🎉 Initial Commit

2024-03-26 23:05:13 +08:00
commit 99f85a8b76
55 changed files with 2827 additions and 0 deletions
--- a/pkg/security/encryptor.go
+++ b/pkg/security/encryptor.go
@@ -0,0 +1,12 @@
+package security
+
+import "golang.org/x/crypto/bcrypt"
+
+func HashPassword(raw string) string {
+	data, _ := bcrypt.GenerateFromPassword([]byte(raw), 12)
+	return string(data)
+}
+
+func VerifyPassword(text string, password string) bool {
+	return bcrypt.CompareHashAndPassword([]byte(password), []byte(text)) == nil
+}
--- a/pkg/security/jwt.go
+++ b/pkg/security/jwt.go
@@ -0,0 +1,81 @@
+package security
+
+import (
+	"fmt"
+	"github.com/gofiber/fiber/v2"
+	"time"
+
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/spf13/viper"
+)
+
+type PayloadClaims struct {
+	jwt.RegisteredClaims
+
+	Type string `json:"typ"`
+}
+
+const (
+	JwtAccessType  = "access"
+	JwtRefreshType = "refresh"
+)
+
+const (
+	CookieAccessKey  = "identity_auth_key"
+	CookieRefreshKey = "identity_refresh_key"
+)
+
+func EncodeJwt(id string, typ, sub string, aud []string, exp time.Time) (string, error) {
+	tk := jwt.NewWithClaims(jwt.SigningMethodHS512, PayloadClaims{
+		jwt.RegisteredClaims{
+			Subject:   sub,
+			Audience:  aud,
+			Issuer:    fmt.Sprintf("https://%s", viper.GetString("domain")),
+			ExpiresAt: jwt.NewNumericDate(exp),
+			NotBefore: jwt.NewNumericDate(time.Now()),
+			IssuedAt:  jwt.NewNumericDate(time.Now()),
+			ID:        id,
+		},
+		typ,
+	})
+
+	return tk.SignedString([]byte(viper.GetString("secret")))
+}
+
+func DecodeJwt(str string) (PayloadClaims, error) {
+	var claims PayloadClaims
+	tk, err := jwt.ParseWithClaims(str, &claims, func(token *jwt.Token) (interface{}, error) {
+		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
+		}
+		return []byte(viper.GetString("secret")), nil
+	})
+	if err != nil {
+		return claims, err
+	}
+
+	if data, ok := tk.Claims.(*PayloadClaims); ok {
+		return *data, nil
+	} else {
+		return claims, fmt.Errorf("unexpected token payload: not payload claims type")
+	}
+}
+
+func SetJwtCookieSet(c *fiber.Ctx, access, refresh string) {
+	c.Cookie(&fiber.Cookie{
+		Name:     CookieAccessKey,
+		Value:    access,
+		Domain:   viper.GetString("security.cookie_domain"),
+		SameSite: viper.GetString("security.cookie_samesite"),
+		Expires:  time.Now().Add(60 * time.Minute),
+		Path:     "/",
+	})
+	c.Cookie(&fiber.Cookie{
+		Name:     CookieRefreshKey,
+		Value:    refresh,
+		Domain:   viper.GetString("security.cookie_domain"),
+		SameSite: viper.GetString("security.cookie_samesite"),
+		Expires:  time.Now().Add(24 * 30 * time.Hour),
+		Path:     "/",
+	})
+}