feat 废弃jwt 、 学识分

internal/global/global.go

@@ -13,8 +13,9 @@ const (
 var GatewaySID int64
 
 const (
-	KeyGatewayAccessToken  = "gateway:token:access:%v"
-	KeyGatewayRefreshToken = "gateway:token:refresh:%v"
+	KeyGatewayAccessToken  = "gateway:token:access:"
+	KeyGatewayRefreshToken = "gateway:token:refresh:"
+	KeyGatewaySession      = "gateway:session:"
 
 	KeyGatewayInfo       = "gateway:info:%v"
 	HFieldInfoGatewaySID = "gateway_sid"

internal/handler/http_handler/login.go

@@ -1,18 +1,14 @@
 package http_handler
 
 import (
-	"context"
-	"fmt"
 	"git.hlsq.asia/mmorpg/service-common/db/redis"
 	"git.hlsq.asia/mmorpg/service-common/log"
 	"git.hlsq.asia/mmorpg/service-common/net/grpc/grpc_client"
 	"git.hlsq.asia/mmorpg/service-common/net/http/http_resp"
 	"git.hlsq.asia/mmorpg/service-common/proto/rs/grpc_pb"
 	"git.hlsq.asia/mmorpg/service-common/utils"
-	"git.hlsq.asia/mmorpg/service-gateway/config"
 	"git.hlsq.asia/mmorpg/service-gateway/internal/global"
 	"github.com/gin-gonic/gin"
-	"time"
 )
 
 // 这个模块处理用户登录
@@ -71,7 +67,12 @@ func Login(c *gin.Context) {
 		return
 	}
 
-	at, rt, err := genToken(c, usn)
+	at, rt, err := sessionLogin(c, usn)
+	if err != nil {
+		log.Errorf("Login sessionLogin error: %v, usn: %v", err, usn)
+		http_resp.JsonOK(c, http_resp.Error(http_resp.Failed))
+		return
+	}
 	http_resp.JsonOK(c, http_resp.Success(&LoginResp{
 		USN:          usn,
 		Name:         name,
@@ -81,7 +82,7 @@ func Login(c *gin.Context) {
 }
 
 type RefreshTokenReq struct {
-	RefreshToken string `json:"refreshToken" binding:"required,min=1"`
+	RefreshToken string `json:"refreshToken"`
 }
 
 type RefreshTokenResp struct {
@@ -95,18 +96,27 @@ func RefreshToken(c *gin.Context) {
 		http_resp.JsonBadRequest(c)
 		return
 	}
-	claims, err := utils.ParseToken(req.RefreshToken, config.Get().Auth.Secret)
-	if err != nil {
+	if req.RefreshToken == "" {
+		cookie, err := c.Cookie("refresh_token")
+		if err != nil {
+			http_resp.JsonUnauthorized(c)
+			return
+		}
+		req.RefreshToken = cookie
+	}
+
+	usn, _ := redis.GetClient().HGet(c, global.KeyGatewayRefreshToken+req.RefreshToken, (&utils.UserSession{}).GetUsnKey()).Int64()
+	if usn == 0 {
 		http_resp.JsonUnauthorized(c)
 		return
 	}
-	if redis.GetClient().Get(c, fmt.Sprintf(global.KeyGatewayRefreshToken, claims.USN)).Val() != req.RefreshToken {
-		http_resp.JsonUnauthorized(c)
-		return
+
+	if err := sessionLogout(c, req.RefreshToken); err != nil {
+		log.Errorf("RefreshToken sessionLogout error: %v, usn: %v", err, usn)
 	}
-	at, rt, err := genToken(c, claims.USN)
+	at, rt, err := sessionLogin(c, usn)
 	if err != nil {
-		log.Errorf("RefreshToken genToken error: %v, usn: %v", err, claims.USN)
+		log.Errorf("RefreshToken sessionLogin error: %v, usn: %v", err, usn)
 		http_resp.JsonOK(c, http_resp.Error(http_resp.Failed))
 		return
 	}
@@ -117,23 +127,29 @@ func RefreshToken(c *gin.Context) {
 	}))
 }
 
