Compare commits
2 Commits
c7b11dca35
...
65353ee4a2
| Author | SHA1 | Date | |
|---|---|---|---|
|
65353ee4a2 | ||
|
|
2ae47c5049 |
@@ -5,6 +5,7 @@ import (
|
||||
"time"
|
||||
|
||||
"common/utils"
|
||||
"common/logger"
|
||||
"github.com/golang-jwt/jwt/v5"
|
||||
)
|
||||
|
||||
@@ -27,7 +28,11 @@ func GenerateToken(userID string) (string, error) {
|
||||
ExpiresAt: jwt.NewNumericDate(now.Add(ttl)),
|
||||
}
|
||||
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
||||
return token.SignedString([]byte(secret))
|
||||
signed, err := token.SignedString([]byte(secret))
|
||||
if err == nil {
|
||||
logger.L().Printf("jwt generate success user=%s exp=%s", userID, claims.ExpiresAt.Time.Format(time.RFC3339))
|
||||
}
|
||||
return signed, err
|
||||
}
|
||||
|
||||
func ParseToken(tokenStr string) (string, error) {
|
||||
@@ -40,10 +45,13 @@ func ParseToken(tokenStr string) (string, error) {
|
||||
return []byte(secret), nil
|
||||
})
|
||||
if err != nil {
|
||||
logger.L().Printf("jwt parse error: %v", err)
|
||||
return "", err
|
||||
}
|
||||
if !tkn.Valid {
|
||||
logger.L().Printf("jwt invalid")
|
||||
return "", errors.New("token_invalid")
|
||||
}
|
||||
logger.L().Printf("jwt parse success user=%s exp=%s", claims.Subject, claims.ExpiresAt.Time.Format(time.RFC3339))
|
||||
return claims.Subject, nil
|
||||
}
|
||||
|
||||
39
trading_assistant_api/common/httpx/auth.go
Normal file
39
trading_assistant_api/common/httpx/auth.go
Normal file
@@ -0,0 +1,39 @@
|
||||
package httpx
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
"common/auth"
|
||||
)
|
||||
|
||||
type userIDKey struct{}
|
||||
|
||||
func AuthRequired() func(http.Handler) http.Handler {
|
||||
return func(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
ah := r.Header.Get("Authorization")
|
||||
if ah == "" || !strings.HasPrefix(ah, "Bearer ") {
|
||||
Unauthorized(w, "unauthorized")
|
||||
return
|
||||
}
|
||||
token := strings.TrimSpace(strings.TrimPrefix(ah, "Bearer "))
|
||||
sub, err := auth.ParseToken(token)
|
||||
if err != nil || sub == "" {
|
||||
Unauthorized(w, "unauthorized")
|
||||
return
|
||||
}
|
||||
ctx := context.WithValue(r.Context(), userIDKey{}, sub)
|
||||
next.ServeHTTP(w, r.WithContext(ctx))
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func UserID(r *http.Request) string {
|
||||
v := r.Context().Value(userIDKey{})
|
||||
if id, ok := v.(string); ok {
|
||||
return id
|
||||
}
|
||||
return ""
|
||||
}
|
||||
@@ -7,7 +7,7 @@ func CORS() func(http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
w.Header().Set("Access-Control-Allow-Origin", "*")
|
||||
w.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS")
|
||||
w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization, X-Requested-With")
|
||||
w.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization, X-Requested-With, X-Request-ID")
|
||||
w.Header().Set("Access-Control-Max-Age", "86400")
|
||||
if r.Method == http.MethodOptions {
|
||||
w.WriteHeader(http.StatusNoContent)
|
||||
|
||||
47
trading_assistant_api/common/httpx/request_id.go
Normal file
47
trading_assistant_api/common/httpx/request_id.go
Normal file
@@ -0,0 +1,47 @@
|
||||
package httpx
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/rand"
|
||||
"encoding/hex"
|
||||
"net/http"
|
||||
"strings"
|
||||
)
|
||||
|
||||
type reqIDKey struct{}
|
||||
|
||||
func RequestID() func(http.Handler) http.Handler {
|
||||
return func(next http.Handler) http.Handler {
|
||||
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
||||
rid := incomingRID(r)
|
||||
if rid == "" {
|
||||
rid = genRID()
|
||||
}
|
||||
w.Header().Set("X-Request-ID", rid)
|
||||
ctx := context.WithValue(r.Context(), reqIDKey{}, rid)
|
||||
next.ServeHTTP(w, r.WithContext(ctx))
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func RequestIDFromContext(r *http.Request) string {
|
||||
v := r.Context().Value(reqIDKey{})
|
||||
if s, ok := v.(string); ok {
|
||||
return s
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
||||
func incomingRID(r *http.Request) string {
|
||||
h := r.Header.Get("X-Request-ID")
|
||||
if h == "" {
|
||||
h = r.Header.Get("X-Request-Id")
|
||||
}
|
||||
return strings.TrimSpace(h)
|
||||
}
|
||||
|
||||
func genRID() string {
|
||||
var b [16]byte
|
||||
_, _ = rand.Read(b[:])
|
||||
return hex.EncodeToString(b[:])
|
||||
}
|
||||
@@ -89,5 +89,5 @@ func (h *Handler) Root(w http.ResponseWriter, r *http.Request) {
|
||||
httpx.MethodNotAllowed(w, string(codes.MethodNotAllowed))
|
||||
return
|
||||
}
|
||||
httpx.OK(w, map[string]string{"service": "user"})
|
||||
httpx.OK(w, map[string]string{"service": "user", "user_id": httpx.UserID(r)})
|
||||
}
|
||||
|
||||
@@ -3,6 +3,7 @@ package router
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"common/httpx"
|
||||
"user/internal/handler"
|
||||
)
|
||||
|
||||
@@ -10,7 +11,7 @@ func New(h *handler.Handler) http.Handler {
|
||||
mux := http.NewServeMux()
|
||||
mux.HandleFunc("/healthz", h.Healthz)
|
||||
mux.HandleFunc("/version", h.Version)
|
||||
mux.HandleFunc("/", h.Root)
|
||||
mux.Handle("/", httpx.AuthRequired()(http.HandlerFunc(h.Root)))
|
||||
mux.HandleFunc("/register", h.Register)
|
||||
mux.HandleFunc("/login", h.Login)
|
||||
return mux
|
||||
|
||||
@@ -66,7 +66,8 @@ func routes() http.Handler {
|
||||
svc := service.New(repo)
|
||||
h := handler.New(svc)
|
||||
cors := httpx.CORS()
|
||||
return cors(router.New(h))
|
||||
reqID := httpx.RequestID()
|
||||
return reqID(cors(router.New(h)))
|
||||
}
|
||||
|
||||
func applySchema(path string) error {
|
||||
|
||||
Reference in New Issue
Block a user