security

package
v0.0.0-...-db9179b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 27, 2024 License: BSD-3-Clause Imports: 12 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	CacheKeyPrefix        = "login_token:"
	ATokenExpiredDuration = 2 * time.Hour
	RTokenExpiredDuration = 30 * 24 * time.Hour
)
View Source 
const (
	ClaimsKey = "claims"
)

Variables

View Source 
var DefaultPasswdVerifier = new(PasswdVerifier)
View Source 
var ErrPasswdLimit = errors.New("password error limit")
View Source 
var JwtHelper = NewJWT(&JwtConfig{
	Secret: "gogo",
}, nil)

Functions

func BcryptHash 

func BcryptHash(passwd string) (hash, salt string)

BcryptHash 明文加密

func BcryptVerify 

func BcryptVerify(salt, hash, passwd string) bool

BcryptVerify 校验密文和明文

func GetNickname 

func GetNickname(ctx context.Context) string

func GetRole 

func GetRole(ctx context.Context) string

GetRole 单个角色设计时

func GetRoles 

func GetRoles(ctx context.Context) []string

func GetUserID 

func GetUserID(ctx context.Context) string

func GetUserIntID 

func GetUserIntID(ctx context.Context) int64

GetUserIntID 如果存储的UID是数字类型,那么可以通过该方法获取

func GetUsername 

func GetUsername(ctx context.Context) string

Types

type Ciphertext 

type Ciphertext string

Ciphertext 密文 use: 前端密码字段的传输

密码字段设计: 1.前端密码字段加密 2.后端解密出原文 3.后端密码强度校验 4.入库时hash不可逆编码(可以加盐)

func (*Ciphertext) BcryptHash 

func (ct *Ciphertext) BcryptHash() string

func (*Ciphertext) BcryptVerify 

func (ct *Ciphertext) BcryptVerify(hashPasswd string) bool

func (*Ciphertext) Decrypt 

func (ct *Ciphertext) Decrypt(conf Config) error

func (Ciphertext) LogValue 

func (ct Ciphertext) LogValue() slog.Value

LogValue Ciphertext 脱敏

type CiphertextConfig 

type CiphertextConfig struct {
	IsCiphertext bool       `mapstructure:"isCiphertext"` // 密码字段是否启用密文传输
	CipherKey    Ciphertext `mapstructure:"cipherKey"`    // 支持 8 16 24 bit
}

type Claims 

type Claims struct {
	jwt.StandardClaims
	UserID   string   `json:"userID"`
	Username string   `json:"username"`
	Nickname string   `json:"nickname"`
	Roles    []string `json:"roles"`
}

func GetClaims 

func GetClaims(ctx context.Context) *Claims

type Config 

type Config struct {
	Ciphertext CiphertextConfig `mapstructure:"ciphertext"`
	Jwt        JwtConfig        `mapstructure:"jwt"`
}

type Email 

type Email string

func (Email) LogValue 

func (e Email) LogValue() slog.Value

type IDCard 

type IDCard string

func (IDCard) LogValue 

func (id IDCard) LogValue() slog.Value

type JWToken 

type JWToken struct {
	SigningKey          []byte
	Issuer              string        // jwt issuer
	AccessTokenExpired  time.Duration // jwt access token expired
	RefreshTokenExpired time.Duration // jwt refresh token expired
	// contains filtered or unexported fields
}

func NewJWT 

func NewJWT(conf *JwtConfig, rdb redis.Cmdable) *JWToken

func (*JWToken) Generate 

func (t *JWToken) Generate(ctx context.Context, claims *Claims) (atoken, rtoken string, err error)

Generate 颁发token access token 和 refresh token refresh token 不需要保存任何用户信息

func (*JWToken) GetToken 

func (t *JWToken) GetToken(ctx context.Context, username string) (string, error)

GetToken 获取 token

func (*JWToken) GetTokenID 

func (t *JWToken) GetTokenID(ctx context.Context, username string) (string, error)

func (*JWToken) Parse 

func (t *JWToken) Parse(tokenString string) (*Claims, error)

func (*JWToken) Refresh 

func (t *JWToken) Refresh(ctx context.Context, rtoken string, claims *Claims) (newAToken, newRToken string, err error)

Refresh 通过 refresh token 刷新 atoken

func (*JWToken) RemoveToken 

func (t *JWToken) RemoveToken(ctx context.Context, username string) error

func (*JWToken) ValidationErrorExpired 

func (t *JWToken) ValidationErrorExpired(err error) bool

func (*JWToken) Verify 

func (t *JWToken) Verify(tokenString string) (*Claims, error)

Verify 验证Token

type JwtConfig 

type JwtConfig struct {
	Secret              Ciphertext `mapstructure:"secret"`              // jwt secret
	Issuer              string     `mapstructure:"issuer"`              // jwt issuer
	AccessTokenExpired  string     `mapstructure:"accessTokenExpired"`  // jwt access token expired
	RefreshTokenExpired string     `mapstructure:"refreshTokenExpired"` // jwt refresh token expired
	// 分布式共享token
	CacheKeyPrefix string `mapstructure:"cacheKeyPrefix"` // jwt cache key prefix
}

func (*JwtConfig) GetAccessTokenExpired 

func (c *JwtConfig) GetAccessTokenExpired() time.Duration

func (*JwtConfig) GetRefreshTokenExpired 

func (c *JwtConfig) GetRefreshTokenExpired() time.Duration

func (*JwtConfig) Validate 

func (c *JwtConfig) Validate() []error

type PasswdVerifier 

type PasswdVerifier struct {
	OnErr func(error)
	// contains filtered or unexported fields
}

PasswdVerifier 登录密码验证器 1.对密码进行hash加密 2.随机生成盐 3.密码错误次数限制(依赖Redis)

func NewPasswdVerifier 

func NewPasswdVerifier(rdb redis.Cmdable, limit int) *PasswdVerifier

func (*PasswdVerifier) BcryptHash 

func (h *PasswdVerifier) BcryptHash(passwd string) string

BcryptHash 密码加密

func (*PasswdVerifier) BcryptVerify 

func (h *PasswdVerifier) BcryptVerify(hash, password string) bool

BcryptVerify 验证密码

func (*PasswdVerifier) BcryptVerifyWithCount 

func (h *PasswdVerifier) BcryptVerifyWithCount(ctx context.Context, hash, password string) bool

BcryptVerifyWithCount 验证密码统计错误次数

func (*PasswdVerifier) GetErrCount 

func (h *PasswdVerifier) GetErrCount() int64

GetErrCount 获取密码错误的次数

func (*PasswdVerifier) GetRemainCount 

func (h *PasswdVerifier) GetRemainCount() int64

GetRemainCount 获取密码剩余的错误次数

func (*PasswdVerifier) SetKey 

func (h *PasswdVerifier) SetKey(key string, expiration time.Duration)

SetKey 设置key

type PhoneNo 

type PhoneNo string

func (PhoneNo) LogValue 

func (pNo PhoneNo) LogValue() slog.Value

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.