Documentation
¶
Index ¶
- Constants
- Variables
- func GetAccessTokenFromHTTP(r *http.Request) string
- func GetIssueParameterValue[T any](p IssueParameter, key string) T
- func GetRefreshTokenFromHTTP(r *http.Request) string
- func MakeBearer(lenth int) string
- func RegistryIssuer(name string, p Issuer)
- type ChangeNamespceRequest
- type DESCRIBE_BY
- type DescribeTokenRequest
- type IssueParameter
- type IssueTokenRequest
- type Issuer
- type LOCK_TYPE
- type QueryTokenRequest
- type RevolkTokenRequest
- type SOURCE
- type Service
- type Status
- type Token
- func (t *Token) AccessTokenExpiredTTL() int
- func (t *Token) CheckRefreshToken(refreshToken string) error
- func (t *Token) IsAccessTokenExpired() error
- func (t *Token) IsRreshTokenExpired() error
- func (t *Token) Lock(l LOCK_TYPE, reason string)
- func (t *Token) SetAccessTokenExpiredAt(v time.Time)
- func (t *Token) SetExpiredAtByDuration(duration time.Duration, refreshMulti uint)
- func (t *Token) SetIssuer(issuer string) *Token
- func (t *Token) SetRefreshAt(v time.Time)
- func (t *Token) SetRefreshTokenExpiredAt(v time.Time)
- func (t *Token) SetSource(source SOURCE) *Token
- func (t *Token) String() string
- func (t *Token) TableName() string
- func (t *Token) UserIdString() string
- type ValiateTokenRequest
Constants ¶
View Source
const ( ACCESS_TOKEN_HEADER_NAME = "Authorization" ACCESS_TOKEN_COOKIE_NAME = "access_token" ACCESS_TOKEN_RESPONSE_HEADER_NAME = "X-OAUTH-TOKEN" REFRESH_TOKEN_HEADER_NAME = "X-REFRUSH-TOKEN" )
View Source
const ( ISSUER_LDAP = "ldap" ISSUER_FEISHU = "feishu" ISSUER_PASSWORD = "password" ISSUER_PRIVATE_TOKEN = "private_token" )
View Source
const (
AppName = "token"
)
Variables ¶
View Source
var (
CTX_TOKEN_KEY = struct{}{}
)
View Source
var (
CookieNotFound = exception.NewUnauthorized("cookie %s not found", ACCESS_TOKEN_COOKIE_NAME)
)
Functions ¶
func GetAccessTokenFromHTTP ¶
func GetIssueParameterValue ¶
func GetIssueParameterValue[T any](p IssueParameter, key string) T
func GetRefreshTokenFromHTTP ¶
func MakeBearer ¶
MakeBearer https://tools.ietf.org/html/rfc6750#section-2.1 b64token = 1*( ALPHA / DIGIT /"-" / "." / "_" / "~" / "+" / "/" ) *"="
func RegistryIssuer ¶
Types ¶
type ChangeNamespceRequest ¶
type ChangeNamespceRequest struct {
UserId uint64 `json:"user_id"`
NamespaceId uint64 `json:"namespace_id"`
AccessToken string `json:"access_token"`
}
func NewChangeNamespceRequest ¶
func NewChangeNamespceRequest() *ChangeNamespceRequest
type DescribeTokenRequest ¶
type DescribeTokenRequest struct {
DescribeBy DESCRIBE_BY `json:"describe_by"`
DescribeValue string `json:"describe_value"`
}
func NewDescribeTokenRequest ¶
func NewDescribeTokenRequest(accessToken string) *DescribeTokenRequest
type IssueParameter ¶
func (IssueParameter) AccessToken ¶
func (p IssueParameter) AccessToken() string
func (IssueParameter) ExpireTTL ¶
func (p IssueParameter) ExpireTTL() time.Duration
func (IssueParameter) Password ¶
func (p IssueParameter) Password() string
func (IssueParameter) SetPassword ¶
func (p IssueParameter) SetPassword(v string)
func (IssueParameter) SetUsername ¶
func (p IssueParameter) SetUsername(v string)
func (IssueParameter) Username ¶
func (p IssueParameter) Username() string
type IssueTokenRequest ¶
type IssueTokenRequest struct {
// 认证方式
Issuer string `json:"issuer"`
// 端类型
Source SOURCE `json:"source"`
// 参数
Parameter IssueParameter `json:"parameter"`
}
func NewIssueTokenRequest ¶
func NewIssueTokenRequest() *IssueTokenRequest
func (*IssueTokenRequest) IssueByPassword ¶
func (i *IssueTokenRequest) IssueByPassword(username, password string)
type QueryTokenRequest ¶
type QueryTokenRequest struct {
*request.PageRequest
// 当前可用的没过期的Token
Active *bool `json:"active"`
// 用户来源
Source *SOURCE `json:"source"`
// Uids
UserIds []uint64 `json:"user_ids"`
}
func NewQueryTokenRequest ¶
func NewQueryTokenRequest() *QueryTokenRequest
func (*QueryTokenRequest) AddUserId ¶
