commit 3c7a8ef8b6
10 changed files with 332 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Readme.md
View File

@@ -1,6 +1,6 @@
# Token-Go # Token-Go
This library focuses on solving login authentication problems, such as: login, multi-account login, shared token login, QR Code login, logout, kickout, banned, second auth, temp-token, SSO ... This library focuses on solving login authentication problems, such as: login, multi-account login, shared token login, token refresh, double token refresh, QR Code login, logout, kickout, banned, second auth, temp-token, SSO ...
## Installation ## Installation

39
config/token.go
View File

@@ -11,6 +11,12 @@ type TokenConfig struct {
TokenName string TokenName string
Timeout int64 Timeout int64
// If you enable DoubleToken, returns double token - token and refreshToken, when token is timeout, you can use refreshToken to refreshToken to auto login.
DoubleToken bool
RefreshTokenName string
RefreshTokenTimeout int64
// If last operate time < ActivityTimeout, token expired // If last operate time < ActivityTimeout, token expired
ActivityTimeout int64 ActivityTimeout int64
// Data clean period // Data clean period
@@ -52,15 +58,46 @@ type TokenConfig struct {
CookieConfig *CookieConfig CookieConfig *CookieConfig
} }
func (t *TokenConfig) InitConfig() {
if t.TokenStyle == "" {
t.TokenStyle = "uuid"
}
if t.TokenName == "" {
t.TokenName = constant.TokenName
}
if t.Timeout == 0 {
t.Timeout = 60 * 60 * 24 * 30
}
if t.DeviceMaxLoginCount == 0 {
t.DeviceMaxLoginCount = 12
}
if t.DoubleToken {
if t.RefreshTokenName == "" {
t.RefreshTokenName = constant.RefreshToken
}
if t.RefreshTokenTimeout == 0 {
t.RefreshTokenTimeout = t.Timeout * 2
}
}
if t.MaxLoginCount == 0 {
t.MaxLoginCount = 12
}
if t.CookieConfig == nil {
t.CookieConfig = DefaultCookieConfig()
}
}
func DefaultTokenConfig() *TokenConfig { func DefaultTokenConfig() *TokenConfig {
return &TokenConfig{ return &TokenConfig{
TokenStyle: "uuid", TokenStyle: "uuid",
TokenPrefix: "", TokenPrefix: "",
TokenName: constant.TokenName, TokenName: constant.TokenName,
Timeout: 60 * 60 * 24 * 30, Timeout: 60 * 60 * 24 * 30,
DoubleToken: false,
ActivityTimeout: -1, ActivityTimeout: -1,
DataRefreshPeriod: 30, DataRefreshPeriod: 30,
AutoRenew: true, AutoRenew: false,
IsConcurrent: true, IsConcurrent: true,
IsShare: true, IsShare: true,
MaxLoginCount: 12, MaxLoginCount: 12,

3
constant/constant.go
View File

@@ -16,7 +16,8 @@ const (
) )
const ( const (
TokenName = "Tokengo" TokenName = "Tokengo"
RefreshToken = "Tokengorefresh"
) )
const ( const (

