{"id":2131,"date":"2025-08-30T20:43:29","date_gmt":"2025-08-30T12:43:29","guid":{"rendered":"https:\/\/www.fanyamin.com\/wordpress\/?p=2131"},"modified":"2025-08-30T20:43:29","modified_gmt":"2025-08-30T12:43:29","slug":"day-9%ef%bc%9a%e7%94%a8%e6%88%b7%e8%ae%a4%e8%af%81%e4%b8%8e-jwt-%e5%ae%9e%e6%88%98","status":"publish","type":"post","link":"https:\/\/www.fanyamin.com\/wordpress\/?p=2131","title":{"rendered":"Day 9\uff1a\u7528\u6237\u8ba4\u8bc1\u4e0e JWT \u5b9e\u6218"},"content":{"rendered":"

Day 9\uff1a\u7528\u6237\u8ba4\u8bc1\u4e0e JWT \u5b9e\u6218<\/h1>\n

\u5728\u4e0a\u4e00\u7ae0\u4e2d\uff0c\u6211\u4eec\u7528 Gin\/Fiber<\/strong> \u5199\u4e86\u4e00\u4e2a\u6700\u57fa\u672c\u7684\u7528\u6237\u6ce8\u518c\u548c\u767b\u5f55\u63a5\u53e3\u3002\u4f46\u5f53\u7528\u6237\u767b\u5f55\u4e4b\u540e\uff0c\u6211\u4eec\u9700\u8981\u5728\u968f\u540e\u7684 API \u8bf7\u6c42\u4e2d\u77e5\u9053 \u201c\u8fd9\u4e2a\u7528\u6237\u662f\u8c01\u201d\uff0c\u5e76\u9a8c\u8bc1\u7528\u6237\u662f\u5426\u6709\u6743\u9650\u8bbf\u95ee\u67d0\u4e9b\u8d44\u6e90\u3002\u8fd9\u5c31\u662f \u7528\u6237\u8ba4\u8bc1<\/strong> \u7684\u6838\u5fc3\u3002<\/p>\n

\u672c\u7ae0\u6211\u4eec\u5c06\u5b66\u4e60\u5982\u4f55\u5728 Go Web \u670d\u52a1\u4e2d\u5b9e\u73b0 JWT (JSON Web Token)<\/strong> \u7528\u6237\u8ba4\u8bc1\u673a\u5236\uff0c\u5e76\u5728\u4efb\u52a1\u7ba1\u7406\u7cfb\u7edf\u4e2d\u52a0\u4e0a \u767b\u5f55\u6001<\/strong> \u548c \u9274\u6743<\/strong>\u3002<\/p>\n

\n

1. \u7528\u6237\u8ba4\u8bc1\u7684\u5e38\u89c1\u65b9\u5f0f<\/h2>\n

\u5e38\u89c1\u7684 Web \u670d\u52a1\u8ba4\u8bc1\u65b9\u5f0f\u6709\uff1a<\/p>\n

    \n
  • Session + Cookie<\/strong>\uff1a\u540e\u7aef\u4fdd\u5b58 session\uff0c\u524d\u7aef\u901a\u8fc7 cookie \u4f20\u9012 session ID\uff08\u72b6\u6001\u5316\uff0c\u4f9d\u8d56\u5b58\u50a8\uff09\u3002<\/li>\n
  • Token<\/strong>\uff08\u63a8\u8350\uff09\uff1a\u670d\u52a1\u7aef\u751f\u6210 token\uff0c\u5ba2\u6237\u7aef\u6bcf\u6b21\u8bf7\u6c42\u65f6\u5e26\u4e0a token\uff08\u65e0\u72b6\u6001\uff0c\u9002\u5408\u5fae\u670d\u52a1\u4e0e\u79fb\u52a8\u7aef\uff09\u3002<\/li>\n
  • JWT<\/strong>\uff08JSON Web Token\uff09\uff1a\u4e00\u79cd\u7279\u522b\u7684 Token \u683c\u5f0f\uff0c\u5305\u542b\u4e86\u7528\u6237\u4fe1\u606f\u548c\u7b7e\u540d\uff0c\u65e0\u9700\u5b58\u50a8\u3002<\/li>\n<\/ul>\n

