改进认证和 JWKS 刷新机制

2024-07-16 01:48:05 +08:00 · 2024-07-16 01:48:05 +08:00 · 9a8a33beac
commit 9a8a33beac
parent f54b8656d5
5 changed files with 38 additions and 26 deletions
--- a/internal/logic/auth.go
+++ b/internal/logic/auth.go
@ -1,6 +1,7 @@
 package logic

 import (
+	"context"
 	"github.com/gin-gonic/gin"
 	"github.com/mitchellh/mapstructure"
 	"go.uber.org/zap"
@ -88,3 +89,9 @@ func GetUserId(ctx *gin.Context) string {
 	logic := AuthLogic{}
 	return logic.GinUser(ctx).Token.Sub
 }
+
+func GetUser(ctx context.Context) *models.User {
+	user := ctx.Value(consts.AuthMiddlewareKey)
+
+	return user.(*models.User)
+}
--- a/internal/middleware/grpc/auth.go
+++ b/internal/middleware/grpc/auth.go
@ -19,7 +19,7 @@ func JwtAuth(ctx context.Context) (context.Context, error) {
 	}

 	sub := consts.AnonymousUser
-	var jwtIdToken = &models.User{}
+	var jwtIdToken = models.User{}

 	if config.DebugMode.Enable {
 		jwtIdToken.Token.Sub = sub
@ -45,14 +45,14 @@ func JwtAuth(ctx context.Context) (context.Context, error) {

 		jwtIdToken.Valid = true

-		err = mapstructure.Decode(token.Claims, &jwtIdToken)
+		err = mapstructure.Decode(token.Claims, &jwtIdToken.Token)
 		if err != nil {
 			logger.Error("Failed to map token claims to JwtIDToken struct.\nError: " + err.Error())
 			return nil, err
 		}
 	}

-	ctx = logging.InjectFields(ctx, logging.Fields{"auth.sub", sub})
+	ctx = logging.InjectFields(ctx, logging.Fields{consts.AuthMiddlewareKey, sub})

-	return context.WithValue(ctx, "auth", jwtIdToken), nil
+	return context.WithValue(ctx, consts.AuthMiddlewareKey, &jwtIdToken), nil
 }
--- a/internal/providers/jwks/init.go
+++ b/internal/providers/jwks/init.go
@ -3,10 +3,18 @@ package jwks
 import "time"

 func InitJwksRefresh() {
+	// 先刷新一次
+	RefreshJWKS()
+	var firstRefreshed = true
+
 	// 启动一个定时器
 	go func() {
 		for {
-			RefreshJWKS()
+			if firstRefreshed {
+				firstRefreshed = false
+			} else {
+				RefreshJWKS()
+			}
 			time.Sleep(refreshRate)
 		}
 	}()
--- a/internal/providers/jwks/jwks.go
+++ b/internal/providers/jwks/jwks.go
@ -21,7 +21,6 @@ var logger = providers.MustGet[zap.Logger]()
 var config = providers.MustGet[providers.GlobalConfig]()

 func RefreshJWKS() {
-
 	logger.Info("Refreshing JWKS...")

 	var err error
--- a/models/user.go
+++ b/models/user.go
@ -1,26 +1,24 @@
 package models

+import "time"
+
 type UserTokenInfo struct {
-	Exp               int      `json:"exp"`
-	Iat               int      `json:"iat"`
-	AuthTime          int      `json:"auth_time"`
-	Jti               string   `json:"jti"`
-	Iss               string   `json:"iss"`
-	Aud               string   `json:"aud"`
-	Sub               string   `json:"sub"`
-	Typ               string   `json:"typ"`
-	Azp               string   `json:"azp"`
-	SessionState      string   `json:"session_state"`
-	AtHash            string   `json:"at_hash"`
-	Acr               string   `json:"acr"`
-	Sid               string   `json:"sid"`
-	EmailVerified     bool     `json:"email_verified"`
-	Name              string   `json:"name"`
-	PreferredUsername string   `json:"preferred_username"`
-	GivenName         string   `json:"given_name"`
-	FamilyName        string   `json:"family_name"`
-	Email             string   `json:"email"`
-	Groups            []string `json:"groups"`
+	Aud              string    `json:"aud"`
+	Iss              string    `json:"iss"`
+	Iat              float64   `json:"iat"`
+	Exp              float64   `json:"exp"`
+	Sub              string    `json:"sub"`
+	Scopes           []string  `json:"scopes"`
+	Id               int       `json:"id"`
+	Uuid             string    `json:"uuid"`
+	Avatar           string    `json:"avatar"`
+	Name             string    `json:"name"`
+	EmailVerified    bool      `json:"email_verified"`
+	RealNameVerified bool      `json:"real_name_verified"`
+	PhoneVerified    bool      `json:"phone_verified"`
+	Email            string    `json:"email"`
+	Phone            string    `json:"phone"`
+	CreatedAt        time.Time `json:"created_at"`
 }

 type User struct {