Documentation
¶
Index ¶
- Constants
- Variables
- func GenerateState() string
- type Claim
- type Claims
- func (c *Claims) GenerateKeyPair(dir string) error
- func (c *Claims) GenerateTokenPair(info Info) (*TokenPair, error)
- func (c *Claims) GetPrivateKey() ed25519.PrivateKey
- func (c *Claims) GetPublicKey() ed25519.PublicKey
- func (c *Claims) ParseAccessToken(tokenString string) (*Claims, error)
- func (c *Claims) RefreshTokenPair(refreshToken string) (*TokenPair, error)
- type Config
- type Info
- type OAuthConfig
- type OAuthProvider
- type OAuthUserInfo
- type RedisTokenStore
- func (s *RedisTokenStore) IncrLoginAttempts(ctx context.Context, identifier string) (int64, error)
- func (s *RedisTokenStore) IsLoginLocked(ctx context.Context, identifier string) bool
- func (s *RedisTokenStore) IsTokenRevoked(ctx context.Context, tokenID string) bool
- func (s *RedisTokenStore) LockLogin(ctx context.Context, identifier string) error
- func (s *RedisTokenStore) ResetLoginAttempts(ctx context.Context, identifier string) error
- func (s *RedisTokenStore) RevokeToken(ctx context.Context, tokenID string, expiration time.Duration) error
- type TokenPair
- type TokenStore
Constants ¶
View Source
const ( // AccessTokenExpiry 访问令牌过期时间 AccessTokenExpiry = 2 * time.Hour // RefreshTokenExpiry 刷新令牌过期时间 RefreshTokenExpiry = 2 * 24 * time.Hour // MaxLoginAttempts 最大登录尝试次数 MaxLoginAttempts = 5 // PEM类型常量 PrivateKeyPEMType = "PRIVATE KEY" PublicKeyPEMType = "PUBLIC KEY" PrivateKeyFileName = "private.pem" PublicKeyFileName = "public.pem" )
Variables ¶
View Source
var ( ErrInvalidProvider = errors.New("invalid OAuth provider") ErrUserInfoFailed = errors.New("failed to get user info") )
View Source
var ( WechatEndpoint = oauth2.Endpoint{ AuthURL: "https://open.weixin.qq.com/connect/qrconnect", TokenURL: "https://api.weixin.qq.com/sns/oauth2/access_token", } QQEndpoint = oauth2.Endpoint{ AuthURL: "https://graph.qq.com/oauth2.0/authorize", TokenURL: "https://graph.qq.com/oauth2.0/token", } WeiboEndpoint = oauth2.Endpoint{ AuthURL: "https://api.weibo.com/oauth2/authorize", TokenURL: "https://api.weibo.com/oauth2/access_token", } )
自定义 OAuth2 端点
View Source
var (
ErrInvalidToken = errors.New("invalid token")
)
Functions ¶
Types ¶
type Claim ¶
type Claim interface {
GetPublicKey() ed25519.PublicKey
GetPrivateKey() ed25519.PrivateKey
GenerateKeyPair(dir string) error
GenerateTokenPair(info Info) (*TokenPair, error)
RefreshTokenPair(refreshToken string) (*TokenPair, error)
ParseAccessToken(tokenString string) (*Claims, error)
}
type Claims ¶
Claims 自定义的 JWT Claims
func (*Claims) GenerateKeyPair ¶
GenerateKeyPair 生成新的Ed25519密钥对
func (*Claims) GenerateTokenPair ¶
GenerateTokenPair 生成访问令牌和刷新令牌对
func (*Claims) GetPrivateKey ¶
func (c *Claims) GetPrivateKey() ed25519.PrivateKey
func (*Claims) GetPublicKey ¶
func (*Claims) ParseAccessToken ¶
ParseAccessToken 解析访问令牌
type Config ¶
type Config struct {
TokenExpiryHours int `yaml:"token_expiry_hours" json:"token_expiry_hours"`
