crypter/jwt.go

package crypter

import (
	"errors"
	"fmt"
	"log"

	"strconv"
	"time"

	"github.com/dgrijalva/jwt-go"
)

//JWT = JSON WEB TOKEN 是一个开放标准，用于作为json对象，在各个地方安全的传输信息
//此信息可以被验证和信任

func CreateJwtToken(client_id, client_secret string) (string, error) {
	// Define the secret key used for signing the token
	secretKey := []byte(client_secret)

	// Create a new token with claims
	token := jwt.New(jwt.SigningMethodHS256)
	claims := token.Claims.(jwt.MapClaims)

	// Set the issuer, issued at, and JWT ID claims
	claims["iss"] = client_id
	claims["iat"] = time.Now().Unix()
	claims["jti"] = strconv.Itoa(time.Now().Nanosecond())

	// log.Println(claims)
	// Sign the token with the secret key
	tokenString, err := token.SignedString(secretKey)
	if err != nil {
		log.Println("Error signing token:", err)
		return "", err
	}
	return tokenString, nil
}
func VerifyToken(tokenString string, client_id, client_secret string, expire int64) (bool, error) {

	token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
		return []byte(client_secret), nil
	})
	// log.Println(token, token.Claims, err)
	if token.Valid {
		claims := token.Claims.(jwt.MapClaims)

		if client_id != claims["iss"] {
			return false, errors.New("invalid client_id")
		}
		iat := ToInt64(claims["iat"])
		now := time.Now().Unix()
		log.Println(iat, now)
		if now-iat > expire || iat-now > expire {
			return false, errors.New("invalid time")
		}

		return true, nil
	} else if ve, ok := err.(*jwt.ValidationError); ok {
		if ve.Errors&jwt.ValidationErrorMalformed != 0 {
			return false, errors.New("Malformed token")
		} else if ve.Errors&(jwt.ValidationErrorExpired|jwt.ValidationErrorNotValidYet) != 0 {
			return false, errors.New("Expired token")
		} else {
			return false, errors.New("Invalid token")
		}
	} else {
		return false, errors.New("Invalid token")
	}
}

func CheckJwtToken(tokenString string, client_secret string) (jwt.MapClaims, bool, error) {
	// Define the secret key used for verifying the token
	secretKey := []byte(client_secret)
	// jwt.DecodeSegment()
	// Parse the token
	token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
		// Check the signing method
		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
			return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
		}
		return secretKey, nil
	})

	// Verify the token
	if err != nil {
		log.Println("Error parsing token:", err)
		return nil, false, err
	}

	if token.Valid {
		// log.Println("Token is valid!")
		// Access the claims
		claims := token.Claims.(jwt.MapClaims)
		// log.Println("Issuer:", claims["iss"])
		// log.Println("Issued At:", claims["iat"])
		// log.Println("JWT ID:", claims["jti"])

		return claims, true, nil
	}
	return nil, false, nil
}

func ToInt64(inter interface{}) int64 {
	var value int64

	switch inter.(type) {

	case string:
		value, _ = strconv.ParseInt(inter.(string), 10, 64)
	case int:
		value = int64(inter.(int))
	case int64:
		value = inter.(int64)
	case float64:
		value_int, _ := strconv.Atoi(fmt.Sprintf("%1.0f", inter))
		value = int64(value_int)
	case nil:
		value = 0
	case interface{}:
		if _, ok := inter.(int64); !ok {
			value = inter.(int64)
		}
	default:
		log.Println("参数值类型错误", inter, "not in string|int|float64|interface|int64")
	}
	return value
}