增加token生成和验证

3ce89231 · zhangjiec · ca8e0ad0 · 3ce89231 · 3ce89231 · ca8e0ad0
Commit 3ce89231 authored Sep 29, 2021 by zhangjiec
8 changed files
--- a/cache/cache.go
+++ b/cache/cache.go
@@ -4,14 +4,6 @@ import (
 	"sync"
 )

-/*****************************************************后台管理账户*/
-//var adminMap sync.Map //后台管理账户
-//type AdminStruct struct {
-//	AdminID int
-//
-//}
-/*---------------------------------------------------------------*/
-
 /*********************************************************代理商**/
 //// AgentMap 代理商
 //var AgentMap sync.Map
@@ -34,13 +26,13 @@ type AreaServiceStruct struct { //
 	ServiceID  uint8  //服务项目 1公话 2定位 3饮水 4POS .........
 	OperatorID int32  //运营商ID
 	Name       string //服务名字(例宿舍135栋饮水)name
-	Status     bool   //状态
+	Status     uint8  //状态 1正式2测试3暂停
 }

 /*---------------------------------------------------------------*/

 /******************************************************后台管理用户**/
-var adminMap sync.Map //后台管理用户 LoginAccount(string) 作为KEY
+var adminMap sync.Map //后台管理用户  LoginAccount(string) 作为KEY
 type AdminStruct struct {
 	Password       [16]byte
 	tokenCreatTime uint32
@@ -48,13 +40,13 @@ type AdminStruct struct {
 	//Phone string
 	//OperatorID []int
 	SystemAuth      int     //系统角色权限
-	AreaServiceAuth [][]int //area_service_id,role_id
+	AreaServiceAuth [][]int //area_service_id,admin_role_id
 }

 /*---------------------------------------------------------------*/

 // roleAuthMap /****************************角色权限(包含区域和系统角色)*/
-var roleAuthMap sync.Map //role_id 作为KEY
+var adminRoleAuthMap sync.Map //admin_role_id 作为KEY
 type RoleAuthStruct struct {
 	Name string
 	// 考虑接口、菜单、按钮权限
@@ -85,8 +77,8 @@ type WechatCustomerStruct struct {

 /****************************************************************/

-/***************************************************卡用户(学生)**/
-var cardUserMap sync.Map //卡用户 CardUserID卡用户ID(int) 作为KEY
+/***************************************************卡用户(学生、教师、职工)**/
+var cardUserMap sync.Map //卡用户 CardUserID卡用户ID(int) 作为KEY   纯卡用户可以不绑定微信
 type CardUserType struct {
 	// WechatUnionID string
 	// AreaID int

--- a/main.go
+++ b/main.go
 package main

 import (
-	"dc_golang_server_1/api"
 	"dc_golang_server_1/cache"
 	"dc_golang_server_1/config"
 	"dc_golang_server_1/dbmodel"
 	"dc_golang_server_1/devproduct/dcphone20"
 	"dc_golang_server_1/logger"
+	"dc_golang_server_1/web"
 	"os"
 	"runtime"
 	"syscall"
@@ -78,5 +78,5 @@ func main() { //
 	dcphone20.NewDCPhone20()
 	//dcdrinking60.NewDCDrinking60()

