feat: user jwt login

2022-06-25 21:34:44 +08:00
parent 306b90399c
commit c5295f4d72
16 changed files with 269 additions and 21 deletions
--- a/internal/conf/config.go
+++ b/internal/conf/config.go
@ -1,5 +1,9 @@
 package conf

+import (
+	"github.com/alist-org/alist/v3/pkg/utils/random"
+)
+
 type Database struct {
 	Type        string `json:"type" env:"DB_TYPE"`
 	Host        string `json:"host" env:"DB_HOST"`
@ -30,6 +34,7 @@ type Config struct {
 	Force           bool      `json:"force"`
 	Address         string    `json:"address" env:"ADDR"`
 	Port            int       `json:"port" env:"PORT"`
+	JwtSecret       string    `json:"jwt_secret" env:"JWT_SECRET"`
 	CaCheExpiration int       `json:"cache_expiration" env:"CACHE_EXPIRATION"`
 	Assets          string    `json:"assets" env:"ASSETS"`
 	Database        Database  `json:"database"`
@ -40,10 +45,11 @@ type Config struct {

 func DefaultConfig() *Config {
 	return &Config{
-		Address: "0.0.0.0",
-		Port:    5244,
-		Assets:  "https://npm.elemecdn.com/alist-web@$version/dist",
-		TempDir: "data/temp",
+		Address:   "0.0.0.0",
+		Port:      5244,
+		JwtSecret: random.RandomStr(16),
+		Assets:    "https://npm.elemecdn.com/alist-web@$version/dist",
+		TempDir:   "data/temp",
 		Database: Database{
 			Type:        "sqlite3",
 			Port:        0,
--- a/internal/model/user.go
+++ b/internal/model/user.go
@ -1,5 +1,7 @@
 package model

+import "github.com/pkg/errors"
+
 const (
 	GENERAL = iota
 	GUEST   // only one exists
@ -7,12 +9,12 @@ const (
 )

 type User struct {
-	ID       uint   `json:"id" gorm:"primaryKey"` // unique key
-	Name     string `json:"name" gorm:"unique"`   // username
-	Password string `json:"password"`             // password
-	BasePath string `json:"base_path"`            // base path
-	ReadOnly bool   `json:"read_only"`            // allow upload
-	Role     int    `json:"role"`                 // user's role
+	ID       uint   `json:"id" gorm:"primaryKey"`   // unique key
+	Username string `json:"username" gorm:"unique"` // username
+	Password string `json:"password"`               // password
+	BasePath string `json:"base_path"`              // base path
+	ReadOnly bool   `json:"read_only"`              // allow upload
+	Role     int    `json:"role"`                   // user's role
 }

