123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100 |
- package hhc_telws
- import (
- "fmt"
- "github.com/pascaldekloe/jwt"
- "golang.org/x/crypto/bcrypt"
- "time"
- )
- type TelwsAuthSimpleAAA struct {
- jwtKey []byte
- userDatabase map[string]string
- authLogFunc func(isSuccess bool, msg string)
- jwtttl time.Duration
- }
- func NewTelwsAuthSimpleAAA() *TelwsAuthSimpleAAA {
- ah := &TelwsAuthSimpleAAA{
- jwtKey: []byte{},
- userDatabase: make(map[string]string),
- authLogFunc: func(isSuccess bool, msg string) {},
- }
- return ah
- }
- func (ah *TelwsAuthSimpleAAA) SetAuthLogFunc(authLogFunc func(isSuccess bool, msg string)) {
- ah.authLogFunc = authLogFunc
- }
- func (ah *TelwsAuthSimpleAAA) SimpleAAAAddSimple(username, password string, cost int) error {
- hash, err := bcrypt.GenerateFromPassword([]byte(password), cost)
- if err != nil {
- return err
- }
- ah.userDatabase[username] = string(hash)
- return nil
- }
- func (ah *TelwsAuthSimpleAAA) SimpleAAAAddBcrypt(username, hash string) {
- ah.userDatabase[username] = hash
- }
- func (ah *TelwsAuthSimpleAAA) Register(jwtkey []byte, jwtttl time.Duration) (ahname string) {
- ah.jwtKey = jwtkey
- ah.jwtttl = jwtttl
- return "simple-aaa"
- }
- func (ah *TelwsAuthSimpleAAA) Login(authData map[string]string) (isSuccess bool, jwtdata string, emsg string) {
- amet, ok := authData["method"]
- if !ok {
- ah.authLogFunc(false, "no auth method specified")
- return false, "", "no auth method specified"
- }
- if amet != "simple-aaa" {
- ah.authLogFunc(false, "auth method not support")
- return false, "", "auth method not support"
- }
- username, ok := authData["username"]
- if !ok {
- ah.authLogFunc(false, "no username specified")
- return false, "", "no username specified"
- }
- password, ok := authData["password"]
- if !ok {
- ah.authLogFunc(false, "no password specified")
- return false, "", "no password specified"
- }
- if username == "" {
- ah.authLogFunc(false, "username can not be null")
- return false, "", "username can not be null"
- }
- ubc, ok := ah.userDatabase[username]
- if !ok {
- ah.authLogFunc(false, fmt.Sprintf("user '%s' not exist", username))
- return false, "", "username or password not match"
- }
- err := bcrypt.CompareHashAndPassword([]byte(ubc), []byte(password))
- if err != nil {
- ah.authLogFunc(false, fmt.Sprintf("user '%s' auth failed with error: %s", username, err.Error()))
- return false, "", "username or password not match"
- }
- clm := jwt.Claims{}
- clm.Issuer = "simple-aaa"
- clm.Subject = "telws-auth"
- ntm := jwt.NewNumericTime(time.Now())
- clm.Issued = ntm
- clm.NotBefore = ntm
- clm.Expires = jwt.NewNumericTime(time.Now().Add(ah.jwtttl))
- clm.Set = map[string]interface{}{
- "username": username,
- }
- tok, err := clm.HMACSign(jwt.HS256, ah.jwtKey)
- if err != nil {
- ah.authLogFunc(false, fmt.Sprintf("user '%s' auth success but generate jwt error: %s", username, err.Error()))
- return false, "", "internal error"
- }
- ah.authLogFunc(false, fmt.Sprintf("user '%s' auth success", username))
- return true, string(tok), ""
- }
|