-	api.InitRouter()
+	web.InitRouter()
 }
--- a/middleware/jeffwt.go
+++ b/middleware/jeffwt.go
-package middleware
-
-import (
-	"dc_golang_server_1/util"
-	"fmt"
-	"github.com/gin-gonic/gin"
-	"math/rand"
-	"time"
-)
-
-const jeffWTKey = "jeffWT@666%b;'~+"
-const jeffWTTable = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"
-
-type JeffWTInfo struct {
-	UID        int32
-	UserName   string // 最长32字节
-	CreatTime  uint64
-	ExpireTime uint64
-}
-
-// 定义错误
-//var (
-//	TokenExpired     error = errors.New("Token已过期,请重新登录")
-//	TokenNotValidYet error = errors.New("Token无效,请重新登录")
-//	TokenMalformed   error = errors.New("Token不正确,请重新登录")
-//	TokenInvalid     error = errors.New("这不是一个token,请重新登录")
-//)
-
-// CreateToken 生成token
-func CreateToken(info JeffWTInfo) string {
-	info.UID = ^info.UID
-	info.CreatTime = ^info.CreatTime
-	info.ExpireTime = ^info.ExpireTime
-	var clear [52]byte //= make([]byte, 20)
-	var str [30]byte
-	for i := 0; i < len(info.UserName); i++ {
-		str[i] = info.UserName[i] + (uint8(i) << 2)
-	}
-	r := rand.New(rand.NewSource(time.Now().UnixNano()))
-	clear[0] = str[18] + 76
-	clear[1] = byte(info.CreatTime >> 16)
-	clear[2] = byte(info.ExpireTime >> 8)
-	clear[3] = byte(info.UID >> 24)
-	clear[4] = str[29] + 60
-	clear[5] = byte(r.Intn(256))
-	clear[6] = byte(info.UID >> 8)
-	clear[7] = byte(info.ExpireTime)
-	clear[8] = byte(r.Intn(256))
-	clear[9] = str[9]
-	clear[10] = byte(r.Intn(256))
-	clear[11] = byte(info.CreatTime >> 24)
-	clear[12] = byte(info.CreatTime)
-	clear[13] = byte(info.ExpireTime >> 24)
-	clear[14] = 0x16 + clear[2] - clear[0] + clear[11] - clear[7] - clear[12] + clear[10]
-	clear[15] = byte(r.Intn(256))
-	clear[16] = byte(info.UID >> 16)
-	clear[17] = byte(info.CreatTime >> 8)
-	clear[18] = byte(info.ExpireTime >> 16)
-	clear[19] = str[0] + 90
-	clear[29] = str[28] + clear[10] + clear[8]
-	clear[29] = str[25]
-	clear[29] = str[22]
-	clear[29] = str[13]
-	clear[29] = str[12]
-	clear[29] = byte(info.UID)
-	clear[29] = str[0]
-	clear[29] = str[1]
-	clear[29] = str[2]
-	clear[29] = str[3]
-	clear[29] = str[4]
-	clear[29] = str[5]
-	clear[29] = str[6]
-	clear[29] = str[7]
-	clear[29] = str[8]
-	clear[29] = str[9]
-	clear[29] = str[10]
-	clear[29] = str[11]
-	clear[29] = str[12]
-	clear[29] = str[13]
-	clear[29] = str[14]
-	// todo 根据缓存来，记得CRC
-
-	fmt.Println(clear[:19])
-	util.GetCRC(clear[:19], 19)
-
-	s := util.EncryptBytesToBase64URL(clear[:], jeffWTKey)
-	//fmt.Println(s)
-	result := make([]byte, 32)
-	copy(result[:8], s[20:])
-	copy(result[11:], s[:20])
-	result[8] = jeffWTTable[r.Intn(64)]
-	result[9] = jeffWTTable[r.Intn(64)]
-	result[10] = jeffWTTable[r.Intn(64)]
-	result[31] = jeffWTTable[r.Intn(64)]
-	return string(result)
-}
-
-// ParserToken 解析token
-//func (j *JWT) ParserToken(tokenString string) (*MyClaims, error) {
-//	token, err := jwt.ParseWithClaims(tokenString, &MyClaims{}, func(token *jwt.Token) (interface{}, error) {
-//		return j.JwtKey, nil
-//	})
-//
-//	if err != nil {
-//		if ve, ok := err.(*jwt.ValidationError); ok {
-//			if ve.Errors&jwt.ValidationErrorMalformed != 0 {
-//				return nil, errors.New("Token不正确,请重新登录")
-//			} else if ve.Errors&jwt.ValidationErrorExpired != 0 {
-//				// Token is expired
-//				return nil, errors.New("Token已过期,请重新登录")
-//			} else if ve.Errors&jwt.ValidationErrorNotValidYet != 0 {
-//				return nil, errors.New("Token无效,请重新登录")
-//			} else {
-//				return nil, errors.New("这不是一个token,请重新登录")
-//			}
-//		}
-//	}
-//
-//	if token != nil {
-//		if claims, ok := token.Claims.(*MyClaims); ok && token.Valid {
-//			return claims, nil
-//		}
-//		return nil, errors.New("这不是一个token,请重新登录")