-func genToken(ctx context.Context, usn int64) (string, string, error) {
-	at, err := genTokenOne(ctx, global.KeyGatewayAccessToken, usn, time.Duration(config.Get().Auth.ShortExpire)*time.Minute)
-	if err != nil {
-		return "", "", err
-	}
-	rt, err := genTokenOne(ctx, global.KeyGatewayRefreshToken, usn, time.Duration(config.Get().Auth.LongExpire)*time.Minute)
-	if err != nil {
-		return "", "", err
-	}
-	return at, rt, nil
+type LogoutReq struct {
+	RefreshToken string `json:"refreshToken"`
 }
 
-func genTokenOne(ctx context.Context, key string, usn int64, ttl time.Duration) (string, error) {
-	token, err := utils.GenToken(usn, config.Get().Auth.Secret, ttl)
-	if err != nil {
-		return "", err
-	}
-	redis.GetClient().Set(ctx, fmt.Sprintf(key, usn), token, ttl)
-	return token, err
+type LogoutResp struct {
+}
+
+func Logout(c *gin.Context) {
+	req := &LogoutReq{}
+	if err := c.ShouldBindJSON(req); err != nil {
+		http_resp.JsonBadRequest(c)
+		return
+	}
+	if req.RefreshToken == "" {
+		cookie, err := c.Cookie("refresh_token")
+		if err != nil {
+			http_resp.JsonUnauthorized(c)
+			return
+		}
+		req.RefreshToken = cookie
+	}
+	if err := sessionLogout(c, req.RefreshToken); err != nil {
+		log.Errorf("Logout sessionLogout error: %v", err)
+	}
+	http_resp.JsonOK(c, http_resp.Success(&LogoutResp{}))
 }

internal/handler/http_handler/login_test.go

@@ -2,23 +2,18 @@ package http_handler
 
 import (
 	"bou.ke/monkey"
-	"context"
 	"fmt"
-	"git.hlsq.asia/mmorpg/service-common/db/redis"
 	"git.hlsq.asia/mmorpg/service-common/net/grpc/grpc_client"
 	"git.hlsq.asia/mmorpg/service-common/net/http/http_resp"
 	"git.hlsq.asia/mmorpg/service-common/proto/rs/grpc_pb"
 	"git.hlsq.asia/mmorpg/service-common/proto/rs/grpc_pb/mocks"
 	"git.hlsq.asia/mmorpg/service-common/utils"
-	"git.hlsq.asia/mmorpg/service-gateway/internal/global"
 	"git.hlsq.asia/mmorpg/service-gateway/internal/testutil"
 	"github.com/gin-gonic/gin"
 	"github.com/golang/mock/gomock"
-	redis2 "github.com/redis/go-redis/v9"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
 	"net/http"
-	"strconv"
 	"testing"
 )
 
@@ -26,17 +21,6 @@ type LoginTestSuite struct {
 	testutil.TestSuite
 }
 
-func (ts *LoginTestSuite) TestGenToken() {
-	usn := utils.RandInt(1, 100000000)
-	at, rt, err := genToken(context.Background(), strconv.Itoa(usn))
-	ts.Assert().NoError(err)
-
-	redisAt := redis.GetClient().Get(context.Background(), fmt.Sprintf(global.KeyGatewayAccessToken, usn)).Val()
-	ts.Assert().Equal(at, redisAt)
-	redisRt := redis.GetClient().Get(context.Background(), fmt.Sprintf(global.KeyGatewayRefreshToken, usn)).Val()
-	ts.Assert().Equal(rt, redisRt)
-}
-
 func (ts *LoginTestSuite) TestLogin() {
 	gin.SetMode(gin.TestMode)
 
