v1

2025-06-30 16:44:06 +08:00
parent 4186cd0caf
commit c8a81d0f49
840 changed files with 1389 additions and 403165 deletions
--- a/internal/pkg/token/jwt_maker.go
+++ b/internal/pkg/token/jwt_maker.go
@@ -0,0 +1,64 @@
+package token
+
+import (
+	"errors"
+	"fmt"
+	"time"
+
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/google/uuid"
+)
+
+const minSecretKeySize = 32
+
+// JWTMaker is a JSON Web Token maker
+type JWTMaker struct {
+	secretKey string
+}
+
+// NewJWTMaker creates a new JWTMaker
+func NewJWTMaker(secretKey string) (Maker, error) {
+	if len(secretKey) < minSecretKeySize {
+		return nil, fmt.Errorf("invalid key size: must be at least %d characters", minSecretKeySize)
+	}
+	return &JWTMaker{secretKey}, nil
+}
+
+// CreateToken creates a new token for a specific username and duration
+func (maker *JWTMaker) CreateToken(uuid uuid.UUID, username string, duration time.Duration, tokenType Type) (string, *Payload, error) {
+	payload := NewPayload(uuid, username, duration, tokenType)
+	jwtToken := jwt.NewWithClaims(jwt.SigningMethodHS256, payload)
+	token, err := jwtToken.SignedString([]byte(maker.secretKey))
+	return token, payload, err
+}
+
+// VerifyToken checks if the token is valid or not
+func (maker *JWTMaker) VerifyToken(token string, tokenType Type) (*Payload, error) {
+	keyFunc := func(token *jwt.Token) (interface{}, error) {
+		_, ok := token.Method.(*jwt.SigningMethodHMAC)
+		if !ok {
+			return nil, ErrInvalidToken
+		}
+		return []byte(maker.secretKey), nil
+	}
+
+	jwtToken, err := jwt.ParseWithClaims(token, &Payload{}, keyFunc)
+	if err != nil {
+		if errors.Is(err, jwt.ErrTokenExpired) {
+			return nil, ErrExpiredToken
+		}
+		return nil, ErrInvalidToken
+	}
+
+	payload, ok := jwtToken.Claims.(*Payload)
+	if !ok {
+		return nil, ErrInvalidToken
+	}
+
+	err = payload.Valid(tokenType)
+	if err != nil {
+		return nil, err
+	}
+
+	return payload, nil
+}
--- a/internal/pkg/token/maker.go
+++ b/internal/pkg/token/maker.go
@@ -0,0 +1,16 @@
+package token
+
+import (
+	"time"
+
+	"github.com/google/uuid"
+)
+
+// Maker is an interface for managing tokens
+type Maker interface {
+	// CreateToken creates a new token for a specific username and duration
+	CreateToken(uuid uuid.UUID, username string, duration time.Duration, tokenType Type) (string, *Payload, error)
+
+	// VerifyToken checks if the token is valid or not
+	VerifyToken(token string, tokenType Type) (*Payload, error)
+}
--- a/internal/pkg/token/paseto_maker.go
+++ b/internal/pkg/token/paseto_maker.go
@@ -0,0 +1,54 @@
+package token
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/aead/chacha20poly1305"
+	"github.com/google/uuid"
+	"github.com/o1egl/paseto"
+)
+
+// PasetoMaker is a PASETO token maker
+type PasetoMaker struct {
+	paseto       *paseto.V2
+	symmetricKey []byte
+}
+
+// NewPasetoMaker creates a new PasetoMaker
+func NewPasetoMaker(symmetricKey string) (Maker, error) {
+	if len(symmetricKey) != chacha20poly1305.KeySize {
+		return nil, fmt.Errorf("invalid key size: must be exactly %d characters", chacha20poly1305.KeySize)
+	}
+
+	maker := &PasetoMaker{
+		paseto:       paseto.NewV2(),
+		symmetricKey: []byte(symmetricKey),
+	}
+
+	return maker, nil
+}
+
+// CreateToken creates a new token for a specific username and duration
+func (maker *PasetoMaker) CreateToken(uuid uuid.UUID, username string, duration time.Duration, tokenType Type) (string, *Payload, error) {
+	payload := NewPayload(uuid, username, duration, tokenType)
+	token, err := maker.paseto.Encrypt(maker.symmetricKey, payload, nil)
+	return token, payload, err
+}
+
+// VerifyToken checks if the token is valid or not
+func (maker *PasetoMaker) VerifyToken(token string, tokenType Type) (*Payload, error) {
+	payload := &Payload{}
+
+	err := maker.paseto.Decrypt(token, maker.symmetricKey, payload, nil)
+	if err != nil {
+		return nil, ErrInvalidToken
+	}
+
+	err = payload.Valid(tokenType)
+	if err != nil {
+		return nil, err
+	}
+
+	return payload, nil
+}
--- a/internal/pkg/token/payload.go
+++ b/internal/pkg/token/payload.go
@@ -0,0 +1,85 @@
+package token
+
+import (
+	"errors"
+	"time"
+
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/google/uuid"
+)
+
+// Different types of error returned by the VerifyToken function
+var (
+	ErrInvalidToken = errors.New("token is invalid")
+	ErrExpiredToken = errors.New("token has expired")
+)
+
+type Type byte
+
+const (
+	TypeAccessToken  = 1
+	TypeRefreshToken = 2
+)
+
+// Payload contains the payload data of the token
+type Payload struct {
+	ID        uuid.UUID `json:"id"`
+	RoleID    int       `json:"role_id"`
+	Type      Type      `json:"token_type"`
+	Username  string    `json:"username"`
+	IssuedAt  time.Time `json:"issued_at"`
+	ExpiredAt time.Time `json:"expired_at"`
+}
+
+// NewPayload creates a new token payload with a specific username and duration
+func NewPayload(uuid uuid.UUID, username string, duration time.Duration, tokenType Type) *Payload {
+	payload := &Payload{
+		ID:        uuid,
+		Type:      tokenType,
+		Username:  username,
+		IssuedAt:  time.Now(),
+		ExpiredAt: time.Now().Add(duration),
+	}
+	return payload
+}
+
+// Valid checks if the token payload is valid or not
+func (payload *Payload) Valid(tokenType Type) error {
+	if payload.Type != tokenType {
+		return ErrInvalidToken
+	}
+	if time.Now().After(payload.ExpiredAt) {
+		return ErrExpiredToken
+	}
+	return nil
+}
+
+func (payload *Payload) GetExpirationTime() (*jwt.NumericDate, error) {
+	return &jwt.NumericDate{
+		Time: payload.ExpiredAt,
+	}, nil
+}
+
+func (payload *Payload) GetIssuedAt() (*jwt.NumericDate, error) {
+	return &jwt.NumericDate{
+		Time: payload.IssuedAt,
+	}, nil
+}
+
+func (payload *Payload) GetNotBefore() (*jwt.NumericDate, error) {
+	return &jwt.NumericDate{
+		Time: payload.IssuedAt,
+	}, nil
+}
+
+func (payload *Payload) GetIssuer() (string, error) {
+	return "", nil
+}
+
+func (payload *Payload) GetSubject() (string, error) {
+	return "", nil
+}
+
+func (payload *Payload) GetAudience() (jwt.ClaimStrings, error) {
+	return jwt.ClaimStrings{}, nil
+}