feat: add jwt custom auth to grpc

Author: zhufuyi

internal/server/grpc.go

@@ -171,8 +171,11 @@ func (s *grpcServer) unaryServerOptions() grpc.ServerOption {
 
 	// jwt token interceptor
 	//unaryServerInterceptors = append(unaryServerInterceptors, interceptor.UnaryServerJwtAuth(
-	//	// set ignore rpc methods(full path) for jwt token
-	//	interceptor.WithAuthIgnoreMethods("/api.user.v1.User/Register", "/api.user.v1.User/Login"),
+	// // choose a verification method as needed
+	//interceptor.WithStandardVerify(standardVerifyFn), // standard verify (default), you can set standardVerifyFn to nil if you don't need it
+	//interceptor.WithCustomVerify(customVerifyFn), // custom verify
+	// // specify the grpc API to ignore token verification(full path)
+	//interceptor.WithAuthIgnoreMethods("/api.user.v1.User/Register", "/api.user.v1.User/Login"),
 	//))
 
 	// metrics interceptor
@@ -230,7 +233,10 @@ func (s *grpcServer) streamServerOptions() grpc.ServerOption {
 
 	// jwt token interceptor
 	//streamServerInterceptors = append(streamServerInterceptors, interceptor.StreamServerJwtAuth(
-	//	// set ignore rpc methods(full path) for jwt token
+	// // choose a verification method as needed
+	//interceptor.WithStandardVerify(standardVerifyFn), // standard verify (default), you can set standardVerifyFn to nil if you don't need it
+	//interceptor.WithCustomVerify(customVerifyFn), // custom verify
+	// // specify the grpc API to ignore token verification(full path)
 	//	interceptor.WithAuthIgnoreMethods("/api.user.v1.User/Register", "/api.user.v1.User/Login"),
 	//))
 

internal/service/userExample_client_test.go

@@ -20,7 +20,7 @@ func Test_service_userExample_methods(t *testing.T) {
 	conn := getRPCClientConnForTest()
 	cli := serverNameExampleV1.NewUserExampleClient(conn)
 	ctx, _ := context.WithTimeout(context.Background(), time.Second*3)
-	//ctx = interceptor.SetJwtTokenToCtx(ctx, "Bearer jwt-token-value")
+	//ctx = interceptor.SetJwtTokenToCtx(ctx, token)
 
 	tests := []struct {
 		name    string

pkg/gin/middleware/README.md

@@ -74,14 +74,17 @@ Adaptive flow limitation based on hardware resources.
     import "github.com/zhufuyi/sponge/pkg/gin/middleware"
 
     r := gin.Default()
-    r.Use(middleware.CircuitBreaker())
+    r.Use(middleware.CircuitBreaker(
+        //middleware.WithValidCode(http.StatusRequestTimeout), // add error code 408 for circuit breaker
+        //middleware.WithDegradeHandler(handler), // add custom degrade handler
+    ))
 ```
 
 <br>
 
 ### jwt authorization middleware
 
-#### common authorization
+#### standard authorization
 
 ```go
 import "github.com/zhufuyi/sponge/pkg/jwt"
@@ -91,8 +94,8 @@ func main() {
     r := gin.Default()
 
     r.POST("/user/login", Login)
-    r.GET("/user/:id", middleware.Auth(), h.GetByID) // no verify field
-    // r.GET("/user/:id", middleware.Auth(middleware.WithVerify(adminVerify)), h.GetByID) // with verify field
+    r.GET("/user/:id", middleware.Auth(), h.GetByID) // do not get claims
+    // r.GET("/user/:id", middleware.Auth(middleware.WithVerify(adminVerify)), h.GetByID) // get claims and check
 
     r.Run(serverAddr)
 }
@@ -127,38 +130,35 @@ func main() {
     r := gin.Default()
 
     r.POST("/user/login", Login)
-    r.GET("/user/:id", middleware.AuthCustom(verify), h.GetByID)
+    r.GET("/user/:id", middleware.AuthCustom(verify), h.GetByID) // get claims and check
 
     r.Run(serverAddr)
 }
 
+// custom verify example
 func verify(claims *jwt.CustomClaims, tokenTail10 string, c *gin.Context) error {
     err := errors.New("verify failed")
 
-    // token, fields := getToken(id) // from cache or database
+    token, fields := getToken(id) // from cache or database
     // if tokenTail10 != token[len(token)-10:] { return err }
-	
-    id, exist := claims.Get("id")
-    if !exist {
-        return err
-    }
-    foo, exist := claims.Get("foo")
-    if !exist {
-        return err
-    }
-    if int(id.(float64)) != fields["id"].(int) ||
-        foo.(string) != fields["foo"].(string) {
-        return err
-    }
+
+    id, exist := claims.GetUint64("id")
+    if !exist || id != fields["id"].(uint64) { return err }
+
+    name, exist := claims.GetString("name")
+    if !exist || name != fields["name"].(string) { return err }
+
+    age, exist := claims.GetInt("age")
+    if !exist || age != fields["age"].(int) { return err }
 
     return nil
 }
 
 func Login(c *gin.Context) {
     // generate token
-    fields := jwt.KV{"id": 123, "foo": "bar"}
+    fields := jwt.KV{"id": uint64(123), "name": "tom", "age": 10}
     token, err := jwt.GenerateCustomToken(fields)
-    // save token end fields
+    // save token and fields
 }
 ```
 

pkg/gin/middleware/auth.go

@@ -60,7 +60,7 @@ func responseUnauthorized(c *gin.Context, isSwitchHTTPCode bool) {
 
 // -------------------------------------------------------------------------------------------
 
-// VerifyFn verify function, tokenTail10 is a string that intercepts the last 10 characters of the token.
+// VerifyFn verify function, tokenTail10 is the last 10 characters of the token.
 type VerifyFn func(claims *jwt.Claims, tokenTail10 string, c *gin.Context) error
 
 // Auth authorization
@@ -105,7 +105,7 @@ func Auth(opts ...JwtOption) gin.HandlerFunc {
 
 // -------------------------------------------------------------------------------------------
 
-// VerifyCustomFn verify custom function, tokenTail10 is a string that intercepts the last 10 characters of the token.
+// VerifyCustomFn verify custom function, tokenTail10 is the last 10 characters of the token.
 type VerifyCustomFn func(claims *jwt.CustomClaims, tokenTail10 string, c *gin.Context) error
 
 // AuthCustom custom authentication