@@ -90,7 +74,7 @@ func (ts *LoginTestSuite) TestLogin() {
 		client := mocks.NewMockUserClient(ctrl)
 		client.EXPECT().
 			PhoneLogin(gomock.Any(), gomock.Any()).
-			Return(&grpc_pb.PhoneLoginResp{USN: "1", Name: "hh"}, nil)
+			Return(&grpc_pb.PhoneLoginResp{USN: 1, Name: "hh"}, nil)
 
 		monkey.Patch(grpc_client.UserNewClientLB, func() (grpc_pb.UserClient, error) {
 			return client, nil
@@ -130,41 +114,41 @@ func (ts *LoginTestSuite) TestRefreshToken() {
 		utils.AssertResponse(&ts.Suite, w, http.StatusOK, http_resp.TokenInvalid)
 	})
 
-	ts.Run("Redis Get Failed", func() {
-		monkey.Patch(utils.ParseToken, func(tokenString string, secret string) (*utils.Claims, error) {
-			if tokenString == "abc" {
-				return &utils.Claims{USN: "1"}, nil
-			}
-			return nil, assert.AnError
-		})
-		defer monkey.Unpatch(utils.ParseToken)
-
-		redis.GetClient().Set(context.Background(), fmt.Sprintf(global.KeyGatewayRefreshToken, 1), "ab", redis2.KeepTTL)
-
-		w, c := utils.CreateTestContext("POST", "/", &RefreshTokenReq{
-			RefreshToken: "abc",
-		})
-		RefreshToken(c)
-		utils.AssertResponse(&ts.Suite, w, http.StatusOK, http_resp.TokenInvalid)
-	})
-
-	ts.Run("OK", func() {
-		monkey.Patch(utils.ParseToken, func(tokenString string, secret string) (*utils.Claims, error) {
-			if tokenString == "abc" {
-				return &utils.Claims{USN: "1"}, nil
-			}
-			return nil, assert.AnError
-		})
-		defer monkey.Unpatch(utils.ParseToken)
-
-		redis.GetClient().Set(context.Background(), fmt.Sprintf(global.KeyGatewayRefreshToken, 1), "abc", redis2.KeepTTL)
-
-		w, c := utils.CreateTestContext("POST", "/", &RefreshTokenReq{
-			RefreshToken: "abc",
-		})
-		RefreshToken(c)
-		utils.AssertResponse(&ts.Suite, w, http.StatusOK, http_resp.OK)
-	})
+	//ts.Run("Redis Get Failed", func() {
+	//	monkey.Patch(utils.ParseToken, func(tokenString string, secret string) (*utils.Claims, error) {
+	//		if tokenString == "abc" {
+	//			return &utils.Claims{USN: 1}, nil
+	//		}
+	//		return nil, assert.AnError
+	//	})
+	//	defer monkey.Unpatch(utils.ParseToken)
+	//
+	//	redis.GetClient().Set(context.Background(), global.KeyGatewayRefreshToken+1, "ab", redis2.KeepTTL)
+	//
+	//	w, c := utils.CreateTestContext("POST", "/", &RefreshTokenReq{
+	//		RefreshToken: "abc",
+	//	})
+	//	RefreshToken(c)
+	//	utils.AssertResponse(&ts.Suite, w, http.StatusOK, http_resp.TokenInvalid)
+	//})
+	//
+	//ts.Run("OK", func() {
+	//	monkey.Patch(utils.ParseToken, func(tokenString string, secret string) (*utils.Claims, error) {
+	//		if tokenString == "abc" {
+	//			return &utils.Claims{USN: 1}, nil
+	//		}
+	//		return nil, assert.AnError
+	//	})
+	//	defer monkey.Unpatch(utils.ParseToken)
+	//
+	//	redis.GetClient().Set(context.Background(), fmt.Sprintf(global.KeyGatewayRefreshToken, 1), "abc", redis2.KeepTTL)
+	//
+	//	w, c := utils.CreateTestContext("POST", "/", &RefreshTokenReq{
+	//		RefreshToken: "abc",
+	//	})
+	//	RefreshToken(c)
+	//	utils.AssertResponse(&ts.Suite, w, http.StatusOK, http_resp.OK)
+	//})
 }
 
