From 6b3876809f6beea50af2316b90fb88ad46bb0d99 Mon Sep 17 00:00:00 2001 From: Jerry Date: Wed, 8 Nov 2023 10:35:36 +0800 Subject: [PATCH] feat: change jwt cookie save --- http_server/handle/check_permissions.go | 40 ++++++++++++------------- http_server/handle/sign_in.go | 20 ++++++++----- 2 files changed, 32 insertions(+), 28 deletions(-) diff --git a/http_server/handle/check_permissions.go b/http_server/handle/check_permissions.go index f3422aa3..6c7fbb07 100644 --- a/http_server/handle/check_permissions.go +++ b/http_server/handle/check_permissions.go @@ -65,29 +65,29 @@ func (h *HttpHandle) CheckPermissions(ctx *gin.Context) { } address := common.FormatAddressPayload(addrHex.AddressPayload, addrHex.DasAlgorithmId) - if !strings.EqualFold(address, claims.Address) { + if !strings.EqualFold(address, claims.Address) || + addrHex.DasAlgorithmId != claims.Aid || + addrHex.DasSubAlgorithmId != claims.SubAid { apiResp.ApiRespErr(api_code.ApiCodeUnauthorized, "unauthorized") return } - if req.Account != "" { - accId := common.Bytes2Hex(common.GetAccountIdByAccount(req.Account)) - accInfo, err := h.DbDao.GetAccountInfoByAccountId(accId) - if err != nil { - apiResp.ApiRespErr(api_code.ApiCodeDbError, "Failed to query parent account") - return - } - if accInfo.Id == 0 { - apiResp.ApiRespErr(api_code.ApiCodeAccountNotExist, "account does not exist") - return - } - if accInfo.IsExpired() { - apiResp.ApiRespErr(api_code.ApiCodeParentAccountExpired, "account expired") - return - } - if !strings.EqualFold(address, accInfo.Owner) && !strings.EqualFold(address, accInfo.Manager) { - apiResp.ApiRespErr(api_code.ApiCodePermissionDenied, "permission denied") - return - } + accId := common.Bytes2Hex(common.GetAccountIdByAccount(req.Account)) + accInfo, err := h.DbDao.GetAccountInfoByAccountId(accId) + if err != nil { + apiResp.ApiRespErr(api_code.ApiCodeDbError, "Failed to query parent account") + return + } + if accInfo.Id == 0 { + apiResp.ApiRespErr(api_code.ApiCodeAccountNotExist, "account does not exist") + return + } + if accInfo.IsExpired() { + apiResp.ApiRespErr(api_code.ApiCodeParentAccountExpired, "account expired") + return + } + if !strings.EqualFold(address, accInfo.Owner) && !strings.EqualFold(address, accInfo.Manager) { + apiResp.ApiRespErr(api_code.ApiCodePermissionDenied, "permission denied") + return } } diff --git a/http_server/handle/sign_in.go b/http_server/handle/sign_in.go index ffb8e58a..20f5492f 100644 --- a/http_server/handle/sign_in.go +++ b/http_server/handle/sign_in.go @@ -58,6 +58,13 @@ func (h *HttpHandle) SignIn(ctx *gin.Context) { } func (h *HttpHandle) doSignIn(ctx *gin.Context, req *ReqSignIn, apiResp *api_code.ApiResp) error { + now := time.Now() + timestamp := time.UnixMilli(req.Timestamp) + if now.After(timestamp.Add(time.Minute * 5)) { + apiResp.ApiRespErr(api_code.ApiCodeParamsInvalid, "timestamp expired, valid for 5 minutes") + return nil + } + res, err := req.ChainTypeAddress.FormatChainTypeAddress(h.DasCore.NetType(), false) if err != nil { apiResp.ApiRespErr(api_code.ApiCodeParamsInvalid, "params invalid") @@ -93,13 +100,6 @@ func (h *HttpHandle) doSignIn(ctx *gin.Context, req *ReqSignIn, apiResp *api_cod return nil } - now := time.Now() - timestamp := time.UnixMilli(req.Timestamp) - if now.After(timestamp.Add(time.Minute * 5)) { - apiResp.ApiRespErr(api_code.ApiCodeParamsInvalid, "timestamp expired, valid for 5 minutes") - return nil - } - claims := &Claims{ Account: req.Account, Address: address, @@ -119,7 +119,11 @@ func (h *HttpHandle) doSignIn(ctx *gin.Context, req *ReqSignIn, apiResp *api_cod return err } - ctx.SetCookie("token", tokenString, int(claims.ExpiresAt.Sub(now).Seconds()), "/", "", false, true) + if h.DasCore.NetType() == common.DasNetTypeMainNet { + ctx.SetCookie("token", tokenString, int(claims.ExpiresAt.Sub(now).Seconds()), "/", "topdid.com", true, true) + } else { + ctx.SetCookie("token", tokenString, int(claims.ExpiresAt.Sub(now).Seconds()), "/", "", false, false) + } resp := &RespSignIn{} apiResp.ApiRespOK(resp) return nil