func (r *QueryTokenRequest) AddUserId(uids ...uint64) *QueryTokenRequest
func (*QueryTokenRequest) SetActive ¶
func (r *QueryTokenRequest) SetActive(v bool) *QueryTokenRequest
func (*QueryTokenRequest) SetSource ¶
func (r *QueryTokenRequest) SetSource(v SOURCE) *QueryTokenRequest
type RevolkTokenRequest ¶
type RevolkTokenRequest struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
}
万一的Token泄露, 不知道refresh_token,也没法推出
func NewRevolkTokenRequest ¶
func NewRevolkTokenRequest(at, rk string) *RevolkTokenRequest
type Service ¶
type Service interface {
// 登录接口(颁发Token)
IssueToken(context.Context, *IssueTokenRequest) (*Token, error)
// 退出接口(销毁Token)
RevolkToken(context.Context, *RevolkTokenRequest) (*Token, error)
// 查询Token详情
DescribeToken(context.Context, *DescribeTokenRequest) (*Token, error)
// 校验Token 是给内部中间层使用 身份校验层
// 校验完后返回Token, 通过Token获取 用户信息
ValiateToken(context.Context, *ValiateTokenRequest) (*Token, error)
// 用户切换空间
ChangeNamespce(context.Context, *ChangeNamespceRequest) (*Token, error)
// 查询已经颁发出去的Token
QueryToken(context.Context, *QueryTokenRequest) (*types.Set[*Token], error)
}
func GetService ¶
func GetService() Service
type Status ¶
type Status struct {
// 冻结时间
LockAt *time.Time `json:"lock_at" bson:"lock_at" gorm:"column:lock_at;type:timestamp;index" description:"冻结时间"`
// 冻结类型
LockType LOCK_TYPE `` /* 203-byte string literal not displayed */
// 冻结原因
LockReason string `json:"lock_reason" bson:"lock_reason" gorm:"column:lock_reason;type:text" description:"冻结原因"`
}
type Token ¶
type Token struct {
// 在添加数据需要村的定义
Id uint64 `json:"id" gorm:"column:id;type:uint;primary_key;"`
// 用户来源
Source SOURCE `json:"source" gorm:"column:source;type:tinyint(1);index" description:"用户来源"`
// 颁发器
Issuer string `json:"issuer" gorm:"column:issuer;type:varchar(100);index" description:"颁发器"`
// 该Token属于哪个用户
UserId uint64 `json:"user_id" gorm:"column:user_id;index" description:"持有该Token的用户Id"`
// 用户名
UserName string `json:"user_name" gorm:"column:user_name;type:varchar(100);not null;index" description:"持有该Token的用户名称"`
// 是不是管理员
IsAdmin bool `json:"is_admin" gorm:"column:is_admin;type:tinyint(1)" description:"是不是管理员"`
// 令牌生效空间Id
NamespaceId uint64 `json:"namespace_id" gorm:"column:namespace_id;type:uint;index" description:"令牌所属空间Id"`
// 令牌生效空间名称
NamespaceName string `json:"namespace_name" gorm:"column:namespace_name;type:varchar(100);index" description:"令牌所属空间"`
// 访问范围定义, 鉴权完成后补充
Scope map[string]string `json:"scope" gorm:"column:scope;type:varchar(100)" description:"令牌访问范围定义"`
// 颁发给用户的访问令牌(用户需要携带Token来访问接口)
AccessToken string `json:"access_token" gorm:"column:access_token;type:varchar(100);not null;uniqueIndex" description:"访问令牌"`
// 访问令牌过期时间
AccessTokenExpiredAt *time.Time `` /* 131-byte string literal not displayed */
// 刷新Token
RefreshToken string `json:"refresh_token" gorm:"column:refresh_token;type:varchar(100);not null;uniqueIndex" description:"刷新令牌"`
// 刷新Token过期时间
RefreshTokenExpiredAt *time.Time `` /* 133-byte string literal not displayed */
// 创建时间
IssueAt time.Time `` /* 127-byte string literal not displayed */
// 更新时间
RefreshAt *time.Time `json:"refresh_at" gorm:"column:refresh_at;type:timestamp" description:"令牌刷新时间"`
// 令牌状态
Status *Status `json:"status" gorm:"embedded" modelDescription:"令牌状态"`
// 其他扩展信息
Extras map[string]string `json:"extras" gorm:"column:extras;serializer:json;type:json" description:"其他扩展信息"`
}
func GetTokenFromCtx ¶
func (*Token) AccessTokenExpiredTTL ¶
func (*Token) CheckRefreshToken ¶
func (*Token) IsAccessTokenExpired ¶
func (*Token) IsRreshTokenExpired ¶
func (*Token) SetAccessTokenExpiredAt ¶
func (*Token) SetExpiredAtByDuration ¶
func (*Token) SetRefreshAt ¶
func (*Token) SetRefreshTokenExpiredAt ¶
func (*Token) UserIdString ¶
type ValiateTokenRequest ¶
type ValiateTokenRequest struct {
AccessToken string `json:"access_token"`
}
func NewValiateTokenRequest ¶
func NewValiateTokenRequest(accessToken string) *ValiateTokenRequest
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.