73
enforcer.go
View File

@@ -98,6 +98,7 @@ func InitWithConfig(tokenConfig *config.TokenConfig, adapter persist.Adapter) (*
if tokenConfig == nil || adapter == nil { if tokenConfig == nil || adapter == nil {
return nil, errors.New("InitWithConfig() failed: parameters cannot be nil") return nil, errors.New("InitWithConfig() failed: parameters cannot be nil")
} }
tokenConfig.InitConfig()
e := &Enforcer{ e := &Enforcer{
loginType: "user", loginType: "user",
config: *tokenConfig, config: *tokenConfig,
@@ -119,13 +120,13 @@ func (e *Enforcer) startCleanTimer() {
return return
} }
dataRefreshPeriod := e.config.DataRefreshPeriod dataRefreshPeriod := e.config.DataRefreshPeriod
if period := dataRefreshPeriod; period >= 0 { if period := dataRefreshPeriod; period > 0 {
err := defaultAdapter.StartCleanTimer(dataRefreshPeriod) err := defaultAdapter.StartCleanTimer(period)
if err != nil { if err != nil {
log2.Printf("enble adapter cleanTimer failed: %v", err) log2.Printf("enble adapter cleanTimer failed: %v", err)
return return
} }
e.logger.StartCleanTimer(dataRefreshPeriod) e.logger.StartCleanTimer(period)
} }
} }
} }
@@ -219,6 +220,17 @@ func (e *Enforcer) LoginByModel(id string, loginModel *model.Login, ctx ctx.Cont
Device: device, Device: device,
}) })
if e.config.DoubleToken {
refreshToken, err := e.createRefreshToken(id, tokenValue, loginModel)
if err != nil {
return "", err
}
err = e.responseRefreshToken(refreshToken, loginModel, ctx)
if err != nil {
return "", err
}
}
timeout := loginModel.Timeout timeout := loginModel.Timeout
// reset session // reset session
err = e.SetSession(id, session, timeout) err = e.SetSession(id, session, timeout)
@@ -245,7 +257,6 @@ func (e *Enforcer) LoginByModel(id string, loginModel *model.Login, ctx ctx.Cont
Timeout: timeout, Timeout: timeout,
JwtData: loginModel.JwtData, JwtData: loginModel.JwtData,
Token: tokenValue, Token: tokenValue,
IsWriteHeader: loginModel.IsWriteHeader,
} }
// called logger // called logger
@@ -409,6 +420,10 @@ func (e *Enforcer) LogoutByToken(token string) error {
return err return err
} }
} }
err = e.deleteRefreshToken(token)
if err != nil {
return err
}
e.logger.Logout(e.loginType, id, token) e.logger.Logout(e.loginType, id, token)
@@ -631,3 +646,53 @@ func (e *Enforcer) GetLoginTokenCounts() (int, error) {
} }
return c, nil return c, nil
} }
func (e *Enforcer) GetRefreshToken(tokenValue string) string {
return e.getRefreshTokenValue(tokenValue)
}
func (e *Enforcer) RefreshToken(refreshToken string, refreshModel ...*model.Refresh) (*model.RefreshRes, error) {
var m *model.Refresh
if len(refreshModel) != 0 {
m = refreshModel[0]
} else {
m = model.DefaultRefresh()
}
return e.RefreshTokenByModel(refreshToken, m, nil)
}
func (e *Enforcer) RefreshTokenByModel(refreshToken string, refreshModel *model.Refresh, ctx ctx.Context) (*model.RefreshRes, error) {
if refreshModel == nil {
return nil, errors.New("arg refreshModel can not be nil")
}
if !e.config.DoubleToken {
return nil, fmt.Errorf("double tokens are not enabled")
}
refreshTokenSign := e.getRefreshTokenSign(refreshToken)
if refreshTokenSign == nil {
return nil, fmt.Errorf("the refresh token does not exist: %v", refreshToken)
}
err := e.deleteRefreshToken(refreshTokenSign.Token)
if err != nil {
return nil, err
}
login := &model.Login{
Device: refreshTokenSign.Device,
IsLastingCookie: refreshModel.IsLastingCookie,
Timeout: refreshModel.Timeout,
JwtData: refreshModel.JwtData,
Token: refreshModel.Token,
RefreshToken: refreshModel.RefreshToken,
RefreshTokenTimeout: refreshModel.RefreshTokenTimeout,
}
token, err := e.LoginByModel(refreshTokenSign.Id, login, ctx)
if err != nil {
return nil, err
}
return &model.RefreshRes{
Token: token,
RefreshToken: refreshToken,
}, nil
}