    \u6211\u4eec\u9009\u62e9 JWT<\/strong>\uff0c\u56e0\u4e3a\u5b83\uff1a<\/p>\n

      \n
    • \u65e0\u9700\u670d\u52a1\u7aef\u4fdd\u5b58\u767b\u5f55\u72b6\u6001\uff0c\u9002\u5408\u5fae\u670d\u52a1<\/strong>\u3002<\/li>\n
    • \u53ef\u4ee5\u643a\u5e26\u7528\u6237 ID\u3001\u89d2\u8272\u7b49\u4fe1\u606f\u3002<\/li>\n
    • \u6709\u8fc7\u671f\u65f6\u95f4\uff0c\u5b89\u5168\u53ef\u63a7\u3002<\/li>\n<\/ul>\n
      \n

      2. JWT \u7ed3\u6784\u89e3\u6790<\/h2>\n

      \u4e00\u4e2a JWT \u957f\u8fd9\u6837\uff1a<\/p>\n

      eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.   # Header\neyJ1c2VyX2lkIjoxLCJ1c2VybmFtZSI6IndhbHRlciIsImV4cCI6MTY5Nzg0NTYwMH0.   # Payload\nkOk0Ex1uT_z9mGidZ6ABR5m2ndTvn2kTQmYTxg5zFvI   # Signature<\/code><\/pre>\n
      \u4e09\u90e8\u5206\uff1a<\/p>\n
        \n
      1. Header<\/strong>\uff1a\u8bf4\u660e\u7b97\u6cd5\uff08\u5982 HS256\uff09<\/li>\n
      2. Payload<\/strong>\uff1a\u7528\u6237\u6570\u636e\uff08\u5982 user_id=1<\/code>\uff0cexp=\u8fc7\u671f\u65f6\u95f4<\/code>\uff09<\/li>\n
      3. Signature<\/strong>\uff1a\u7b7e\u540d\uff08\u9632\u7be1\u6539\uff09<\/li>\n<\/ol>\n
        \n
        3. \u9879\u76ee\u9700\u6c42<\/h2>\n
        \u6211\u4eec\u8981\u5b9e\u73b0\uff1a<\/p>\n
          \n
        • \u7528\u6237\u6ce8\u518c\uff08\u6cbf\u7528 Day 8\uff09<\/li>\n
        • \u7528\u6237\u767b\u5f55 -> \u8fd4\u56de JWT<\/li>\n
        • \u7528\u6237\u8bbf\u95ee\u4efb\u52a1\u63a5\u53e3\u65f6\uff0c\u5fc5\u987b\u5e26\u4e0a JWT<\/li>\n
        • JWT \u8fc7\u671f\u540e\uff0c\u9700\u8981\u91cd\u65b0\u767b\u5f55<\/li>\n<\/ul>\n
          \n
          4. \u5b9e\u6218\uff1aGo + Gin + JWT<\/h2>\n
          \u6211\u4eec\u7528 Gin \u548c github.com\/golang-jwt\/jwt\/v5<\/code> \u5e93\u3002<\/p>\n
          4.1 \u5b89\u88c5\u4f9d\u8d56<\/h3>\n
          go get github.com\/gin-gonic\/gin\ngo get github.com\/golang-jwt\/jwt\/v5<\/code><\/pre>\n
          4.2 \u5b9a\u4e49\u7528\u6237\u548c\u5185\u5b58\u5b58\u50a8<\/h3>\n
          package main\n\nimport (\n    "github.com\/gin-gonic\/gin"\n    "net\/http"\n    "time"\n    "github.com\/golang-jwt\/jwt\/v5"\n)\n\nvar userStore = map[string]string{} \/\/ \u7b80\u5355\u5185\u5b58\u5b58\u50a8: username -> password\nvar jwtKey = []byte("my_secret_key") \/\/ JWT \u5bc6\u94a5\n\ntype Claims struct {\n    Username string `json:"username"`\n    jwt.RegisteredClaims\n}<\/code><\/pre>\n
          4.3 \u7528\u6237\u6ce8\u518c & \u767b\u5f55<\/h3>\n
          \/\/ \u6ce8\u518c\nfunc register(c *gin.Context) {\n    var req struct {\n        Username string `json:"username"`\n        Password string `json:"password"`\n    }\n    if err := c.ShouldBindJSON(&req); err != nil {\n        c.JSON(http.StatusBadRequest, gin.H{"error": "invalid request"})\n        return\n    }\n    if _, exists := userStore[req.Username]; exists {\n        c.JSON(http.StatusConflict, gin.H{"error": "user exists"})\n        return\n    }\n    userStore[req.Username] = req.Password\n    c.JSON(http.StatusOK, gin.H{"message": "register success"})\n}\n\n\/\/ \u767b\u5f55 -> \u7b7e\u53d1 JWT\nfunc login(c *gin.Context) {\n    var req struct {\n        Username string `json:"username"`\n        Password string `json:"password"`\n    }\n    if err := c.ShouldBindJSON(&req); err != nil {\n        c.JSON(http.StatusBadRequest, gin.H{"error": "invalid request"})\n        return\n    }\n    if