 func TestLoginTestSuite(t *testing.T) {

internal/handler/http_handler/session.go

@@ -0,0 +1,108 @@
+package http_handler
+
+import (
+	"git.hlsq.asia/mmorpg/service-common/db/redis"
+	"git.hlsq.asia/mmorpg/service-common/utils"
+	"git.hlsq.asia/mmorpg/service-gateway/config"
+	"git.hlsq.asia/mmorpg/service-gateway/internal/global"
+	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
+)
+
+var (
+	scriptLoginSha1 string
+	scriptLogin     = `
+local at_key = KEYS[1] .. ARGV[1]
+local rt_key = KEYS[2] .. ARGV[2]
+local session_key = KEYS[3] .. ARGV[3]
+
+redis.call("HSET", at_key, 
+	"usn", ARGV[3],
+	"ip", ARGV[6],
+	"ua", ARGV[7],
+	"rt", ARGV[2]
+)
+redis.call("EXPIRE", at_key, tonumber(ARGV[4]))
+
+redis.call("HSET", rt_key, 
+	"usn", ARGV[3],
+	"ip", ARGV[6],
+	"ua", ARGV[7],
+	"at", ARGV[1]
+)
+redis.call("EXPIRE", rt_key, tonumber(ARGV[5]))
+
+local all_rts = redis.call("SMEMBERS", session_key)
+-- 只允许最大10个会话，多了的随机踢掉
+if #all_rts >= 10 then
+	local rk = KEYS[2] .. all_rts[1]
+	local ak = KEYS[1] .. redis.call("HGET", rk, "at")
+	redis.call("DEL", rk)
+	redis.call("DEL", ak)
+end
+-- 清理已经失效的会话
+for i, rt in ipairs(all_rts) do
+    if redis.call("EXISTS", KEYS[2] .. rt) == 0 then
+        redis.call("SREM", session_key, rt)
+    end
+end
+
+redis.call("SADD", session_key, ARGV[2])
+redis.call("EXPIRE", session_key, tonumber(ARGV[5]) + 600)
+
+return 1
+`
+)
+
+func sessionLogin(c *gin.Context, usn int64) (string, string, error) {
+	if scriptLoginSha1 == "" {
+		scriptLoginSha1 = redis.GetClient().ScriptLoad(c, scriptLogin).Val()
+	}
+	at := uuid.New().String()
+	rt := uuid.New().String()
+	err := redis.GetClient().EvalSha(
+		c, scriptLoginSha1,
+		[]string{global.KeyGatewayAccessToken, global.KeyGatewayRefreshToken, global.KeyGatewaySession},
+		at,
+		rt,
+		usn,
+		config.Get().Auth.ShortExpire,
+		config.Get().Auth.LongExpire,
+		c.RemoteIP(),
+		c.GetHeader("User-Agent"),
+	).Err()
+	if err != nil {
+		return "", "", utils.ErrorsWrap(err)
+	}
+	c.SetCookie("refresh_token", rt, int(config.Get().Auth.LongExpire), "/", ".hlsq.asia", true, true)
+
+	return at, rt, nil
+}
+
+var (
+	scriptLogoutSha1 string
+	scriptLogout     = `
+local rt_key = KEYS[2] .. ARGV[1]
+local usn = redis.call("HGET", rt_key, "usn")
+local at = redis.call("HGET", rt_key, "at")
+local at_key = KEYS[1] .. at
+local session_key = KEYS[3] .. usn
+
+redis.call("DEL", at_key)
+redis.call("DEL", rt_key)
+redis.call("SREM", session_key, ARGV[1])
+
+return 1
+`
+)
+
+func sessionLogout(c *gin.Context, rt string) error {
+	if scriptLogoutSha1 == "" {
+		scriptLogoutSha1 = redis.GetClient().ScriptLoad(c, scriptLogout).Val()
+	}
+	return redis.GetClient().EvalSha(
+		c, scriptLogoutSha1,
+		[]string{global.KeyGatewayAccessToken, global.KeyGatewayRefreshToken, global.KeyGatewaySession},
+		rt,
+	).Err()
+}

