85 lines
1.9 KiB
Go
85 lines
1.9 KiB
Go
package service
|
|
|
|
import (
|
|
"errors"
|
|
"time"
|
|
|
|
"hyapp-admin-server/internal/security"
|
|
|
|
"github.com/golang-jwt/jwt/v5"
|
|
)
|
|
|
|
type AuthService struct {
|
|
secret []byte
|
|
ttl time.Duration
|
|
}
|
|
|
|
type Claims struct {
|
|
UserID uint `json:"uid"`
|
|
Username string `json:"username"`
|
|
Permissions []string `json:"permissions"`
|
|
jwt.RegisteredClaims
|
|
}
|
|
|
|
func NewAuthService(secret string, accessTTL time.Duration) *AuthService {
|
|
return &AuthService{secret: []byte(secret), ttl: accessTTL}
|
|
}
|
|
|
|
func HashPassword(password string) (string, error) {
|
|
return security.HashPassword(password)
|
|
}
|
|
|
|
func CheckPassword(hash string, password string) bool {
|
|
return security.CheckPassword(hash, password)
|
|
}
|
|
|
|
func (s *AuthService) GenerateAccessToken(userID uint, username string, permissions []string) (string, time.Time, error) {
|
|
now := time.Now().UTC()
|
|
expiresAt := now.Add(s.ttl)
|
|
claims := Claims{
|
|
UserID: userID,
|
|
Username: username,
|
|
Permissions: permissions,
|
|
RegisteredClaims: jwt.RegisteredClaims{
|
|
ExpiresAt: jwt.NewNumericDate(expiresAt),
|
|
IssuedAt: jwt.NewNumericDate(now),
|
|
Subject: username,
|
|
},
|
|
}
|
|
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
|
signed, err := token.SignedString(s.secret)
|
|
if err != nil {
|
|
return "", time.Time{}, err
|
|
}
|
|
|
|
return signed, expiresAt, nil
|
|
}
|
|
|
|
func (s *AuthService) ParseAccessToken(tokenString string) (*Claims, error) {
|
|
token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (any, error) {
|
|
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
|
return nil, errors.New("unexpected jwt signing method")
|
|
}
|
|
return s.secret, nil
|
|
})
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
claims, ok := token.Claims.(*Claims)
|
|
if !ok || !token.Valid {
|
|
return nil, errors.New("invalid jwt")
|
|
}
|
|
|
|
return claims, nil
|
|
}
|
|
|
|
func NewRefreshToken() (string, string, error) {
|
|
return security.NewRefreshToken()
|
|
}
|
|
|
|
func HashToken(token string) string {
|
|
return security.HashToken(token)
|
|
}
|