-//	}
-//
-//	return nil, errors.New("这不是一个token,请重新登录")
-//}
-
-// JwtToken jwt中间件
-func JwtToken() gin.HandlerFunc {
-	return func(c *gin.Context) {
-		//tokenHeader := c.Request.Header.Get("Authorization")
-		//if tokenHeader == "" {
-		//	c.JSON(http.StatusOK, gin.H{
-		//		"status":  1004,
-		//		"message": "TOKEN不存在",
-		//	})
-		//	c.Abort()
-		//	return
-		//}
-		//
-		//checkToken := strings.Split(tokenHeader, " ")
-		//if len(checkToken) == 0 {
-		//	c.JSON(http.StatusOK, gin.H{
-		//		"status":  1007,
-		//		"message": "TOKEN格式错误",
-		//	})
-		//	c.Abort()
-		//	return
-		//}
-		//
-		//if len(checkToken) != 2 || checkToken[0] != "Bearer" {
-		//	c.JSON(http.StatusOK, gin.H{
-		//		"status":  1007,
-		//		"message": "TOKEN格式错误",
-		//	})
-		//	c.Abort()
-		//	return
-		//}
-		//
-		//j := NewJWT()
-		//// 解析token
-		//claims, err := j.ParserToken(checkToken[1])
-		//if err != nil {
-		//	//if err == TokenExpired {
-		//	//	c.JSON(http.StatusOK, gin.H{
-		//	//		"status":  500,
-		//	//		"message": "token授权已过期,请重新登录",
-		//	//		"data":    nil,
-		//	//	})
-		//	//	c.Abort()
-		//	//	return
-		//	//}
-		//
-		//	c.JSON(http.StatusOK, gin.H{
-		//		"status":  500,
-		//		"message": err.Error(),
-		//		"data":    nil,
-		//	})
-		//	c.Abort()
-		//	return
-		//}
-		//
-		//c.Set("username", claims)
-		c.Next()
-	}
-}
-
-//var JwtKey = []byte(utils.JwtKey)
-//
-//type MyClaims struct {
-//	Username string `json:"username"`
-//	jwt.StandardClaims
-//}
-//
-//// 生成token
-//func SetToken(username string) (string,int){
-//	setClaims := MyClaims{
-//		username,
-//		jwt.StandardClaims{
-//			ExpiresAt: time.Now().Add(10*time.Hour).Unix(),
-//			Issuer: "ginblog",
-//		},
-//	}
-//
-//	reqClaim := jwt.NewWithClaims(jwt.SigningMethodHS256, setClaims)
-//	token,err := reqClaim.SignedString(JwtKey)
-//	if err != nil {
-//		return "",errmsg.ERROR
-//	}
-//	return token,errmsg.SUCCSE
-//}
-//
-//// 验证token
-//func CheckToken(token string) (*MyClaims, int){
-//	if token == "" || token == "null"{
-//		return nil,errmsg.ERROR
-//	}
-//	setToken,_ := jwt.ParseWithClaims(token, &MyClaims{}, func(token *jwt.Token) (interface{}, error) {
-//		return JwtKey, nil
-//	})
-//	if key,_ := setToken.Claims.(*MyClaims); setToken.Valid{
-//		return key,errmsg.SUCCSE
-//	}
-//	return nil,errmsg.ERROR
-//}
-//
-//// jwt中间件
-//func JwtToken() gin.HandlerFunc{
-//	var code int
-//	return func(c *gin.Context) {
-//		tokenHeader := c.Request.Header.Get("Authorization")
-//
-//		if tokenHeader == "" {
-//			code = errmsg.ERROR_TOKEN_EXIST
-//			c.JSON(http.StatusOK,gin.H{
-//				"code":code,
-//				"message":errmsg.GetErrMsg(code),
-//			})
-//			c.Abort()
-//			return
-//		}
-//		checkToken := strings.SplitN(tokenHeader, " ", 2)
-//		if len(checkToken) != 2 && checkToken[0] != "Bearer" {
-//			code = errmsg.ERROR_TOKEN_TYPE_WRONG
-//			c.JSON(http.StatusOK,gin.H{
-//				"code":code,
-//				"message":errmsg.GetErrMsg(code),
-//			})
-//			c.Abort()
-//			return
-//		}
-//		key,tCode := CheckToken(checkToken[1])
-//		if tCode == errmsg.ERROR {
-//			code = errmsg.ERROR_TOKEN_WRONG
-//			c.JSON(http.StatusOK,gin.H{
-//				"code":code,
-//				"message":errmsg.GetErrMsg(code),
-//			})
-//			c.Abort()
-//			return
-//		}
-//		if time.Now().Unix() > key.ExpiresAt {
-//			code = errmsg.ERROR_TOKEN_RUNTIME
-//			c.JSON(http.StatusOK,gin.H{
-//				"code":code,
-//				"message":errmsg.GetErrMsg(code),
-//			})
-//			c.Abort()
-//			return
-//		}
-//
-//		c.Set("username",key.Username)
-//		c.Next()
-//	}
-//}
--- a/middleware/cors.go
+++ b/middleware/cors.go
-package middleware
+package web

