Merge branch 'feature/jwt'

This commit is contained in:
daniel.w 2024-08-27 13:50:21 +08:00
commit 04e1b0c122
8 changed files with 467 additions and 0 deletions

View File

@ -4,4 +4,5 @@ use (
./errors ./errors
./validator ./validator
./worker_pool ./worker_pool
./jwt
) )

68
jwt/claims.go Normal file
View File

@ -0,0 +1,68 @@
package jwt
type DataClaims map[string]string
const (
idCode = "id"
roleCode = "role"
deviceIDCode = "device_id"
scopeCode = "scope"
uidCode = "uid"
)
// ============ 使用具體的 setter ============
// Set 通用的 setter 方法
func (c DataClaims) Set(key, value string) {
c[key] = value
}
func (c DataClaims) SetID(id string) {
c.Set(idCode, id)
}
func (c DataClaims) SetRole(role string) {
c.Set(roleCode, role)
}
func (c DataClaims) SetDeviceID(deviceID string) {
c.Set(deviceIDCode, deviceID)
}
func (c DataClaims) SetScope(scope string) {
c.Set(scopeCode, scope)
}
func (c DataClaims) SetUID(uid string) {
c.Set(uidCode, uid)
}
// ============ 使用具體的 getter ============
func (c DataClaims) Get(key string) string {
if val, ok := c[key]; ok {
return val
}
return ""
}
func (c DataClaims) Scope() {
c.Get(scopeCode)
}
func (c DataClaims) Role() string {
return c.Get(roleCode)
}
func (c DataClaims) ID() string {
return c.Get(idCode)
}
func (c DataClaims) DeviceID() string {
return c.Get(deviceIDCode)
}
func (c DataClaims) UID() string {
return c.Get(uidCode)
}

72
jwt/claims_test.go Normal file
View File

@ -0,0 +1,72 @@
package jwt
import (
"testing"
"github.com/stretchr/testify/require"
)
func TestDataClaimsSettersAndGetters(t *testing.T) {
tests := []struct {
name string
setterFunc func(c DataClaims, value string)
getterFunc func(c DataClaims) string
value string
expectedVal string
}{
{
name: "Set and Get ID",
setterFunc: func(c DataClaims, value string) { c.SetID(value) },
getterFunc: func(c DataClaims) string { return c.ID() },
value: "12345",
expectedVal: "12345",
},
{
name: "Set and Get Role",
setterFunc: func(c DataClaims, value string) { c.SetRole(value) },
getterFunc: func(c DataClaims) string { return c.Role() },
value: "admin",
expectedVal: "admin",
},
{
name: "Set and Get Device ID",
setterFunc: func(c DataClaims, value string) { c.SetDeviceID(value) },
getterFunc: func(c DataClaims) string { return c.DeviceID() },
value: "device123",
expectedVal: "device123",
},
{
name: "Set and Get Scope",
setterFunc: func(c DataClaims, value string) { c.SetScope(value) },
getterFunc: func(c DataClaims) string { return c.Get(scopeCode) },
value: "read",
expectedVal: "read",
},
{
name: "Set and Get UID",
setterFunc: func(c DataClaims, value string) { c.SetUID(value) },
getterFunc: func(c DataClaims) string { return c.UID() },
value: "user123",
expectedVal: "user123",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
claims := DataClaims{}
// Call the setter function
tt.setterFunc(claims, tt.value)
// Call the getter function and verify the result
require.Equal(t, tt.expectedVal, tt.getterFunc(claims), "Expected value does not match")
})
}
}
func TestDataClaimsGetNonExistentKey(t *testing.T) {
claims := DataClaims{}
// 對於不存在的鍵,應返回空字串
require.Equal(t, "", claims.Get("nonexistent_key"), "Should return empty string for non-existent key")
}