RefreshTokenExpiryHours int `yaml:"refresh_token_expiry_hours" json:"refresh_token_expiry_hours"`
PrivateKey string `yaml:"private_key" json:"private_key"`
PublicKey string `yaml:"public_key" json:"public_key"`
// contains filtered or unexported fields
}
type Info ¶
type Info struct {
Issuer string `json:"issuer"`
UserID string `json:"user_id"`
Username string `json:"username"`
Data any `json:"data"`
}
保存的信息
type OAuthConfig ¶
type OAuthConfig struct {
Providers map[string]*OAuthProvider
}
OAuthConfig OAuth2配置
func NewOAuthConfig ¶
func NewOAuthConfig(baseURL string, configs map[string]map[string]string) *OAuthConfig
NewOAuthConfig 创建新的OAuth配置
func (*OAuthConfig) GetProvider ¶
func (c *OAuthConfig) GetProvider(name string) (*OAuthProvider, error)
GetProvider 获取指定的OAuth提供商
type OAuthProvider ¶
type OAuthProvider struct {
Config *oauth2.Config
GetUserInfo func(ctx context.Context, client *http.Client) (*OAuthUserInfo, error)
}
OAuthProvider OAuth2提供商配置
type OAuthUserInfo ¶
type OAuthUserInfo struct {
ID string `json:"id"`
Email string `json:"email"`
Name string `json:"name"`
AvatarURL string `json:"avatar_url"`
Provider string `json:"provider"`
OpenID string `json:"open_id"`
UnionID string `json:"union_id,omitempty"`
Extra map[string]interface{} `json:"extra,omitempty"`
}
OAuthUserInfo 统一的用户信息结构
type RedisTokenStore ¶
type RedisTokenStore struct {
// contains filtered or unexported fields
}
RedisTokenStore Redis实现的令牌存储
func (*RedisTokenStore) IncrLoginAttempts ¶
IncrLoginAttempts 增加登录尝试次数
func (*RedisTokenStore) IsLoginLocked ¶
func (s *RedisTokenStore) IsLoginLocked(ctx context.Context, identifier string) bool
IsLoginLocked 检查登录是否被锁定
func (*RedisTokenStore) IsTokenRevoked ¶
func (s *RedisTokenStore) IsTokenRevoked(ctx context.Context, tokenID string) bool
IsTokenRevoked 检查令牌是否已被撤销
func (*RedisTokenStore) LockLogin ¶
func (s *RedisTokenStore) LockLogin(ctx context.Context, identifier string) error
LockLogin 锁定登录
func (*RedisTokenStore) ResetLoginAttempts ¶
func (s *RedisTokenStore) ResetLoginAttempts(ctx context.Context, identifier string) error
ResetLoginAttempts 重置登录尝试次数
func (*RedisTokenStore) RevokeToken ¶
func (s *RedisTokenStore) RevokeToken(ctx context.Context, tokenID string, expiration time.Duration) error
RevokeToken 撤销令牌
type TokenPair ¶
type TokenPair struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
}
TokenPair 访问令牌和刷新令牌对
type TokenStore ¶
type TokenStore interface {
// 令牌黑名单相关
RevokeToken(ctx context.Context, tokenID string, expiration time.Duration) error
IsTokenRevoked(ctx context.Context, tokenID string) bool
// 登录频率限制相关
IncrLoginAttempts(ctx context.Context, identifier string) (int64, error)
IsLoginLocked(ctx context.Context, identifier string) bool
LockLogin(ctx context.Context, identifier string) error
ResetLoginAttempts(ctx context.Context, identifier string) error
}
TokenStore 令牌存储接口
func NewRedisTokenStore ¶
func NewRedisTokenStore(client *redis.Client) TokenStore
NewRedisTokenStore 创建新的Redis令牌存储
Source Files
Click to show internal directories.
Click to hide internal directories.