 import (
 	"github.com/gin-gonic/gin"

--- a/web/errmsg.go
+++ b/web/errmsg.go
+package web
+
+const (
+	SUCCSE = 200
+	ERROR  = 500
+
+	// code = 1000...用户模块的错误
+	ERROR_USERNAME_USED    = 1001
+	ERROR_PASSWORD_WRONG   = 1002
+	ERROR_USER_NOT_EXIST   = 1003
+	ERROR_TOKEN_EXIST      = 1004
+	ERROR_TOKEN_RUNTIME    = 1005
+	ERROR_TOKEN_WRONG      = 1006
+	ERROR_TOKEN_TYPE_WRONG = 1007
+	ERROR_USER_NO_RIGHT    = 1008
+
+	// code = 2000...XXXXX模块的错误
+
+	// code = 3000...XXXXX模块的错误
+
+)
+
+//var codeMsg = map[int]string{
+//	SUCCSE:                 "OK",
+//	ERROR:                  "FAIL",
+//	ERROR_USERNAME_USED:    "用户名已存在！",
+//	ERROR_PASSWORD_WRONG:   "密码错误",
+//	ERROR_USER_NOT_EXIST:   "用户不存在",
+//	ERROR_TOKEN_EXIST:      "TOKEN不存在",
+//	ERROR_TOKEN_RUNTIME:    "TOKEN已过期",
+//	ERROR_TOKEN_WRONG:      "TOKEN不正确",
+//	ERROR_TOKEN_TYPE_WRONG: "TOKEN格式错误",
+//	ERROR_USER_NO_RIGHT:    "用户没有权限",
+//}
--- a/web/jeffwt.go
+++ b/web/jeffwt.go
+package web
+
+import (
+	"dc_golang_server_1/util"
+	"github.com/gin-gonic/gin"
+	"net/http"
+	"strings"
+	"time"
+)
+
+const jeffWTKey = "jeffWT@666%b;'~+"
+
+//const jeffWTTable = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"
+
+//type jeffWTInfo struct {
+//	//UID        int32
+//	CreatTime  int64
+//	ExpireTime uint32
+//	UserName   string // 最长30字节
+//	Admin bool
+//}
+
+// 定义错误
+//var (
+//	TokenExpired     error = errors.New("Token已过期,请重新登录")
+//	TokenNotValidYet error = errors.New("Token无效,请重新登录")
+//	TokenMalformed   error = errors.New("Token不正确,请重新登录")
+//	TokenInvalid     error = errors.New("这不是一个token,请重新登录")
+//)
+
+// CreateToken 生成token,duration=0表示不限时长
+func CreateToken(creatTime int64, userName string, admin bool, duration uint32) string {
+	expireTime := uint32(creatTime/1000000) + duration
+
+	var clear = make([]byte, 44) //8字节创建时间 4字节结束时间 30字节userName 2字节CRC
+
+	//r := rand.New(rand.NewSource(time.Now().UnixNano()))
+	if len(userName) > 30 {
+		return ""
+	}
+	random := byte(creatTime)
+	var str [30]byte
+	for i := 0; i < len(userName); i++ {
+		str[i] = userName[i] + (uint8(i) << 2) + random
+	}
+
+	clear[0] = str[8]
+	clear[1] = str[25]
+	clear[2] = byte(expireTime) + random + 27
+	clear[3] = str[27]
+	clear[4] = str[15]
+	clear[5] = str[19]
+	clear[6] = str[11]
+	clear[7] = str[23]
+	clear[8] = str[6]
+	clear[9] = str[28]
+	clear[10] = byte(creatTime>>32) + random + 66
+	clear[11] = str[16]
+	clear[12] = ^random + 0x5a
+	clear[13] = str[17]
+	clear[14] = str[3]
+	clear[15] = str[21]
+	clear[16] = str[1]
+	clear[17] = byte(expireTime>>16) - random
+	clear[18] = str[0]
+	clear[19] = str[4]
+	clear[20] = ^byte(expireTime >> 8)
+	clear[21] = str[5]
+	clear[22] = byte(len(userName)) + random
+	clear[23] = str[7]
+	clear[24] = str[9]
+	clear[25] = str[10]
