feat: user jwt login

2022-06-25 21:34:44 +08:00
parent 306b90399c
commit c5295f4d72
16 changed files with 269 additions and 21 deletions
--- a/internal/server/common/auth.go
+++ b/internal/server/common/auth.go
@ -0,0 +1,50 @@
+package common
+
+import (
+	"github.com/golang-jwt/jwt/v4"
+	"github.com/pkg/errors"
+	"time"
+)
+
+var SecretKey []byte
+
+type UserClaims struct {
+	Username string `json:"username"`
+	jwt.RegisteredClaims
+}
+
+func GenerateToken(username string) (tokenString string, err error) {
+	claim := UserClaims{
+		Username: username,
+		RegisteredClaims: jwt.RegisteredClaims{
+			ExpiresAt: jwt.NewNumericDate(time.Now().Add(12 * time.Hour)),
+			IssuedAt:  jwt.NewNumericDate(time.Now()),
+			NotBefore: jwt.NewNumericDate(time.Now()),
+		}}
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claim)
+	tokenString, err = token.SignedString(SecretKey)
+	return tokenString, err
+}
+
+func ParseToken(tokenString string) (*UserClaims, error) {
+	token, err := jwt.ParseWithClaims(tokenString, &UserClaims{}, func(token *jwt.Token) (interface{}, error) {
+		return SecretKey, nil
+	})
+	if err != nil {
+		if ve, ok := err.(*jwt.ValidationError); ok {
+			if ve.Errors&jwt.ValidationErrorMalformed != 0 {
+				return nil, errors.New("that's not even a token")
+			} else if ve.Errors&jwt.ValidationErrorExpired != 0 {
+				return nil, errors.New("token is expired")
+			} else if ve.Errors&jwt.ValidationErrorNotValidYet != 0 {
+				return nil, errors.New("token not active yet")
+			} else {
+				return nil, errors.New("couldn't handle this token")
+			}
+		}
+	}
+	if claims, ok := token.Claims.(*UserClaims); ok && token.Valid {
+		return claims, nil
+	}
+	return nil, errors.New("couldn't handle this token")
+}
--- a/internal/server/common/common.go
+++ b/internal/server/common/common.go
@ -0,0 +1,48 @@
+package common
+
+import (
+	"github.com/gin-gonic/gin"
+	log "github.com/sirupsen/logrus"
+)
+
+type Resp struct {
+	Code    int         `json:"code"`
+	Message string      `json:"message"`
+	Data    interface{} `json:"data"`
+}
+
+func ErrorResp(c *gin.Context, err error, code int) {
+	log.Error(err.Error())
+	c.JSON(200, Resp{
+		Code:    code,
+		Message: err.Error(),
+		Data:    nil,
+	})
+	c.Abort()
+}
+
+func ErrorStrResp(c *gin.Context, str string, code int) {
+	log.Error(str)
+	c.JSON(200, Resp{
+		Code:    code,
+		Message: str,
+		Data:    nil,
+	})
+	c.Abort()
+}
+
+func SuccessResp(c *gin.Context, data ...interface{}) {
+	if len(data) == 0 {
+		c.JSON(200, Resp{
+			Code:    200,
+			Message: "success",
+			Data:    nil,
+		})
+		return
+	}
+	c.JSON(200, Resp{
+		Code:    200,
+		Message: "success",
+		Data:    data[0],
+	})
+}
--- a/internal/server/controllers/login.go
+++ b/internal/server/controllers/login.go
@ -0,0 +1,56 @@
+package controllers
+
+import (
+	"github.com/Xhofe/go-cache"
+	"github.com/alist-org/alist/v3/internal/server/common"
+	"github.com/alist-org/alist/v3/internal/store"
+	"github.com/gin-gonic/gin"
+	"time"
+)
+
+var loginCache = cache.NewMemCache[int]()
+var (
+	defaultDuration = time.Minute * 5
+	defaultTimes    = 5
+)
+
+type LoginReq struct {
+	Username string `json:"username"`
+	Password string `json:"password"`
+}
+
+func Login(c *gin.Context) {
+	// check count of login
+	ip := c.ClientIP()
+	count, ok := loginCache.Get(ip)
+	if ok && count > defaultTimes {
+		common.ErrorStrResp(c, "Too many unsuccessful sign-in attempts have been made using an incorrect password. Try again later.", 403)
+		loginCache.Expire(ip, defaultDuration)
+		return
+	}
+	// check username
+	var req LoginReq
+	if err := c.ShouldBind(&req); err != nil {
+		common.ErrorResp(c, err, 400)
+		return
+	}
+	user, err := store.GetUserByName(req.Username)
+	if err != nil {
+		common.ErrorResp(c, err, 400)
+		return
+	}
+	// validate password
+	if err := user.ValidatePassword(req.Password); err != nil {
+		common.ErrorResp(c, err, 400)
+		loginCache.Set(ip, count+1)
+		return
+	}
+	// generate token
+	token, err := common.GenerateToken(user.Username)
+	if err != nil {
+		common.ErrorResp(c, err, 400)
+		return
+	}
+	common.SuccessResp(c, gin.H{"token": token})
+	loginCache.Del(ip)
+}
--- a/internal/server/controllers/user.go
+++ b/internal/server/controllers/user.go
@ -1 +0,0 @@
-package controllers
--- a/internal/server/middlewares/auth.go
+++ b/internal/server/middlewares/auth.go
@ -0,0 +1,25 @@
+package middlewares
+
+import (
+	"github.com/alist-org/alist/v3/internal/server/common"
+	"github.com/alist-org/alist/v3/internal/store"
+	"github.com/gin-gonic/gin"
+)
+
+func AuthAdmin(c *gin.Context) {
+	token := c.GetHeader("Authorization")
+	userClaims, err := common.ParseToken(token)
+	if err != nil {
+		common.ErrorResp(c, err, 401)
+		c.Abort()
+		return
+	}
+	user, err := store.GetUserByName(userClaims.Username)
+	if err != nil {
+		common.ErrorResp(c, err, 401)
+		c.Abort()
+		return
+	}
+	c.Set("user", user)
+	c.Next()
+}
--- a/internal/server/router.go
+++ b/internal/server/router.go
@ -1,12 +1,19 @@
 package server

 import (
+	"github.com/alist-org/alist/v3/internal/conf"
+	"github.com/alist-org/alist/v3/internal/server/common"
+	"github.com/alist-org/alist/v3/internal/server/controllers"
 	"github.com/gin-contrib/cors"
 	"github.com/gin-gonic/gin"
 )

 func Init(r *gin.Engine) {
+	common.SecretKey = []byte(conf.Conf.JwtSecret)
 	Cors(r)
+
+	api := r.Group("/api")
+	api.POST("/user/login", controllers.Login)
 }

 func Cors(r *gin.Engine) {