nezha/cmd/dashboard/controller/jwt.go

package controller

import (
	"fmt"
	"log"
	"net/http"
	"time"

	jwt "github.com/appleboy/gin-jwt/v2"
	"github.com/gin-gonic/gin"
	"github.com/naiba/nezha/model"
	"github.com/naiba/nezha/service/singleton"
	"golang.org/x/crypto/bcrypt"
)

func initParams() *jwt.GinJWTMiddleware {
	return &jwt.GinJWTMiddleware{
		Realm:       singleton.Conf.SiteName,
		Key:         []byte(singleton.Conf.SecretKey),
		CookieName:  "nz-jwt",
		Timeout:     time.Hour,
		MaxRefresh:  time.Hour,
		IdentityKey: model.CtxKeyAuthorizedUser,
		PayloadFunc: payloadFunc(),

		IdentityHandler: identityHandler(),
		Authenticator:   authenticator(),
		Authorizator:    authorizator(),
		Unauthorized:    unauthorized(),
		TokenLookup:     "header: Authorization, query: token, cookie: nz-jwt",
		TokenHeadName:   "Bearer",
		TimeFunc:        time.Now,

		LoginResponse: func(c *gin.Context, code int, token string, expire time.Time) {
			c.JSON(http.StatusOK, model.CommonResponse[model.LoginResponse]{
				Success: true,
				Data: model.LoginResponse{
					Token:  token,
					Expire: expire.Format(time.RFC3339),
				},
			})
		},
		RefreshResponse: refreshResponse,
	}
}

func handlerMiddleWare(authMiddleware *jwt.GinJWTMiddleware) gin.HandlerFunc {
	return func(context *gin.Context) {
		errInit := authMiddleware.MiddlewareInit()
		if errInit != nil {
			log.Fatal("authMiddleware.MiddlewareInit() Error:" + errInit.Error())
		}
	}
}

func payloadFunc() func(data interface{}) jwt.MapClaims {
	return func(data interface{}) jwt.MapClaims {
		if v, ok := data.(string); ok {
			return jwt.MapClaims{
				model.CtxKeyAuthorizedUser: v,
			}
		}
		return jwt.MapClaims{}
	}
}

func identityHandler() func(c *gin.Context) interface{} {
	return func(c *gin.Context) interface{} {
		claims := jwt.ExtractClaims(c)
		userId := claims[model.CtxKeyAuthorizedUser].(string)
		var user model.User
		if err := singleton.DB.First(&user, userId).Error; err != nil {
			return nil
		}
		return &user
	}
}

// User Login
// @Summary user login
// @Schemes
// @Description user login
// @Accept json
// @param request body model.LoginRequest true "Login Request"
// @Produce json
// @Success 200 {object} model.CommonResponse[model.LoginResponse]
// @Router /login [post]
func authenticator() func(c *gin.Context) (interface{}, error) {
	return func(c *gin.Context) (interface{}, error) {
		var loginVals model.LoginRequest
		if err := c.ShouldBind(&loginVals); err != nil {
			return "", jwt.ErrMissingLoginValues
		}

		var user model.User
		if err := singleton.DB.Select("id", "password").Where("username = ?", loginVals.Username).First(&user).Error; err != nil {
			return nil, jwt.ErrFailedAuthentication
		}

		if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(loginVals.Password)); err != nil {
			return nil, jwt.ErrFailedAuthentication
		}

		if err := singleton.DB.Model(&user).Update("login_expire", time.Now().Add(time.Hour)).Error; err != nil {
			return nil, jwt.ErrFailedAuthentication
		}

		return fmt.Sprintf("%d", user.ID), nil
	}
}

func authorizator() func(data interface{}, c *gin.Context) bool {
	return func(data interface{}, c *gin.Context) bool {
		_, ok := data.(*model.User)
		return ok
	}
}

func unauthorized() func(c *gin.Context, code int, message string) {
	return func(c *gin.Context, code int, message string) {
		c.JSON(http.StatusOK, model.CommonResponse[interface{}]{
			Success: false,
			Error:   "ApiErrorUnauthorized",
		})
	}
}

// Refresh token
// @Summary Refresh token
// @Security BearerAuth
// @Schemes
// @Description Refresh token
// @Tags auth required
// @Produce json
// @Success 200 {object} model.CommonResponse[model.LoginResponse]
// @Router /refresh_token [get]
func refreshResponse(c *gin.Context, code int, token string, expire time.Time) {
	claims := jwt.ExtractClaims(c)
	userId := claims[model.CtxKeyAuthorizedUser].(string)
	if err := singleton.DB.Model(&model.User{}).Where("id = ?", userId).Update("login_expire", expire).Error; err != nil {
		c.JSON(http.StatusOK, model.CommonResponse[interface{}]{
			Success: false,
			Error:   "ApiErrorUnauthorized",
		})
		return
	}
	c.JSON(http.StatusOK, model.CommonResponse[model.LoginResponse]{
		Success: true,
		Data: model.LoginResponse{
			Token:  token,
			Expire: expire.Format(time.RFC3339),
		},
	})
}
init jwt 2024-10-19 12:09:16 -04:00			`package controller`

