:art:双token校验

2024-07-12 10:11:37 +08:00
parent fb97082c0c
commit d74d7c579f
4 changed files with 58 additions and 5 deletions
--- a/http/api/login.go
+++ b/http/api/login.go
@@ -72,13 +72,14 @@ func (LoginApi) Login(c *gin.Context) {
 	}

 	// 生成token
-	token, expireAt, err := component.JWT().GenerateToken(user.Id)
+	token, expireAt, err := component.JWT().GenerateToken(user.Id, utils.Hash().SHA256(p.Password))
 	if err != nil {
 		log.Errorf("用户[%s]生成token失败: %v", user.Account, err.Error())
 		response.R(c).FailedWithError("登陆失败！")
 		return
 	}

+	c.Writer.Header().Set("X-TOKEN", utils.Hash().SHA256(p.Password))
 	response.R(c).OkWithData(map[string]any{
 		"token":    token,
 		"type":     "Bearer",
--- a/http/middleware/authorization.go
+++ b/http/middleware/authorization.go
@@ -22,7 +22,14 @@ func Authorization() gin.HandlerFunc {
 			return
 		}

-		userClaims, err := component.JWT().ParseToken(token)
+		hashPassword := c.Request.Header.Get("X-TOKEN")
+		if hashPassword == "" {
+			response.R(c).AuthorizationFailed("未登陆")
+			c.Abort()
+			return
+		}
+
+		userClaims, err := component.JWT().ParseToken(token, hashPassword)
 		if err != nil {
 			response.R(c).AuthorizationFailed("未登陆")
 			c.Abort()