feat: impl user access token api

2025-06-05 22:09:59 +02:00 · 2023-09-14 20:16:17 +08:00
parent 41e26f56e9
commit 42bd9b194b
26 changed files with 507 additions and 240 deletions
--- a/api/auth/auth.go
+++ b/api/auth/auth.go
@ -1,13 +1,13 @@
 package auth

 import (
+	"fmt"
 	"time"
+
+	"github.com/golang-jwt/jwt/v4"
 )

 const (
-	// The key name used to store user id in the context
-	// user id is extracted from the jwt token subject field.
-	UserIDContextKey = "user-id"
 	// issuer is the issuer of the jwt token.
 	Issuer = "memos"
 	// Signing key section. For now, this is only used for signing, not for verifying since we only
@ -23,3 +23,42 @@ const (
 	// AccessTokenCookieName is the cookie name of access token.
 	AccessTokenCookieName = "memos.access-token"
 )
+
+type ClaimsMessage struct {
+	Name string `json:"name"`
+	jwt.RegisteredClaims
+}
+
+// GenerateAccessToken generates an access token.
+// username is the email of the user.
+func GenerateAccessToken(username string, userID int32, expirationTime time.Time, secret string) (string, error) {
+	return generateToken(username, userID, AccessTokenAudienceName, expirationTime, []byte(secret))
+}
+
+// generateToken generates a jwt token.
+func generateToken(username string, userID int32, audience string, expirationTime time.Time, secret []byte) (string, error) {
+	registeredClaims := jwt.RegisteredClaims{
+		Issuer:   Issuer,
+		Audience: jwt.ClaimStrings{audience},
+		IssuedAt: jwt.NewNumericDate(time.Now()),
+		Subject:  fmt.Sprint(userID),
+	}
+	if expirationTime.After(time.Now()) {
+		registeredClaims.ExpiresAt = jwt.NewNumericDate(expirationTime)
+	}
+
+	// Declare the token with the HS256 algorithm used for signing, and the claims.
+	token := jwt.NewWithClaims(jwt.SigningMethodHS256, &ClaimsMessage{
+		Name:             username,
+		RegisteredClaims: registeredClaims,
+	})
+	token.Header["kid"] = KeyID
+
+	// Create the JWT string.
+	tokenString, err := token.SignedString(secret)
+	if err != nil {
+		return "", err
+	}
+
+	return tokenString, nil
+}