refactor: math/rand 改为 v2

issue9 · Apr 24, 2024 · 5edf5f4 · 5edf5f4
1 parent 41c1fcf
commit 5edf5f4
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 11 deletions.
diff --git a/middlewares/auth/jwt/signer.go b/middlewares/auth/jwt/signer.go
@@ -7,7 +7,7 @@ package jwt
 import (
 	"fmt"
 	"io/fs"
-	"math/rand"
+	"math/rand/v2"
 	"slices"
 	"time"
 
@@ -110,7 +110,7 @@ func (s *Signer) Sign(claims Claims) (string, error) {
 	case 1:
 		k = s.keys[0]
 	default:
-		k = s.keys[rand.Intn(l)]
+		k = s.keys[rand.IntN(l)]
 	}
 
 	t := jwt.NewWithClaims(k.sign, claims)

diff --git a/middlewares/auth/jwt/verifier.go b/middlewares/auth/jwt/verifier.go
@@ -90,18 +90,28 @@ func (j *Verifier[T]) Middleware(next web.HandlerFunc) web.HandlerFunc {
 			return ctx.Problem(web.ProblemUnauthorized)
 		}
 
-		if baseToken := claims.BaseToken(); baseToken != "" { // 刷新令牌
+		if nbf, err := claims.GetNotBefore(); err == nil && nbf.After(ctx.Begin()) {
+			return ctx.Problem(web.ProblemForbidden)
+		}
+
+		if exp, err := claims.GetExpirationTime(); err == nil && exp.Before(ctx.Begin()) {
+			return ctx.Problem(web.ProblemForbidden)
+		}
+
+		if baseToken := claims.BaseToken(); baseToken != "" { // token 为刷新令牌
+			// 如果关联的访问令牌已经被主动丢弃，比如客户端主动退出了当前的登录等操作，
+			// 那么由该访问令牌生成的刷新令牌也将失效果。
+			if j.blocker.TokenIsBlocked(baseToken) {
+				return ctx.Problem(web.ProblemForbidden)
+			}
+
 			if err := j.blocker.BlockToken(token, true); err != nil {
 				ctx.Logs().ERROR().Error(err)
 			}
 
 			if err := j.blocker.BlockToken(baseToken, false); err != nil {
 				ctx.Logs().ERROR().Error(err)
 			}
-
-			if claims, resp = j.parseClaims(ctx, token); resp != nil { // 拿到刷新令牌关联的 claims
-				return resp
-			}
 		}
 
 		mauth.Set(ctx, claims)

diff --git a/plugins/health/health_test.go b/plugins/health/health_test.go
@@ -5,7 +5,7 @@
 package health
 
 import (
-	"math/rand"
+	"math/rand/v2"
 	"net/http"
 	"strconv"
 	"testing"
@@ -34,19 +34,19 @@ func TestHealth(t *testing.T) {
 		if err != nil {
 			panic(err)
 		}
-		time.Sleep(time.Microsecond * time.Duration(rand.Int63n(100))) // 防止过快，无法记录用时。
+		time.Sleep(time.Microsecond * time.Duration(rand.Int64N(100))) // 防止过快，无法记录用时。
 		return web.Status(status)
 	})
 	r.Post("/", func(*web.Context) web.Responser {
-		time.Sleep(time.Microsecond * time.Duration(rand.Int63n(100))) // 防止过快，无法记录用时。
+		time.Sleep(time.Microsecond * time.Duration(rand.Int64N(100))) // 防止过快，无法记录用时。
 		return nil
 	})
 	r.Delete("/users", func(ctx *web.Context) web.Responser {
 		status, err := strconv.Atoi(ctx.Request().FormValue("status"))
 		if err != nil {
 			panic(err)
 		}
-		time.Sleep(time.Microsecond * time.Duration(rand.Int63n(100))) // 防止过快，无法记录用时。
+		time.Sleep(time.Microsecond * time.Duration(rand.Int64N(100))) // 防止过快，无法记录用时。
 		return web.Status(status)
 	})