+	clear[26] = byte(expireTime>>24) + random + 99
+	clear[27] = str[12]
+	clear[28] = str[13]
+	clear[29] = str[14]
+	clear[30] = byte(creatTime >> 48)
+	if admin {
+		clear[30] |= 0x80
+	}
+	clear[31] = str[18]
+	clear[32] = str[20]
+	clear[33] = str[22]
+	clear[34] = str[2]
+	clear[35] = byte(creatTime>>16) + random - 88
+	clear[36] = ^byte(creatTime>>40) - random - 28
+	clear[37] = str[24]
+	clear[38] = str[26]
+	clear[39] = str[29]
+	clear[40] = ^byte(creatTime>>24) - random
+	clear[41] = byte(creatTime>>8) - random - 69
+	util.GetCRC(clear[:42], 42)
+	clear[42] = ^(clear[42] + random)
+	clear[43] = ^clear[43] - random
+
+	return util.EncryptBytesToBase64URL(clear, jeffWTKey)
+}
+
+// ParserToken 解析token
+//func ParserToken(tokenString string) (jeffWTInfo, bool) {
+//	var info jeffWTInfo
+//	clear,err := util.DecryptBase64URLToBytes(tokenString, jeffWTKey)
+//	if err != nil {
+//		// ntodo logger 有人在非法请求
+//		return info,false //errors.New("TOKEN格式错误")//err
+//	}
+//	if len(clear) != 44 {
+//		// ntodo logger
+//		return info,false //errors.New("TOKEN格式错误")//("明文长度错误")
+//	}
+//
+//	random := clear[12] - 0x5a
+//	clear[42] = ^clear[42] - random
+//	clear[43] = ^(clear[43] + random)
+//	if util.CheckCRC(clear)==false {
+//		// ntodo logger
+//		return info,false //errors.New("TOKEN格式错误")//("明文校验错误")
+//	}
+//
+//	userNameLen := clear[22] - random
+//	if userNameLen < 1 || userNameLen > 30 {
+//		// ntodo logger
+//		return info,false //errors.New("TOKEN格式错误")//("登录名长度错误")
+//	}
+//
+//	if clear[30] & 0x80 == 0x80 {
+//		info.Admin = true
+//		clear[30] &= 0x7f
+//	}
+//
+//	info.ExpireTime = (uint32(clear[2] - 27 - random)) +
+//		(uint32(^clear[20]) << 8) +
+//		(uint32(clear[17] + random)<<16) +
+//		(uint32(clear[26] + random)<<24)
+//
+//	info.CreatTime = int64(random) +
+//		(int64(clear[41] + 69 + random)<<8) +
+//		(int64(clear[35] + 88 - random)<<16) +
+//		(int64(^(clear[40] + random))<<24) +
+//		(int64(clear[10] - 66 -random)<<32) +
+//		(int64(^(clear[36] + 28 + random))<<40) +
+//		(int64(clear[30] - 8 - random)<<48)
+//
+//	if info.ExpireTime < uint32(info.CreatTime/1000000) {
+//		// ntodo logger
+//		return info,false
+//	}
+//
+//	var str [30]byte
+//
+//	str[8] = clear[0]
+//	str[25] = clear[1]
+//	str[27] = clear[3]
+//	str[15] = clear[4]
+//	str[19] = clear[5]
+//	str[11] = clear[6]
+//	str[23] = clear[7]
+//	str[6] = clear[8]
+//	str[28] = clear[9]
+//	str[16] = clear[11]
+//	str[17] = clear[13]
+//	str[3] = clear[14]
+//	str[21] = clear[15]
+//	str[1] = clear[16]
+//	str[0] = clear[18]
+//	str[4] = clear[19]
+//	str[5] = clear[21]
+//	str[7] = clear[23]
+//	str[9] = clear[24]
+//	str[10] = clear[25]
+//	str[12] = clear[27]
+//	str[13] = clear[28]
+//	str[14] = clear[29]
+//	str[18] = clear[31]
+//	str[20] = clear[32]
