package main
import (
"github.com/golang-jwt/jwt/v5"
"time"
)
type Claims struct {
UserID string `json:"user_id"`
Role string `json:"role"`
jwt.RegisteredClaims
}
var jwtSecret = []byte("your-secret-key")
func GenerateToken(userID, role string) (string, error) {
claims := Claims{
UserID: userID,
Role: role,
RegisteredClaims: jwt.RegisteredClaims{
ExpiresAt: jwt.NewNumericDate(time.Now().Add(24 * time.Hour)),
IssuedAt: jwt.NewNumericDate(time.Now()),
},
}
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
return token.SignedString(jwtSecret)
}
func ParseToken(tokenString string) (*Claims, error) {
token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) {
return jwtSecret, nil
})
if claims, ok := token.Claims.(*Claims); ok && token.Valid {
return claims, nil
}
return nil, err
}type Permission struct {
Resource string
Action string
}
type Role struct {
Name string
Permissions []Permission
}
var roles = map[string]Role{
"admin": {
Name: "admin",
Permissions: []Permission{
{"user", "read"},
{"user", "write"},
{"user", "delete"},
},
},
"user": {
Name: "user",
Permissions: []Permission{
{"user", "read"},
},
},
}
func HasPermission(userRole, resource, action string) bool {
role, ok := roles[userRole]
if !ok {
return false
}
for _, perm := range role.Permissions {
if perm.Resource == resource && perm.Action == action {
return true
}
}
return false
}关键要点:
- ✅ JWT无状态认证
- ✅ RBAC权限控制
- ✅ OAuth 2.0第三方登录
- ✅ 防御常见攻击