5
enforcer_interface.go
View File

@@ -45,6 +45,11 @@ type IEnforcer interface {
GetIdByToken(token string) string GetIdByToken(token string) string
GetLoginCount(id string, device ...string) int GetLoginCount(id string, device ...string) int
// refresh api
GetRefreshToken(tokenValue string) string
RefreshToken(refreshToken string, refreshModel ...*model.Refresh) (*model.RefreshRes, error)
RefreshTokenByModel(refreshToken string, refreshModel *model.Refresh, ctx ctx.Context) (*model.RefreshRes, error)
GetLoginCounts() (int, error) GetLoginCounts() (int, error)
GetLoginTokenCounts() (int, error) GetLoginTokenCounts() (int, error)

112
enforcer_internal_api.go
View File

@@ -95,7 +95,7 @@ func (e *Enforcer) ResponseToken(tokenValue string, loginModel *model.Login, ctx
} }
// set token to header // set token to header
if loginModel.IsWriteHeader { if e.config.IsWriteHeader {
ctx.Response().SetHeader(tokenConfig.TokenName, tokenValue) ctx.Response().SetHeader(tokenConfig.TokenName, tokenValue)
ctx.Response().AddHeader(constant.AccessControlExposeHeaders, tokenConfig.TokenName) ctx.Response().AddHeader(constant.AccessControlExposeHeaders, tokenConfig.TokenName)
} }
@@ -122,6 +122,73 @@ func (e *Enforcer) checkId(str string) (bool, error) {
return true, nil return true, nil
} }
func (e *Enforcer) createRefreshToken(id string, tokenValue string, loginModel *model.Login) (string, error) {
// create refreshToken
var err error
if loginModel.RefreshToken == "" {
loginModel.RefreshToken, err = e.generateFunc.Exec(e.config.TokenStyle)
if err != nil {
return "", err
}
}
if loginModel.RefreshTokenTimeout == 0 {
loginModel.RefreshTokenTimeout = e.config.RefreshTokenTimeout
}
err = e.setRefreshToken(&model.RefreshTokenSign{
Id: id,
Token: tokenValue,
RefreshValue: loginModel.RefreshToken,
Device: loginModel.Device,
}, loginModel.RefreshTokenTimeout)
if err != nil {
return "", err
}
return loginModel.RefreshToken, nil
}
// responseRefreshToken set token to cookie or header
func (e *Enforcer) responseRefreshToken(refreshTokenValue string, loginModel *model.Login, ctx ctx.Context) error {
if ctx == nil {
return nil
}
tokenConfig := e.config
// set token to cookie
if tokenConfig.IsReadCookie {
var cookieTimeout int64
if !loginModel.IsLastingCookie {
cookieTimeout = -1
} else {
if loginModel.RefreshTokenTimeout != 0 {
cookieTimeout = loginModel.RefreshTokenTimeout
} else {
cookieTimeout = tokenConfig.Timeout * 2
}
if cookieTimeout == constant.NeverExpire {
cookieTimeout = math.MaxInt64
}
}
if tokenConfig.CookieConfig.Path == "" {
tokenConfig.CookieConfig.Path = "/"
}
// add cookie use tokenConfig.CookieConfig
ctx.Response().AddCookie(tokenConfig.RefreshTokenName,
refreshTokenValue,
tokenConfig.CookieConfig.Path,
tokenConfig.CookieConfig.Domain,
cookieTimeout)
}
// set token to header
if tokenConfig.IsWriteHeader {
ctx.Response().SetHeader(tokenConfig.RefreshTokenName, refreshTokenValue)
ctx.Response().AddHeader(constant.AccessControlExposeHeaders, tokenConfig.RefreshTokenName)
}
return nil
}