userStore[req.Username] != req.Password {\n        c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid username or password"})\n        return\n    }\n\n    \/\/ \u8bbe\u7f6e\u8fc7\u671f\u65f6\u95f4\n    expirationTime := time.Now().Add(1 * time.Hour)\n    claims := &Claims{\n        Username: req.Username,\n        RegisteredClaims: jwt.RegisteredClaims{\n            ExpiresAt: jwt.NewNumericDate(expirationTime),\n        },\n    }\n\n    \/\/ \u751f\u6210 token\n    token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)\n    tokenString, err := token.SignedString(jwtKey)\n    if err != nil {\n        c.JSON(http.StatusInternalServerError, gin.H{"error": "could not create token"})\n        return\n    }\n\n    c.JSON(http.StatusOK, gin.H{"token": tokenString})\n}<\/code><\/pre>\n
          4.4 JWT \u9a8c\u8bc1\u4e2d\u95f4\u4ef6<\/h3>\n
          \/\/ \u8ba4\u8bc1\u4e2d\u95f4\u4ef6\nfunc authMiddleware() gin.HandlerFunc {\n    return func(c *gin.Context) {\n        tokenString := c.GetHeader("Authorization")\n        if tokenString == "" {\n            c.JSON(http.StatusUnauthorized, gin.H{"error": "missing token"})\n            c.Abort()\n            return\n        }\n\n        claims := &Claims{}\n        token, err := jwt.ParseWithClaims(tokenString, claims, func(t *jwt.Token) (interface{}, error) {\n            return jwtKey, nil\n        })\n        if err != nil || !token.Valid {\n            c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid token"})\n            c.Abort()\n            return\n        }\n\n        \/\/ \u5b58\u50a8\u7528\u6237\u540d\u5230\u4e0a\u4e0b\u6587\n        c.Set("username", claims.Username)\n        c.Next()\n    }\n}<\/code><\/pre>\n
          4.5 \u53d7\u4fdd\u62a4\u7684\u4efb\u52a1\u63a5\u53e3<\/h3>\n
          func taskList(c *gin.Context) {\n    username := c.GetString("username")\n    c.JSON(http.StatusOK, gin.H{\n        "tasks": []string{\n            "Task1 for " + username,\n            "Task2 for " + username,\n        },\n    })\n}<\/code><\/pre>\n
          4.6 \u4e3b\u7a0b\u5e8f<\/h3>\n
          func main() {\n    r := gin.Default()\n\n    r.POST("\/register", register)\n    r.POST("\/login", login)\n\n    auth := r.Group("\/api")\n    auth.Use(authMiddleware())\n    {\n        auth.GET("\/tasks", taskList)\n    }\n\n    r.Run(":8080")\n}<\/code><\/pre>\n
          \n
          5. \u6d4b\u8bd5\u6d41\u7a0b<\/h2>\n
            \n
          1. \u6ce8\u518c\uff1a<\/li>\n<\/ol>\n
            curl -X POST http:\/\/localhost:8080\/register \\\n  -H "Content-Type: application\/json" \\\n  -d '{"username":"walter","password":"123"}'<\/code><\/pre>\n
              \n
            1. \u767b\u5f55\u83b7\u53d6 JWT\uff1a<\/li>\n<\/ol>\n
              curl -X POST http:\/\/localhost:8080\/login \\\n  -H "Content-Type: application\/json" \\\n  -d '{"username":"walter","password":"123"}'<\/code><\/pre>\n
              \u8fd4\u56de\uff1a<\/p>\n
              {"token":"eyJhbGciOi..."}<\/code><\/pre>\n
                \n
              1. \u8bbf\u95ee\u4efb\u52a1\u63a5\u53e3\uff1a<\/li>\n<\/ol>\n
                curl -X GET http:\/\/localhost:8080\/api\/tasks \\\n  -H "Authorization: eyJhbGciOi...JWT"<\/code><\/pre>\n
                \u8fd4\u56de\uff1a<\/p>\n
                {"tasks":["Task1 for walter","Task2 for walter"]}<\/code><\/pre>\n
                \n
                6. \u5c0f\u7ed3<\/h2>\n