internal/handler/ws_handler/client/client.go

@@ -29,11 +29,10 @@ type Client struct {
 	UniqueNo   int64 // 副本唯一编号
 }
 
-func NewClient(usn int64, conn socket.ISocketConn) *Client {
+func NewClient(conn socket.ISocketConn) *Client {
 	client := &Client{
-		USN:       usn,
 		conn:      conn,
-		logger:    log.GetLogger().Named(fmt.Sprintf("usn:%v", usn)),
+		logger:    log.GetLogger(),
 		heartBeat: time.Now(),
 		mailChan:  make(chan Event, 1024),
 	}
@@ -43,6 +42,11 @@ func NewClient(usn int64, conn socket.ISocketConn) *Client {
 	return client
 }
 
+func (c *Client) SetUSN(usn int64) {
+	c.USN = usn
+	c.logger = log.GetLogger().Named(fmt.Sprintf("usn:%v", usn))
+}
+
 func (c *Client) Loop() {
 	defer func() {
 		if err := recover(); err != nil {

internal/handler/ws_handler/login/login.go

@@ -8,6 +8,7 @@ import (
 	"git.hlsq.asia/mmorpg/service-common/net/grpc/grpc_client"
 	"git.hlsq.asia/mmorpg/service-common/proto/rs/grpc_pb"
 	"git.hlsq.asia/mmorpg/service-common/proto/ss/ss_pb"
+	"git.hlsq.asia/mmorpg/service-common/utils"
 	"git.hlsq.asia/mmorpg/service-gateway/internal/global"
 	"git.hlsq.asia/mmorpg/service-gateway/internal/handler/ws_handler/client"
 	"sync"
@@ -152,7 +153,9 @@ func (l *Login) StartLogin(user *User) {
 
 // CheckToken 校验Token是否有效
 func (l *Login) CheckToken(user *User) bool {
-	return redis.GetClient().Get(l.ctx, fmt.Sprintf(global.KeyGatewayAccessToken, user.Cli.USN)).Val() == user.Token
+	usn, _ := redis.GetClient().HGet(context.Background(), global.KeyGatewayAccessToken+user.Token, (&utils.UserSession{}).GetUsnKey()).Int64()
+	user.Cli.SetUSN(usn)
+	return usn > 0
 }
 
 // CheckOnline 校验是否在线

internal/net/http_gateway/middleward.go

@@ -2,9 +2,10 @@ package http_gateway
 
 import (
 	"fmt"
+	"git.hlsq.asia/mmorpg/service-common/db/redis"
 	"git.hlsq.asia/mmorpg/service-common/net/http/http_resp"
 	"git.hlsq.asia/mmorpg/service-common/utils"
-	"git.hlsq.asia/mmorpg/service-gateway/config"
+	"git.hlsq.asia/mmorpg/service-gateway/internal/global"
 	"github.com/gin-contrib/cors"
 	"github.com/gin-gonic/gin"
 	"go.uber.org/zap"
@@ -63,17 +64,18 @@ func authJwt() gin.HandlerFunc {
 			c.Abort()
 			return
 		}
-		claims, err := utils.ParseToken(token, config.Get().Auth.Secret)
-		if err != nil {
+
+		usn, _ := redis.GetClient().HGet(c, global.KeyGatewayAccessToken+token, (&utils.UserSession{}).GetUsnKey()).Int64()
+		if usn == 0 {
 			http_resp.JsonUnauthorized(c)
 			c.Abort()
 			return
 		}
 