			`import (`
refactor: login & refresh token 2024-10-20 02:05:43 -04:00			`"fmt"`
init jwt 2024-10-19 12:09:16 -04:00			`"log"`
refactor: login & refresh token 2024-10-20 02:05:43 -04:00			`"net/http"`
init jwt 2024-10-19 12:09:16 -04:00			`"time"`

			`jwt "github.com/appleboy/gin-jwt/v2"`
			`"github.com/gin-gonic/gin"`
			`"github.com/naiba/nezha/model"`
refactor: remove pages, combine grpc http port 2024-10-19 23:47:45 -04:00			`"github.com/naiba/nezha/service/singleton"`
			`"golang.org/x/crypto/bcrypt"`
init jwt 2024-10-19 12:09:16 -04:00			`)`

			`func initParams() *jwt.GinJWTMiddleware {`
			`return &jwt.GinJWTMiddleware{`
refactor: remove pages, combine grpc http port 2024-10-19 23:47:45 -04:00			`Realm: singleton.Conf.SiteName,`
			`Key: []byte(singleton.Conf.SecretKey),`
refactor: login & refresh token 2024-10-20 02:05:43 -04:00			`CookieName: "nz-jwt",`
init jwt 2024-10-19 12:09:16 -04:00			`Timeout: time.Hour,`
			`MaxRefresh: time.Hour,`
			`IdentityKey: model.CtxKeyAuthorizedUser,`
			`PayloadFunc: payloadFunc(),`

			`IdentityHandler: identityHandler(),`
			`Authenticator: authenticator(),`
			`Authorizator: authorizator(),`
			`Unauthorized: unauthorized(),`
refactor: login & refresh token 2024-10-20 02:05:43 -04:00			`TokenLookup: "header: Authorization, query: token, cookie: nz-jwt",`
init jwt 2024-10-19 12:09:16 -04:00			`TokenHeadName: "Bearer",`
			`TimeFunc: time.Now,`
refactor: login & refresh token 2024-10-20 02:05:43 -04:00
			`LoginResponse: func(c *gin.Context, code int, token string, expire time.Time) {`
			`c.JSON(http.StatusOK, model.CommonResponse[model.LoginResponse]{`
			`Success: true,`
			`Data: model.LoginResponse{`
			`Token: token,`
			`Expire: expire.Format(time.RFC3339),`
			`},`
			`})`
			`},`
			`RefreshResponse: refreshResponse,`
init jwt 2024-10-19 12:09:16 -04:00			`}`
			`}`

			`func handlerMiddleWare(authMiddleware *jwt.GinJWTMiddleware) gin.HandlerFunc {`
			`return func(context *gin.Context) {`
			`errInit := authMiddleware.MiddlewareInit()`
			`if errInit != nil {`
			`log.Fatal("authMiddleware.MiddlewareInit() Error:" + errInit.Error())`
			`}`
			`}`
			`}`

			`func payloadFunc() func(data interface{}) jwt.MapClaims {`
			`return func(data interface{}) jwt.MapClaims {`
refactor: login & refresh token 2024-10-20 02:05:43 -04:00			`if v, ok := data.(string); ok {`
init jwt 2024-10-19 12:09:16 -04:00			`return jwt.MapClaims{`
refactor: login & refresh token 2024-10-20 02:05:43 -04:00			`model.CtxKeyAuthorizedUser: v,`
init jwt 2024-10-19 12:09:16 -04:00			`}`
			`}`
			`return jwt.MapClaims{}`
			`}`
			`}`

			`func identityHandler() func(c *gin.Context) interface{} {`
			`return func(c *gin.Context) interface{} {`
			`claims := jwt.ExtractClaims(c)`
refactor: login & refresh token 2024-10-20 02:05:43 -04:00			`userId := claims[model.CtxKeyAuthorizedUser].(string)`
refactor: remove pages, combine grpc http port 2024-10-19 23:47:45 -04:00			`var user model.User`
			`if err := singleton.DB.First(&user, userId).Error; err != nil {`
			`return nil`
init jwt 2024-10-19 12:09:16 -04:00			`}`
refactor: remove pages, combine grpc http port 2024-10-19 23:47:45 -04:00			`return &user`
init jwt 2024-10-19 12:09:16 -04:00			`}`
			`}`

