实现刷新token机制

2025-07-22 19:05:57 +08:00 · 2025-07-22 19:05:57 +08:00 · 13010ec1a4
parent d3e3a66eca
commit 13010ec1a4
1 changed files with 39 additions and 0 deletions
--- a/service/auth.go
+++ b/service/auth.go
@ -152,7 +152,15 @@ func (s *AuthService) Login(ctx context.Context, req *pb.LoginRequest) (res *pb.
 		IssuedAt:     time.Now().Unix(),
 		ExpirationAt: time.Now().Add(time.Second * time.Duration(s.opts.ttl)).Unix(),
 	}
+	refreshClaims := types.Claims{
+		Uid:          model.Uid,
+		Role:         model.Role,
+		Admin:        model.Admin,
+		IssuedAt:     time.Now().Unix(),
+		ExpirationAt: time.Now().Add(time.Hour * 48).Unix(),
+	}
 	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
+	refreshToken := jwt.NewWithClaims(jwt.SigningMethodHS256, refreshClaims)

 	res = &pb.LoginResponse{}
 	if res.Token, err = token.SignedString(s.opts.secret); err == nil {
@ -160,6 +168,7 @@ func (s *AuthService) Login(ctx context.Context, req *pb.LoginRequest) (res *pb.
 		res.Username = model.Username
 		res.Expires = s.opts.ttl
 	}
+	res.RefreshToken, err = refreshToken.SignedString(s.opts.secret)
 	loginModel := &models.Login{}
 	loginModel.Uid = model.Uid
 	loginModel.AccessToken = res.Token
@ -186,6 +195,36 @@ func (s *AuthService) Logout(ctx context.Context, req *pb.LogoutRequest) (res *p
 	return
 }

+func (s *AuthService) RefreshToken(ctx context.Context, req *pb.RefreshTokenRequest) (res *pb.RefreshTokenResponse, err error) {
+	var (
+		token *jwt.Token
+	)
+	if token, err = jwt.ParseWithClaims(req.RefreshToken, &types.Claims{}, func(token *jwt.Token) (interface{}, error) {
+		return s.opts.secret, nil
+	}); err != nil {
+		return
+	}
+	if claims, ok := token.Claims.(*types.Claims); ok {
+		tokenClaims := types.Claims{
+			Uid:          claims.Uid,
+			Role:         claims.Role,
+			Admin:        claims.Admin,
+			IssuedAt:     time.Now().Unix(),
+			ExpirationAt: time.Now().Add(time.Second * time.Duration(s.opts.ttl)).Unix(),
+		}
+		token := jwt.NewWithClaims(jwt.SigningMethodHS256, tokenClaims)
+		res = &pb.RefreshTokenResponse{}
+		if res.Token, err = token.SignedString(s.opts.secret); err == nil {
+			res.Uid = claims.Uid
+			res.Expires = s.opts.ttl
+			return
+		}
+	} else {
+		err = errors.ErrIncompatible
+	}
+	return
+}
+
 func NewAuthService(cbs ...AuthOption) *AuthService {
 	opts := &authOptions{
 		ttl: 7200,