52
jwt/define.go Normal file
View File

@ -0,0 +1,52 @@
package jwt
import (
"time"
"github.com/golang-jwt/jwt/v4"
)
type Token struct {
ID string `json:"id"`
UID string `json:"uid"`
DeviceID string `json:"device_id"`
AccessToken string `json:"access_token"`
ExpiresIn int `json:"expires_in"`
AccessCreateAt time.Time `json:"access_create_at"`
RefreshToken string `json:"refresh_token"`
RefreshExpiresIn int `json:"refresh_expires_in"`
RefreshCreateAt time.Time `json:"refresh_create_at"`
}
func (t *Token) AccessTokenExpires() time.Duration {
return time.Duration(t.ExpiresIn) * time.Second
}
func (t *Token) RefreshTokenExpires() time.Duration {
return time.Duration(t.RefreshExpiresIn) * time.Second
}
func (t *Token) RefreshTokenExpiresUnix() int64 {
return time.Now().Add(t.RefreshTokenExpires()).Unix()
}
func (t *Token) IsExpires() bool {
return t.AccessCreateAt.Add(t.AccessTokenExpires()).Before(time.Now())
}
func (t *Token) RedisExpiredSec() int64 {
sec := time.Unix(int64(t.ExpiresIn), 0).Sub(time.Now().UTC())
return int64(sec.Seconds())
}
func (t *Token) RedisRefreshExpiredSec() int64 {
sec := time.Unix(int64(t.RefreshExpiresIn), 0).Sub(time.Now().UTC())
return int64(sec.Seconds())
}
type Claims struct {
jwt.RegisteredClaims
Data interface{} `json:"data"`
}

82
jwt/define_test.go Normal file
View File

@ -0,0 +1,82 @@
package jwt
import (
"testing"
"time"
"github.com/stretchr/testify/require"
)
func TestAccessTokenExpires(t *testing.T) {
token := &Token{
ExpiresIn: 3600, // 1小時
}
expectedDuration := time.Hour
actualDuration := token.AccessTokenExpires()
require.Equal(t, expectedDuration, actualDuration, "Access token expiration duration should be 1 hour")
}
func TestRefreshTokenExpires(t *testing.T) {
token := &Token{
RefreshExpiresIn: 7200, // 2小時
}
expectedDuration := 2 * time.Hour
actualDuration := token.RefreshTokenExpires()
require.Equal(t, expectedDuration, actualDuration, "Refresh token expiration duration should be 2 hours")
}
func TestRefreshTokenExpiresUnix(t *testing.T) {
token := &Token{
RefreshExpiresIn: 3600, // 1小時
}
expectedUnix := time.Now().Add(1 * time.Hour).Unix()
actualUnix := token.RefreshTokenExpiresUnix()
// 設定允許範圍確保結果在1秒的範圍內
require.InEpsilon(t, expectedUnix, actualUnix, 1, "Refresh token expires Unix time should match the expected time")
}
func TestIsExpires(t *testing.T) {
// 測試過期情況
tokenExpired := &Token{
ExpiresIn: 3600, // 1小時
AccessCreateAt: time.Now().Add(-2 * time.Hour), // 2小時前生成的 token應該過期
}
require.True(t, tokenExpired.IsExpires(), "Token should be expired")
// 測試未過期情況
tokenNotExpired := &Token{
ExpiresIn: 3600, // 1小時
AccessCreateAt: time.Now().Add(-30 * time.Minute), // 30分鐘前生成的 token應該未過期
}
require.False(t, tokenNotExpired.IsExpires(), "Token should not be expired")
}
func TestRedisExpiredSec(t *testing.T) {
token := &Token{
ExpiresIn: int(time.Now().Add(1 * time.Hour).Unix()), // 1小時後過期
}
expectedSec := int64(3600) // 1小時
actualSec := token.RedisExpiredSec()
// 確保時間在合理範圍內
require.InDelta(t, expectedSec, actualSec, 1, "Redis expired seconds should be close to 3600 seconds")
}
func TestRedisRefreshExpiredSec(t *testing.T) {
token := &Token{
RefreshExpiresIn: int(time.Now().Add(2 * time.Hour).Unix()), // 2小時後過期
}
expectedSec := int64(7200) // 2小時
actualSec := token.RedisRefreshExpiredSec()
// 確保時間在合理範圍內
require.InDelta(t, expectedSec, actualSec, 1, "Redis refresh expired seconds should be close to 7200 seconds")
}

14
jwt/go.mod Normal file
View File

@ -0,0 +1,14 @@
module code.30cm.net/digimon/library-go/jwt
go 1.22.3
require (
github.com/golang-jwt/jwt/v4 v4.5.0
github.com/stretchr/testify v1.9.0
)
require (
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)