+//	str[22] = clear[33]
+//	str[2] = clear[34]
+//	str[24] = clear[37]
+//	str[26] = clear[38]
+//	str[29] = clear[39]
+//
+//	for i := uint8(0); i < userNameLen; i++ {
+//		str[i] = str[i] - random - (i << 2)
+//	}
+//	info.UserName = string(str[:userNameLen])
+//
+//	return info,true
+//
+//	//token, err := jwt.ParseWithClaims(tokenString, &MyClaims{}, func(token *jwt.Token) (interface{}, error) {
+//	//	return j.JwtKey, nil
+//	//})
+//	//
+//	//if err != nil {
+//	//	if ve, ok := err.(*jwt.ValidationError); ok {
+//	//		if ve.Errors&jwt.ValidationErrorMalformed != 0 {
+//	//			return nil, errors.New("Token不正确,请重新登录")
+//	//		} else if ve.Errors&jwt.ValidationErrorExpired != 0 {
+//	//			// Token is expired
+//	//			return nil, errors.New("Token已过期,请重新登录")
+//	//		} else if ve.Errors&jwt.ValidationErrorNotValidYet != 0 {
+//	//			return nil, errors.New("Token无效,请重新登录")
+//	//		} else {
+//	//			return nil, errors.New("这不是一个token,请重新登录")
+//	//		}
+//	//	}
+//	//}
+//	//
+//	//if token != nil {
+//	//	if claims, ok := token.Claims.(*MyClaims); ok && token.Valid {
+//	//		return claims, nil
+//	//	}
+//	//	return nil, errors.New("这不是一个token,请重新登录")
+//	//}
+//	//
+//	//return nil, errors.New("这不是一个token,请重新登录")
+//}
+
+// JwtToken jwt中间件
+func JwtToken() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		tokenHeader := c.Request.Header.Get("Authorization")
+		if tokenHeader == "" {
+			c.JSON(http.StatusOK, gin.H{
+				"status":  1004,
+				"message": "TOKEN不存在",
+			})
+			c.Abort()
+			return
+		}
+
+		checkToken := strings.Split(tokenHeader, " ")
+		if len(checkToken) == 0 {
+			c.JSON(http.StatusOK, gin.H{
+				"status":  1007,
+				"message": "TOKEN格式错误",
+			})
+			c.Abort()
+			return
+		}
+
+		if len(checkToken) != 2 || checkToken[0] != "Bearer" {
+			c.JSON(http.StatusOK, gin.H{
+				"status":  1007,
+				"message": "TOKEN格式错误",
+			})
+			c.Abort()
+			return
+		}
+		//
+
+		clear, err := util.DecryptBase64URLToBytes(checkToken[1], jeffWTKey)
+		if err != nil {
+			// todo logger 有人在非法请求
+			c.JSON(http.StatusOK, gin.H{
+				"status":  1006,
+				"message": "TOKEN不正确",
+			})
+			c.Abort()
+			return //errors.New("TOKEN格式错误")//err
+		}
+		if len(clear) != 44 {
+			// todo logger
+			c.JSON(http.StatusOK, gin.H{
+				"status":  1006,
+				"message": "TOKEN不正确",
+			})
+			c.Abort()
+			return //errors.New("TOKEN格式错误")//err//return info,false //errors.New("TOKEN格式错误")//("明文长度错误")
+		}
+
+		random := clear[12] - 0x5a
+		clear[42] = ^clear[42] - random
+		clear[43] = ^(clear[43] + random)
+		if util.CheckCRC(clear) == false {
+			// todo logger
+			c.JSON(http.StatusOK, gin.H{
+				"status":  1006,
+				"message": "TOKEN不正确",
+			})
+			c.Abort()
+			return ////errors.New("TOKEN格式错误")//("明文校验错误")
+		}
+
