golang jwt front-end verification method:
The client adds the token parameter in the request object header and sends it to the server, and the server takes it out Tokens are compared.
The first generation of token occurs after logging in to check that the account exists and is correct. The user is given a token (encrypted string) and the token is placed in the header of the response. The customer After the client logs in successfully, the token is taken out from the response, and the token is added to the header in subsequent operation requests. After the token validity period expires, a new token can only be obtained by logging in again.
Implementation:
The server_token is generated and put into the header of the response
The front-end accepts and obtains: response.headers['x-auth-token']
import "github.com/fwhezfwhez/jwt" func Login(c *gin.Context){ ...(验证身份正确) //获取token管理对象 token := jwt.GetToken() //添加令牌关键信息 token.AddPayLoad("userName", user.UserName).AddPayLoad("role", "admin").AddHeader("typ", "JWT").AddHeader("alg", "HS256") //添加令牌期限 exp:=time.Now().Add(1*time.Hour) token.AddPayLoad("exp", strconv.FormatInt(exp.Unix(), 10)) //获取令牌,并添加进reponse的header里 jwts, _, erre := token.JwtGenerator(consts.Secret) if erre != nil { fmt.Println("token生成出错") return } fmt.Println("生成的jwt是:", jwts) c.Writer.Header().Add("x-auth-token", jwts) ... }
Client_Send login request
var Token string func main(){ ... var content = fmt.Sprintf("userName=admin&password=123456") t1 := time.Now() resp, err := http.Post(host+"v1/POST/user/login", "application/x-www-form-urlencoded", strings.NewReader(content)) Token =resp.Header.Get("x-auth-token") t2 := time.Now() fmt.Println(t2.Sub(t1)) if err != nil { panic(err) } helpRead(resp) ... }
Client_Request other functions to get the list
... t1 := time.Now() //resp, err := http.Get(host + "v1/GET/mediums/list") client := &http.Client{} req, err := http.NewRequest("GET", "http://localhost:8087/v1/GET/mediums/list",nil) req.Header.Add("x-auth-token", Token) resp, err := client.Do(req) t2 := time.Now() fmt.Println(t2.Sub(t1)) if err != nil { panic(err) } helpRead(resp) ...
Server_Token verification
func main(){ ... router := gin.Default() //Login不需要令牌验证,所以写中间件前面 router.POST(consts.LoginURL, userControl.Login) router.Use(Validate()) //后续的监听都需要通过Validate()的验证 router.GET(consts.GetMediumsURL, mediumControl.GetMediums) router..... ... } func Validate()gin.HandleFunc{ return func(c *gin.Context) { if JWTToken := c.Request.Header.Get("x-auth-token");JWTToken!=""{ token :=jwt.GetToken() legal,err:=token.IsLegal(JWTToken,consts.Secret) if err!=nil{ fmt.Println(err) c.Abort() c.JSON(200,consts.ResponseTokenValidateError) return } if !legal{ c.Abort() c.JSON(200,consts.ResponseTokenValidateWrong) return } c.Next() }else{ c.JSON(200, consts.ResponseTokenNotFound) c.Abort() return } } }
For more golang knowledge, please pay attention to PHP Chinese website golang tutorial column.
The above is the detailed content of How to verify golang jwt front-end. For more information, please follow other related articles on the PHP Chinese website!