refactor: login & refresh token 2024-10-20 02:05:43 -04:00			`// User Login`
			`// @Summary user login`
refactor: remove pages, combine grpc http port 2024-10-19 23:47:45 -04:00			`// @Schemes`
refactor: login & refresh token 2024-10-20 02:05:43 -04:00			`// @Description user login`
refactor: remove pages, combine grpc http port 2024-10-19 23:47:45 -04:00			`// @Accept json`
refactor: login & refresh token 2024-10-20 02:05:43 -04:00			`// @param request body model.LoginRequest true "Login Request"`
refactor: remove pages, combine grpc http port 2024-10-19 23:47:45 -04:00			`// @Produce json`
refactor: login & refresh token 2024-10-20 02:05:43 -04:00			`// @Success 200 {object} model.CommonResponse[model.LoginResponse]`
			`// @Router /login [post]`
init jwt 2024-10-19 12:09:16 -04:00			`func authenticator() func(c *gin.Context) (interface{}, error) {`
			`return func(c *gin.Context) (interface{}, error) {`
			`var loginVals model.LoginRequest`
			`if err := c.ShouldBind(&loginVals); err != nil {`
			`return "", jwt.ErrMissingLoginValues`
			`}`

refactor: remove pages, combine grpc http port 2024-10-19 23:47:45 -04:00			`var user model.User`
refactor: login & refresh token 2024-10-20 02:05:43 -04:00			`if err := singleton.DB.Select("id", "password").Where("username = ?", loginVals.Username).First(&user).Error; err != nil {`
refactor: remove pages, combine grpc http port 2024-10-19 23:47:45 -04:00			`return nil, jwt.ErrFailedAuthentication`
init jwt 2024-10-19 12:09:16 -04:00			`}`
refactor: remove pages, combine grpc http port 2024-10-19 23:47:45 -04:00
			`if err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(loginVals.Password)); err != nil {`
			`return nil, jwt.ErrFailedAuthentication`
			`}`

refactor: login & refresh token 2024-10-20 02:05:43 -04:00			`if err := singleton.DB.Model(&user).Update("login_expire", time.Now().Add(time.Hour)).Error; err != nil {`
			`return nil, jwt.ErrFailedAuthentication`
			`}`

			`return fmt.Sprintf("%d", user.ID), nil`
init jwt 2024-10-19 12:09:16 -04:00			`}`
			`}`

			`func authorizator() func(data interface{}, c *gin.Context) bool {`
			`return func(data interface{}, c *gin.Context) bool {`
refactor: remove pages, combine grpc http port 2024-10-19 23:47:45 -04:00			`_, ok := data.(*model.User)`
			`return ok`
init jwt 2024-10-19 12:09:16 -04:00			`}`
			`}`

			`func unauthorized() func(c *gin.Context, code int, message string) {`
			`return func(c *gin.Context, code int, message string) {`
refactor: login & refresh token 2024-10-20 02:05:43 -04:00			`c.JSON(http.StatusOK, model.CommonResponse[interface{}]{`
			`Success: false,`
			`Error: "ApiErrorUnauthorized",`
			`})`
			`}`
			`}`

			`// Refresh token`
			`// @Summary Refresh token`
			`// @Security BearerAuth`
			`// @Schemes`
			`// @Description Refresh token`
			`// @Tags auth required`
			`// @Produce json`
			`// @Success 200 {object} model.CommonResponse[model.LoginResponse]`
			`// @Router /refresh_token [get]`
			`func refreshResponse(c *gin.Context, code int, token string, expire time.Time) {`
			`claims := jwt.ExtractClaims(c)`
			`userId := claims[model.CtxKeyAuthorizedUser].(string)`
			`if err := singleton.DB.Model(&model.User{}).Where("id = ?", userId).Update("login_expire", expire).Error; err != nil {`
			`c.JSON(http.StatusOK, model.CommonResponse[interface{}]{`
init jwt 2024-10-19 12:09:16 -04:00			`Success: false,`
refactor: login & refresh token 2024-10-20 02:05:43 -04:00			`Error: "ApiErrorUnauthorized",`
init jwt 2024-10-19 12:09:16 -04:00			`})`
refactor: login & refresh token 2024-10-20 02:05:43 -04:00			`return`
init jwt 2024-10-19 12:09:16 -04:00			`}`
refactor: login & refresh token 2024-10-20 02:05:43 -04:00			`c.JSON(http.StatusOK, model.CommonResponse[model.LoginResponse]{`
			`Success: true,`
			`Data: model.LoginResponse{`
			`Token: token,`
			`Expire: expire.Format(time.RFC3339),`
			`},`
			`})`
init jwt 2024-10-19 12:09:16 -04:00			`}`