 		// 这里将Header写到请求中，grpc-gateway框架会读取然后传给grpc服务
-		c.Request.Header.Set("X-Usn", utils.Int64ToString(claims.USN))
+		c.Request.Header.Set("X-Usn", utils.Int64ToString(usn))
 		// 这里写到上下文中，打日志
-		c.Set("usn", claims.USN)
+		c.Set("usn", usn)
 		c.Next()
 	}
 }

internal/net/http_gateway/router.go

@@ -73,7 +73,7 @@ func InitRouter() *gin.Engine {
 	auth.Use(authJwt())
 
 	// 网关
-	initBaseRoute(auth)
+	initGatewayPath(auth)
 	// 用户中心
 	initUserPath(auth)
 	// 奇怪的知识-服务端
@@ -82,14 +82,17 @@ func InitRouter() *gin.Engine {
 	return r
 }
 
-func initBaseRoute(r *gin.RouterGroup) {
-	g := r.Group("/gw")
+func initGatewayPath(r *gin.RouterGroup) {
+	g := r.Group("/" + common.KeyDiscoverServiceNameGateway)
+
 	g.POST("/open/login", http_handler.Login)
 	g.POST("/open/refresh_token", http_handler.RefreshToken)
+	g.POST("/open/logout", http_handler.Logout)
 }
 
 func initUserPath(r *gin.RouterGroup) {
-	g := r.Group("/user")
+	g := r.Group("/" + common.KeyDiscoverServiceNameUser)
+
 	client, err := grpc_client.UserNewClientLB()
 	if err != nil {
 		log.Errorf("get user conn failed: %v", err)
@@ -106,7 +109,8 @@ func initUserPath(r *gin.RouterGroup) {
 }
 
 func initQgdzsPath(r *gin.RouterGroup) {
-	g := r.Group("/qgdzs")
+	g := r.Group("/" + common.KeyDiscoverServiceNameQgdzs)
+
 	client, err := grpc_client.QgdzsNewClientLB()
 	if err != nil {
 		log.Errorf("get qgdzs conn failed: %v", err)

internal/net/ws_gateway/server.go

@@ -4,8 +4,6 @@ import (
 	"fmt"
 	"git.hlsq.asia/mmorpg/service-common/log"
 	"git.hlsq.asia/mmorpg/service-common/net/socket"
-	"git.hlsq.asia/mmorpg/service-common/utils"
-	"git.hlsq.asia/mmorpg/service-gateway/config"
 	"git.hlsq.asia/mmorpg/service-gateway/internal/handler/ws_handler/client"
 	"git.hlsq.asia/mmorpg/service-gateway/internal/handler/ws_handler/login"
 	"go.uber.org/zap"
@@ -27,16 +25,11 @@ func (g *GatewayWsServer) OnHandShake(conn socket.ISocketConn) socket.Action {
 		g.logger.Warnf("token is invalid")
 		return socket.Close
 	}
-	claims, err := utils.ParseToken(token, config.Get().Auth.Secret)
-	if err != nil {
-		g.logger.Warnf("token is invalid")
-		return socket.Close
-	}
 
-	cli := client.NewClient(claims.USN, conn)
+	cli := client.NewClient(conn)
 	conn.SetParam("client", cli)
 	if !login.GetLoginQueue().AddToLoginQueue(&login.User{Cli: cli, Token: token}) {
-		g.logger.Warnf("AddToLoginQueue err, login queue full, usn: %v", claims.USN)
+		g.logger.Warnf("AddToLoginQueue err, login queue full")
 		return socket.Close
 	}
 	return socket.None

internal/testutil/suite.go

@@ -28,7 +28,6 @@ func (ts *TestSuite) SetupSuite() {
 			},
 		},
 		Auth: &config.AuthConfig{
-			Secret:      "test",
 			ShortExpire: 15,
 			LongExpire:  10080,
 		},