func (e *Enforcer) SetIdByToken(id string, tokenValue string, timeout int64) error { func (e *Enforcer) SetIdByToken(id string, tokenValue string, timeout int64) error {
err := e.notifySetStr(e.spliceTokenKey(tokenValue), id, timeout) err := e.notifySetStr(e.spliceTokenKey(tokenValue), id, timeout)
return err return err
@@ -146,6 +213,37 @@ func (e *Enforcer) updateTokenTimeout(token string, timeout int64) error {
return err return err
} }
func (e *Enforcer) deleteRefreshToken(tokenValue string) error {
refreshToken := e.getRefreshTokenValue(tokenValue)
err := e.notifyDelete(e.spliceRefreshTokenKey(tokenValue))
if err != nil {
return err
}
err = e.notifyDelete(e.spliceRefreshTokenSignKey(refreshToken))
return err
}
func (e *Enforcer) setRefreshToken(refreshTokenSign *model.RefreshTokenSign, timeout int64) error {
err := e.notifySet(e.spliceRefreshTokenSignKey(refreshTokenSign.RefreshValue), refreshTokenSign, timeout)
if err != nil {
return err
}
err = e.notifySetStr(e.spliceRefreshTokenKey(refreshTokenSign.Token), refreshTokenSign.RefreshValue, timeout)
return err
}
func (e *Enforcer) getRefreshTokenValue(tokenValue string) string {
return e.adapter.GetStr(e.spliceRefreshTokenKey(tokenValue))
}
func (e *Enforcer) getRefreshTokenSign(refreshToken string) *model.RefreshTokenSign {
get := e.adapter.Get(e.spliceRefreshTokenSignKey(refreshToken), util.GetType(&model.RefreshTokenSign{}))
if get != nil {
return get.(*model.RefreshTokenSign)
}
return nil
}
func (e *Enforcer) setBanned(id string, service string, level int, time int64) error { func (e *Enforcer) setBanned(id string, service string, level int, time int64) error {
err := e.notifySetStr(e.spliceBannedKey(id, service), strconv.Itoa(level), time) err := e.notifySetStr(e.spliceBannedKey(id, service), strconv.Itoa(level), time)
return err return err
@@ -238,11 +336,21 @@ func (e *Enforcer) getByTempToken(service string, tempToken string) string {
return e.adapter.GetStr(e.spliceTempTokenKey(service, tempToken)) return e.adapter.GetStr(e.spliceTempTokenKey(service, tempToken))
} }
// spliceSessionKey splice session-id key // spliceSessionKey splice id-session key
func (e *Enforcer) spliceSessionKey(id string) string { func (e *Enforcer) spliceSessionKey(id string) string {
return e.config.TokenName + ":" + e.loginType + ":session:" + id return e.config.TokenName + ":" + e.loginType + ":session:" + id
} }
// spliceRefreshTokenSignKey splice refreshToken-refreshToken key
func (e *Enforcer) spliceRefreshTokenSignKey(refreshToken string) string {
return e.config.TokenName + ":" + e.loginType + ":refreshSign:" + refreshToken
}
// spliceRefreshTokenKey splice token-refreshToken key
func (e *Enforcer) spliceRefreshTokenKey(token string) string {
return e.config.TokenName + ":" + e.loginType + ":refresh:" + token
}
// spliceTokenKey splice token-id key // spliceTokenKey splice token-id key
func (e *Enforcer) spliceTokenKey(token string) string { func (e *Enforcer) spliceTokenKey(token string) string {
return e.config.TokenName + ":" + e.loginType + ":token:" + token return e.config.TokenName + ":" + e.loginType + ":token:" + token