91
jwt/token.go Normal file
View File

@ -0,0 +1,91 @@
package jwt
import (
"fmt"
"time"
"github.com/golang-jwt/jwt/v4"
)
func GenerateAccessToken(token Token, data any, sign string, issuer string) (string, error) {
claim := Claims{
Data: data,
RegisteredClaims: jwt.RegisteredClaims{
ID: token.ID,
ExpiresAt: jwt.NewNumericDate(time.Unix(int64(token.ExpiresIn), 0)),
Issuer: issuer,
},
}
accessToken, err := jwt.NewWithClaims(jwt.SigningMethodHS256, claim).
SignedString([]byte(sign))
if err != nil {
return "", err
}
return accessToken, nil
}
func ParseToken(accessToken string, secret string, validate bool) (jwt.MapClaims, error) {
// 跳過驗證的解析
var token *jwt.Token
var err error
if validate {
token, err = jwt.Parse(accessToken, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, fmt.Errorf("token unexpected signing method: %v", token.Header["alg"])
}
return []byte(secret), nil
})
if err != nil {
return jwt.MapClaims{}, err
}
} else {
parser := jwt.NewParser(jwt.WithoutClaimsValidation())
token, err = parser.Parse(accessToken, func(_ *jwt.Token) (interface{}, error) {
return []byte(secret), nil
})
if err != nil {
return jwt.MapClaims{}, err
}
}
claims, ok := token.Claims.(jwt.MapClaims)
if !ok && token.Valid {
return jwt.MapClaims{}, fmt.Errorf("token valid error")
}
return claims, nil
}
func ParseClaims(accessToken string, secret string, validate bool) (DataClaims, error) {
claimMap, err := ParseToken(accessToken, secret, validate)
if err != nil {
return DataClaims{}, err
}
claimsData, ok := claimMap["data"].(map[string]any)
if ok {
return convertMap(claimsData), nil
}
return DataClaims{}, fmt.Errorf("get data from claim map error")
}
func convertMap(input map[string]interface{}) map[string]string {
output := make(map[string]string)
for key, value := range input {
switch v := value.(type) {
case string:
output[key] = v
case fmt.Stringer:
output[key] = v.String()
default:
output[key] = fmt.Sprintf("%v", value)
}
}
return output
}

87
jwt/token_test.go Normal file
View File

@ -0,0 +1,87 @@
package jwt
import (
"testing"
"time"
"github.com/stretchr/testify/require"
)
func TestGenerateAccessToken(t *testing.T) {
// 定義測試參數
token := Token{
ID: "12345",
ExpiresIn: int(time.Now().Add(1 * time.Hour).Unix()),
}
sign := "secret_sign"
data := map[string]string{
"role": "admin",
"uid": "user123",
}
issuer := "test_issuer"
// 調用生成 access token
accessToken, err := GenerateAccessToken(token, data, sign, issuer)
require.NoError(t, err)
require.NotEmpty(t, accessToken)
// 檢查 access token 是否可以解析
claims, err := ParseToken(accessToken, sign, true)
require.NoError(t, err)
// 驗證 Claims 是否正確
require.Equal(t, token.ID, claims["jti"])
require.Equal(t, issuer, claims["iss"])
require.Equal(t, "admin", claims["data"].(map[string]interface{})["role"])
require.Equal(t, "user123", claims["data"].(map[string]interface{})["uid"])
}
func TestParseToken(t *testing.T) {
// 測試生成並解析 token
token := Token{
ID: "67890",
ExpiresIn: int(time.Now().Add(2 * time.Hour).Unix()),
}
sign := "another_secret_sign"
data := map[string]string{
"role": "user",
"uid": "user456",
}
accessToken, err := GenerateAccessToken(token, data, sign, "example_issuer")
require.NoError(t, err)
require.NotEmpty(t, accessToken)
// 測試有驗證的解析
claims, err := ParseToken(accessToken, sign, true)
require.NoError(t, err)
require.Equal(t, "user", claims["data"].(map[string]interface{})["role"])
require.Equal(t, "user456", claims["data"].(map[string]interface{})["uid"])
// 測試不驗證的解析
claimsNoValidation, err := ParseToken(accessToken, sign, false)
require.NoError(t, err)
require.Equal(t, "user", claimsNoValidation["data"].(map[string]interface{})["role"])
}
func TestParseClaims(t *testing.T) {
// 測試生成並解析 claims
token := Token{
ID: "54321",
ExpiresIn: int(time.Now().Add(3 * time.Hour).Unix()),
}
sign := "test_sign"
data := map[string]string{
"role": "moderator",
"uid": "user789",
}
accessToken, err := GenerateAccessToken(token, data, sign, "sample_issuer")
require.NoError(t, err)
// 測試 claims 解析
parsedClaims, err := ParseClaims(accessToken, sign, true)
require.NoError(t, err)
require.Equal(t, "moderator", parsedClaims["role"])
require.Equal(t, "user789", parsedClaims["uid"])
}