✨Feat: jwt token加密算法由ES256更换为HS256

2022-04-03 13:29:47 +08:00
parent ec4c957b25
commit e1f6d3c822
8 changed files with 34 additions and 188 deletions
--- a/pkg/common/token.go
+++ b/pkg/common/token.go
@@ -1,15 +1,8 @@
 package common

 import (
-	"crypto/ecdsa"
-	"crypto/elliptic"
-	"crypto/rand"
 	"drive-linked/config"
-	"drive-linked/pkg/utils"
 	"github.com/golang-jwt/jwt/v4"
-	"github.com/kataras/golog"
-	"io/ioutil"
-	"os"
 	"time"
 )

@@ -18,71 +11,15 @@ type JwtClaims struct {
 	jwt.RegisteredClaims
 }

-var ECDSAKey *ecdsa.PrivateKey
-
-// 生成ES256密钥对，并保存在文件中
-func init() {
-	// 密钥对存在时跳过
-	//TODO:bug:会重复生成key
-	if isExist := utils.FileExist("id_ecdsa") && utils.FileExist("id_ecdsa.pub"); isExist {
-		return
-	}
-
-	key, err := newES256Key()
-	if err != nil {
-		golog.Fatal("生成ES256密钥错误")
-	}
-
-	// 写入至文件
-	pubKeyBytes, err := utils.EncodePublicKey(&key.PublicKey)
-	if err != nil {
-		golog.Fatal(err)
-	}
-	priKeyBytes, err := utils.EncodePrivateKey(key)
-	if err != nil {
-		golog.Fatal(err)
-	}
-
-	priKeyFile, err := os.OpenFile("id_ecdsa", os.O_CREATE, 0600)
-	if err != nil {
-		golog.Fatal(err)
-	}
-	pubKeyFile, err := os.OpenFile("id_ecdsa.pub", os.O_CREATE, 0655)
-	if err != nil {
-		golog.Fatal(err)
-	}
-	priKeyFile.Write(priKeyBytes)
-	pubKeyFile.Write(pubKeyBytes)
-}
-
-func newES256Key() (key *ecdsa.PrivateKey, err error) {
-	key, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
-	return key, err
-}
-
-func LoadKey() error {
-	if ECDSAKey != nil {
-		return nil
-	}
-
-	priKeyBytes, err := ioutil.ReadFile(config.Cfg.Security.Jwt.PrivateKey)
-	if err != nil {
-		return err
-	}
-	key, err := utils.DecodePrivateKey(priKeyBytes)
-	if err != nil {
-		return err
-	}
-	ECDSAKey = key
-	return nil
-}
-
 //TODO:token解密验证
 func ValidateLogin(token string) error {
 	return nil
 }

 func NewToken(auds ...string) (string, error) {
+	if len(auds) == 0 {
+		auds = []string{"nonAudience"}
+	}
 	// Create the claims
 	claims := JwtClaims{
 		"bar",
@@ -93,12 +30,12 @@ func NewToken(auds ...string) (string, error) {
 			NotBefore: jwt.NewNumericDate(time.Now()),
 			Issuer:    "drivelinked",
 			Subject:   "login",
-			Audience:  []string{"eigeen"},
+			Audience:  auds,
 		},
 	}

-	token := jwt.NewWithClaims(jwt.SigningMethodES256, claims)
-	ss, err := token.SignedString(ECDSAKey)
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	ss, err := token.SignedString([]byte(config.Cfg.Security.Jwt.Secret))
 	if err != nil {
 		return "", err
 	}
--- a/pkg/common/token_test.go
+++ b/pkg/common/token_test.go
@@ -7,10 +7,6 @@ import (

 func TestNewToken(t *testing.T) {
 	config.SetupConfig()
-	err := LoadKey()
-	if err != nil {
-		t.Fatal(err)
-	}

 	token, err := NewToken("eigeen")
 	if err != nil {