在登录后,可以使用中间件在处理业务逻辑前,先进行验证.
func AuthOn(hFunc func(http.ResponseWriter, *http.Request)) func(http.ResponseWriter, *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { log.Printf("AuthOn %v, token %v\n", r.URL.Path, r.Header) hFunc(w, r) }) } // in func main http.HandleFunc("/itemlist", AuthOn(getItemHandler)) 关联jwt验证middleware, 携带的token只能放到header中; 如果放到body中,会影响正常的handler代码读取body中的字段.
func VerifyJWT(tokenString string) (jwt.MapClaims, error) { token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { // Don't forget to validate the alg is what you expect: if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"]) } // hmacSampleSecret is a []byte containing your secret, e.g. []byte("my_secret_key") return hmacSampleSecret, nil }) if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid { log.Println(claims["openid"], claims["exp"]) return claims, nil } log.Println(err) return nil, err } func AuthOn(hFunc func(http.ResponseWriter, *http.Request)) func(http.ResponseWriter, *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { token := r.Header.Get("token") log.Printf("AuthOn %v %v\n", r.URL.Path, token) if c, err := VerifyJWT(token); err == nil { da := c["devarea"] r.Header.Add("devarea", da.(string)) hFunc(w, r) } else { log.Printf("AuthOn failed", err) } }) }文章来源: golang http middleware实现