 func (u User) IsGuest() bool {
@ -22,3 +24,13 @@ func (u User) IsGuest() bool {
 func (u User) IsAdmin() bool {
 	return u.Role == ADMIN
 }
+
+func (u User) ValidatePassword(password string) error {
+	if password == "" {
+		return errors.New("password is empty")
+	}
+	if u.Password != password {
+		return errors.New("password is incorrect")
+	}
+	return nil
+}
--- a/internal/server/common/auth.go
+++ b/internal/server/common/auth.go
@ -0,0 +1,50 @@
+package common
+
+import (
+	"github.com/golang-jwt/jwt/v4"
+	"github.com/pkg/errors"
+	"time"
+)
+
+var SecretKey []byte
+
+type UserClaims struct {
+	Username string `json:"username"`
+	jwt.RegisteredClaims
+}
+
+func GenerateToken(username string) (tokenString string, err error) {
+	claim := UserClaims{
+		Username: username,
+		RegisteredClaims: jwt.RegisteredClaims{
+			ExpiresAt: jwt.NewNumericDate(time.Now().Add(12 * time.Hour)),
+			IssuedAt:  jwt.NewNumericDate(time.Now()),
+			NotBefore: jwt.NewNumericDate(time.Now()),
+		}}
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claim)
+	tokenString, err = token.SignedString(SecretKey)
+	return tokenString, err
+}
+
+func ParseToken(tokenString string) (*UserClaims, error) {
+	token, err := jwt.ParseWithClaims(tokenString, &UserClaims{}, func(token *jwt.Token) (interface{}, error) {
+		return SecretKey, nil
+	})
+	if err != nil {
+		if ve, ok := err.(*jwt.ValidationError); ok {
+			if ve.Errors&jwt.ValidationErrorMalformed != 0 {
+				return nil, errors.New("that's not even a token")
+			} else if ve.Errors&jwt.ValidationErrorExpired != 0 {
+				return nil, errors.New("token is expired")
+			} else if ve.Errors&jwt.ValidationErrorNotValidYet != 0 {
+				return nil, errors.New("token not active yet")
+			} else {
+				return nil, errors.New("couldn't handle this token")
+			}
+		}
+	}
+	if claims, ok := token.Claims.(*UserClaims); ok && token.Valid {
+		return claims, nil
+	}
+	return nil, errors.New("couldn't handle this token")
+}
--- a/internal/server/common/common.go
+++ b/internal/server/common/common.go
@ -0,0 +1,48 @@
+package common
+
+import (
+	"github.com/gin-gonic/gin"
+	log "github.com/sirupsen/logrus"
+)
+
+type Resp struct {
+	Code    int         `json:"code"`
+	Message string      `json:"message"`
+	Data    interface{} `json:"data"`
+}
+
+func ErrorResp(c *gin.Context, err error, code int) {
+	log.Error(err.Error())
+	c.JSON(200, Resp{
+		Code:    code,
+		Message: err.Error(),
+		Data:    nil,
+	})
+	c.Abort()
+}
+
+func ErrorStrResp(c *gin.Context, str string, code int) {
+	log.Error(str)
+	c.JSON(200, Resp{
+		Code:    code,
+		Message: str,
+		Data:    nil,
+	})
+	c.Abort()
+}
+
+func SuccessResp(c *gin.Context, data ...interface{}) {
+	if len(data) == 0 {
+		c.JSON(200, Resp{
+			Code:    200,
+			Message: "success",
+			Data:    nil,
+		})
+		return
+	}
+	c.JSON(200, Resp{
+		Code:    200,
+		Message: "success",
+		Data:    data[0],
+	})
+}
--- a/internal/server/controllers/login.go
+++ b/internal/server/controllers/login.go
@ -0,0 +1,56 @@
+package controllers
+
+import (
+	"github.com/Xhofe/go-cache"
+	"github.com/alist-org/alist/v3/internal/server/common"
+	"github.com/alist-org/alist/v3/internal/store"
+	"github.com/gin-gonic/gin"
+	"time"
+)
+
+var loginCache = cache.NewMemCache[int]()
+var (
+	defaultDuration = time.Minute * 5
+	defaultTimes    = 5
+)
+
+type LoginReq struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+}
+
+func Login(c *gin.Context) {
+	// check count of login
+	ip := c.ClientIP()
+	count, ok := loginCache.Get(ip)
+	if ok && count > defaultTimes {
+		common.ErrorStrResp(c, "Too many unsuccessful sign-in attempts have been made using an incorrect password. Try again later.", 403)
+		loginCache.Expire(ip, defaultDuration)
+		return
+	}
+	// check username
+	var req LoginReq
+	if err := c.ShouldBind(&req); err != nil {
+		common.ErrorResp(c, err, 400)
+		return
+	}
+	user, err := store.GetUserByName(req.Username)
+	if err != nil {
+		common.ErrorResp(c, err, 400)
+		return
+	}
+	// validate password
+	if err := user.ValidatePassword(req.Password); err != nil {
+		common.ErrorResp(c, err, 400)
+		loginCache.Set(ip, count+1)
+		return
+	}
+	// generate token
+	token, err := common.GenerateToken(user.Username)
+	if err != nil {
+		common.ErrorResp(c, err, 400)
+		return
+	}
+	common.SuccessResp(c, gin.H{"token": token})
+	loginCache.Del(ip)
+}
--- a/internal/server/controllers/user.go
+++ b/internal/server/controllers/user.go
@ -1 +0,0 @@
-package controllers
--- a/internal/server/middlewares/auth.go
+++ b/internal/server/middlewares/auth.go
@ -0,0 +1,25 @@
+package middlewares
+
+import (
+	"github.com/alist-org/alist/v3/internal/server/common"
+	"github.com/alist-org/alist/v3/internal/store"
+	"github.com/gin-gonic/gin"
+)
+
+func AuthAdmin(c *gin.Context) {
+	token := c.GetHeader("Authorization")
+	userClaims, err := common.ParseToken(token)
+	if err != nil {
+		common.ErrorResp(c, err, 401)
+		c.Abort()
+		return
+	}
+	user, err := store.GetUserByName(userClaims.Username)
+	if err != nil {
+		common.ErrorResp(c, err, 401)
+		c.Abort()
+		return
+	}
+	c.Set("user", user)
+	c.Next()
+}
--- a/internal/server/router.go
+++ b/internal/server/router.go
@ -1,12 +1,19 @@
 package server

 import (
+	"github.com/alist-org/alist/v3/internal/conf"
+	"github.com/alist-org/alist/v3/internal/server/common"
+	"github.com/alist-org/alist/v3/internal/server/controllers"
 	"github.com/gin-contrib/cors"
 	"github.com/gin-gonic/gin"
 )

 func Init(r *gin.Engine) {
+	common.SecretKey = []byte(conf.Conf.JwtSecret)
 	Cors(r)
+
+	api := r.Group("/api")
+	api.POST("/user/login", controllers.Login)
 }

 func Cors(r *gin.Engine) {
--- a/internal/store/user.go
+++ b/internal/store/user.go
@ -18,17 +18,17 @@ func ExistGuest() bool {
 	return db.Take(&model.User{Role: model.GUEST}).Error != nil
 }

-func GetUserByName(name string) (*model.User, error) {
-	user, ok := userCache.Get(name)
+func GetUserByName(username string) (*model.User, error) {
+	user, ok := userCache.Get(username)
 	if ok {
 		return user, nil
 	}
-	user, err, _ := userG.Do(name, func() (*model.User, error) {
-		user := model.User{Name: name}
+	user, err, _ := userG.Do(username, func() (*model.User, error) {
+		user := model.User{Username: username}
 		if err := db.Where(user).First(&user).Error; err != nil {
-			return nil, errors.Wrapf(err, "failed select user")
+			return nil, errors.Wrapf(err, "failed find user")
 		}
-		userCache.Set(name, &user)
+		userCache.Set(username, &user)
 		return &user, nil
 	})
 	return user, err
@ -51,7 +51,7 @@ func UpdateUser(u *model.User) error {
 	if err != nil {
 		return err
 	}
-	userCache.Del(old.Name)
+	userCache.Del(old.Username)
 	return errors.WithStack(db.Save(u).Error)
 }

@ -73,6 +73,6 @@ func DeleteUserById(id uint) error {
 	if err != nil {
 		return err
 	}
-	userCache.Del(old.Name)
+	userCache.Del(old.Username)
 	return errors.WithStack(db.Delete(&model.User{}, id).Error)
 }