使用Kratos进行代码的开发,对一些简单功能进行简单的记录。

JWT验证

拦截中间件以及验证JWT Token,过滤掉不验证的URL。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
func NewWhiteListMatcher() selector.MatchFunc {
whiteList := make(map[string]struct{})
whiteList["/xxx.v1.xxxxService/Login"] = struct{}{}
return func(ctx context.Context, operation string) bool {
if _, ok := whiteList[operation]; ok {
return false
}
return true
}
}

http.Middleware(
selector.Server(
recovery.Recovery(),
ratelimit.Server(),
jwt.Server(
func(token *jwt4.Token) (interface{}, error) {
return []byte(auth.ApiKey), nil
},
jwt.WithSigningMethod(jwt4.SigningMethodHS256), // 设置加密算法
jwt.WithClaims(func() jwt4.Claims {
return &jwt4.MapClaims{}
}),
),
jwtverify.Server(c),
).Match(NewWhiteListMatcher()).Build(),
),

// jwtverify.Server(c) 用来拦截解析出来的jwt,以作验证
type JwtUser struct {
UID int64 `json:"uid"`
}

func Server(config *conf.Server) middleware.Middleware {
return func(handler middleware.Handler) middleware.Handler {
return func(ctx context.Context, req interface{}) (interface{}, error) {

user := JwtUser{}
if claims, ok := jwt.FromContext(ctx); ok {
arr, _ := json.Marshal(claims)
json.Unmarshal(arr, &user)
}
if user.UID == 0 {
return nil, errors.Unauthorized("", "jwt get user failed")
}

return handler(ctx, req)
}
}
}
/////////////////////////////////////////////////////////////////

Login生成token:

1
2
3
4
5
6
7
8
9
// generate token
claims := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
"uid": user.Id,
"exp": time.Now().Unix() + 60*60*24,
})
token, err := claims.SignedString([]byte(uc.key))
if err != nil {
return nil, err
}

生成的token,前端放在HeaderAuthorization中。经过jwt中间件的解析,然后再经过我们写的中间件加上我们自己的验证方式,例如验证参数逻辑。

中间件的执行顺序

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
http.Middleware(
middleware,
middleware2,
)

func sayHelloHandler(ctx http.Context) error {
......

http.SetOperation(ctx, "/helloworld.Greeter/SayHello")
h := ctx.Middleware(func(ctx context.Context, req interface{}) (interface{}, error) {

fmt.Println("sayHelloHandler in")

return &helloworld.HelloReply{Message: req.(*helloworld.HelloRequest).Name}, nil
})
err := ctx.Returns(h(ctx, &in))

fmt.Println("sayHelloHandler out")

return err
}

//middleware in
//middleware 2 in
//sayHelloHandler in

//middleware 2 out
//middleware out
//sayHelloHandler out

// 处理函数不使用上述格式
func uploadFile(ctx http.Context) error {

fmt.Println("service uploadFile in")

return nil
}
// 使用此格式,将无法使用http.Middleware中间件,因为其没有调用ctx.Middleware,也就没法连接插件。

综上,我们自己写的代码要使用Server Middleware,需要按照上面的格式进行编写。

另外还有很多插件形式:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
httpSrv := http.NewServer(
http.Address(":8001"),
http.Middleware(
// add service filter
serviceMiddleware,
serviceMiddleware2,
),
// add global filter
http.Filter(globalFilter, globalFilter2),
)
// register http hanlder to http server
helloworld.RegisterGreeterHTTPServer(httpSrv, s)

// add route filter
r := httpSrv.Route("/", routeFilter, routeFilter2)
// add path filter to custom route
r.GET("/hello/{name}", sayHelloHandler, pathFilter, pathFilter2)

执行顺序为:globalFilter(http) --> routeFilter(http) --> pathFilter(http) --> serviceFilter(service)