+		userNameLen := clear[22] - random
+		if userNameLen < 1 || userNameLen > 30 {
+			// todo logger
+			c.JSON(http.StatusOK, gin.H{
+				"status":  1006,
+				"message": "TOKEN不正确",
+			})
+			c.Abort()
+			return ////errors.New("TOKEN格式错误")//("登录名长度错误")
+		}
+
+		var admin bool
+		if clear[30]&0x80 == 0x80 {
+			admin = true
+			clear[30] &= 0x7f
+		}
+
+		expireTime := (uint32(clear[2] - 27 - random)) +
+			(uint32(^clear[20]) << 8) +
+			(uint32(clear[17]+random) << 16) +
+			(uint32(clear[26]+random) << 24)
+		if expireTime > uint32(time.Now().Unix()) {
+			c.JSON(http.StatusOK, gin.H{
+				"status":  1005,
+				"message": "登录已过期",
+			})
+			c.Abort()
+			return
+		}
+		creatTime := int64(random) +
+			(int64(clear[41]+69+random) << 8) +
+			(int64(clear[35]+88-random) << 16) +
+			(int64(^(clear[40] + random)) << 24) +
+			(int64(clear[10]-66-random) << 32) +
+			(int64(^(clear[36] + 28 + random)) << 40) +
+			(int64(clear[30]-8-random) << 48)
+
+		if expireTime < uint32(creatTime/1000000) {
+			// todo logger
+			c.JSON(http.StatusOK, gin.H{
+				"status":  1006,
+				"message": "TOKEN不正确",
+			})
+			c.Abort()
+			return //
+		}
+
+		var str [30]byte
+
+		str[8] = clear[0]
+		str[25] = clear[1]
+		str[27] = clear[3]
+		str[15] = clear[4]
+		str[19] = clear[5]
+		str[11] = clear[6]
+		str[23] = clear[7]
+		str[6] = clear[8]
+		str[28] = clear[9]
+		str[16] = clear[11]
+		str[17] = clear[13]
+		str[3] = clear[14]
+		str[21] = clear[15]
+		str[1] = clear[16]
+		str[0] = clear[18]
+		str[4] = clear[19]
+		str[5] = clear[21]
+		str[7] = clear[23]
+		str[9] = clear[24]
+		str[10] = clear[25]
+		str[12] = clear[27]
+		str[13] = clear[28]
+		str[14] = clear[29]
+		str[18] = clear[31]
+		str[20] = clear[32]
+		str[22] = clear[33]
+		str[2] = clear[34]
+		str[24] = clear[37]
+		str[26] = clear[38]
+		str[29] = clear[39]
+
+		for i := uint8(0); i < userNameLen; i++ {
+			str[i] = str[i] - random - (i << 2)
+		}
+		userName := string(str[:userNameLen])
+
+		if admin {
+			// todo 查cache 已退出登录
+		} else {
+			// todo 查cache 已退出登录
+		}
+
+		c.Set("username", userName)
+		c.Next()
+	}
+}
+
+//var JwtKey = []byte(utils.JwtKey)
+//
+//type MyClaims struct {
+//	Username string `json:"username"`
+//	jwt.StandardClaims
+//}
+//
+//// 生成token
+//func SetToken(username string) (string,int){
+//	setClaims := MyClaims{
+//		username,
+//		jwt.StandardClaims{
+//			ExpiresAt: time.Now().Add(10*time.Hour).Unix(),
+//			Issuer: "ginblog",
+//		},
+//	}
+//
+//	reqClaim := jwt.NewWithClaims(jwt.SigningMethodHS256, setClaims)
+//	token,err := reqClaim.SignedString(JwtKey)
+//	if err != nil {
+//		return "",errmsg.ERROR
+//	}
+//	return token,errmsg.SUCCSE
+//}
+//
+//// 验证token
+//func CheckToken(token string) (*MyClaims, int){
+//	if token == "" || token == "null"{