57
enforcer_test.go
View File

@@ -13,6 +13,7 @@ import (
"net/http" "net/http"
"net/http/httptest" "net/http/httptest"
"testing" "testing"
"time"
) )
func NewTestHttpContext(t *testing.T) (error, ctx.Context) { func NewTestHttpContext(t *testing.T) (error, ctx.Context) {
@@ -564,3 +565,59 @@ func TestEnforcer_SecSafe(t *testing.T) {
t.Fatalf("IsSafe() failed, unexpected return value: %v", isSafe) t.Fatalf("IsSafe() failed, unexpected return value: %v", isSafe)
} }
} }
func TestEnforcer_RefreshToken(t *testing.T) {
adapter := NewDefaultAdapter()
tokenConfig := &config.TokenConfig{
DoubleToken: true,
}
enforcer, err := NewEnforcer(adapter, tokenConfig)
if err != nil {
t.Fatalf("NewEnforcer() failed: %v", err)
}
token, err := enforcer.Login("1", nil)
if err != nil {
t.Fatalf("Login() failed: %v", err)
}
t.Logf("login success. token: %v", token)
refreshToken := enforcer.GetRefreshToken(token)
t.Logf("get refreshToken: %v", refreshToken)
err = enforcer.LogoutByToken(token)
t.Logf("1 logout")
if err != nil {
t.Fatalf("LogoutByToken() failed: %v", err)
}
if enforcer.GetRefreshToken(token) != "" {
t.Fatalf("GetRefreshToken() = %v, want is nil", enforcer.GetRefreshToken(token))
}
_, err = enforcer.RefreshToken(token)
if err == nil {
t.Fatalf("RefreshToken() failed: %v", err)
}
token, err = enforcer.LoginByModel("1", &model.Login{
Device: "test",
IsLastingCookie: false,
Timeout: 1,
Token: "",
RefreshTokenTimeout: 200000,
}, nil)
if err != nil {
t.Fatalf("Login() failed: %v", err)
}
refreshToken = enforcer.GetRefreshToken(token)
time.Sleep(time.Second)
loginId, _ := enforcer.GetLoginIdByToken(token)
if loginId != "" {
t.Fatalf("GetLoginIdByToken() failed: %v", loginId)
}
refreshRes, err := enforcer.RefreshToken(refreshToken)
if err != nil {
t.Fatalf("RefreshToken() failed: %v", err)
}
t.Logf(refreshRes.String())
_, err = enforcer.RefreshToken(refreshToken)
if err == nil {
t.Fatalf("RefreshToken() failed: %v", err)
}
}

26
model/login.go
View File

@@ -1,12 +1,13 @@
package model package model
type Login struct { type Login struct {
Device string Device string
IsLastingCookie bool IsLastingCookie bool
Timeout int64 Timeout int64
JwtData map[string]interface{} JwtData map[string]interface{}
Token string Token string
IsWriteHeader bool RefreshToken string
RefreshTokenTimeout int64
} }
func DefaultLoginModel() *Login { func DefaultLoginModel() *Login {
@@ -16,17 +17,16 @@ func DefaultLoginModel() *Login {
Timeout: 60 * 60 * 24 * 30, Timeout: 60 * 60 * 24 * 30,
JwtData: nil, JwtData: nil,
Token: "", Token: "",
IsWriteHeader: true,
} }
} }
func CreateLoginModelByDevice(device string) *Login { func CreateLoginModelByDevice(device string) *Login {
return &Login{ return &Login{
Device: device, Device: device,
IsLastingCookie: true, IsLastingCookie: true,
Timeout: 60 * 60 * 24 * 30, Timeout: 60 * 60 * 24 * 30,
JwtData: nil, JwtData: nil,
Token: "", Token: "",
IsWriteHeader: true, RefreshTokenTimeout: 60 * 60 * 24 * 30 * 2,
} }
} }

30
model/refresh.go Normal file
View File

@@ -0,0 +1,30 @@
package model
import "fmt"
type RefreshRes struct {
Token string
RefreshToken string
}
type Refresh struct {
IsLastingCookie bool
Token string
Timeout int64
JwtData map[string]interface{}
RefreshToken string
RefreshTokenTimeout int64
}
func DefaultRefresh() *Refresh {
return &Refresh{
IsLastingCookie: true,
Timeout: 60 * 60 * 24 * 30,
JwtData: nil,
Token: "",
}
}
func (r *RefreshRes) String() string {
return fmt.Sprintf("Token: %s, RefreshToken: %s", r.Token, r.RefreshToken)
}

7
model/session.go
View File

@@ -7,6 +7,13 @@ import (
"time" "time"
) )
type RefreshTokenSign struct {
Id string
Token string
RefreshValue string
Device string
}
type TokenSign struct { type TokenSign struct {
Value string Value string
Device string Device string