+//		return nil,errmsg.ERROR
+//	}
+//	setToken,_ := jwt.ParseWithClaims(token, &MyClaims{}, func(token *jwt.Token) (interface{}, error) {
+//		return JwtKey, nil
+//	})
+//	if key,_ := setToken.Claims.(*MyClaims); setToken.Valid{
+//		return key,errmsg.SUCCSE
+//	}
+//	return nil,errmsg.ERROR
+//}
+//
+//// jwt中间件
+//func JwtToken() gin.HandlerFunc{
+//	var code int
+//	return func(c *gin.Context) {
+//		tokenHeader := c.Request.Header.Get("Authorization")
+//
+//		if tokenHeader == "" {
+//			code = errmsg.ERROR_TOKEN_EXIST
+//			c.JSON(http.StatusOK,gin.H{
+//				"code":code,
+//				"message":errmsg.GetErrMsg(code),
+//			})
+//			c.Abort()
+//			return
+//		}
+//		checkToken := strings.SplitN(tokenHeader, " ", 2)
+//		if len(checkToken) != 2 && checkToken[0] != "Bearer" {
+//			code = errmsg.ERROR_TOKEN_TYPE_WRONG
+//			c.JSON(http.StatusOK,gin.H{
+//				"code":code,
+//				"message":errmsg.GetErrMsg(code),
+//			})
+//			c.Abort()
+//			return
+//		}
+//		key,tCode := CheckToken(checkToken[1])
+//		if tCode == errmsg.ERROR {
+//			code = errmsg.ERROR_TOKEN_WRONG
+//			c.JSON(http.StatusOK,gin.H{
+//				"code":code,
+//				"message":errmsg.GetErrMsg(code),
+//			})
+//			c.Abort()
+//			return
+//		}
+//		if time.Now().Unix() > key.ExpiresAt {
+//			code = errmsg.ERROR_TOKEN_RUNTIME
+//			c.JSON(http.StatusOK,gin.H{
+//				"code":code,
+//				"message":errmsg.GetErrMsg(code),
+//			})
+//			c.Abort()
+//			return
+//		}
+//
+//		c.Set("username",key.Username)
+//		c.Next()
+//	}
+//}
--- a/api/readme.md
+++ b/api/readme.md
 一、管理后台接口
 1. 后台用户登录
 传：LoginAccount、Password、验证码
+   用LoginAccount，获得AdminStruct，成功就更新 tokenCreatTime
 成功则进入首页
-成功回：token，Name， 菜单按钮权限，首页展示内容(后面做统计内容，现在先全为空)
+成功回：token，Name， 菜单按钮权限，首页展示内容(后面做统计内容，现在先全为空)  AdminStruct RoleAuthStruct
+2. 
+
+
+二、用户小程序接口
+1. 登录：获取用户code->appid+appsecret+code获取session_key+openid等，生成token
 2. 
\ No newline at end of file
--- a/api/router.go
+++ b/api/router.go
-package api
+package web

 import (
 	"dc_golang_server_1/config"
 	"dc_golang_server_1/logger"
-	"dc_golang_server_1/middleware"
 	"fmt"
 	"github.com/gin-gonic/gin"
 )
@@ -12,11 +11,11 @@ func InitRouter() { //*gin.Engine{
 	gin.SetMode(config.HttpServerMode)
 	r := gin.New()
 	r.Use(logger.HttpGinLog(), gin.Recovery())
-	r.Use(middleware.Cors())     //全局跨域 局部跨域的话在路由组里面去添加
-	r.Use(middleware.JwtToken()) //jwt 还是在对应需要token的路由组添加
+	r.Use(Cors())     //全局跨域 局部跨域的话在路由组里面去添加
+	r.Use(JwtToken()) //jwt 还是在对应需要token的路由组添加

 	user := r.Group("user/")
-	user.Use(middleware.JwtToken())
+	user.Use(JwtToken())
 	{ // 需要token的
 		//user.GET("users",GetUsers)
 	}
@@ -30,7 +29,7 @@ func InitRouter() { //*gin.Engine{
 	// 基础数据
 	// 区域

-	//router := r.Group("api/")
+	//router := r.Group("web/")
 	{
 		//router.POST()
 	}