This article is a secondary certification business chapter. It will talk about the implementation of secondary certification business and add new functions to the library/framework.
Source code:/weloe/token-go
In a system, in order to ensure account security, in addition to logging in, we may also perform secondary verification, such as transaction password authentication in the game, two-step verification of blog park login, etc. Therefore, I intend to encapsulate the functionality of secondary authentication for token-go.
Implementation ideas
For secondary authentication, our authentication object is token, that is, a login object. In order to be compatible with various services, service services must be added. Finally, it is the time when the authentication takes effect. After all, it is impossible to no longer need to authenticate after one authentication, so the function of this secondary authentication is meaningless.
In business, we often need four methods: perform authentication, judge whether to authenticate, check the remaining time when the authentication takes effect, and cancel the authentication (make the authentication invalid).
From the code implementation
Authentication requires storage of token-service information
Determining whether the authentication is valid (whether it is within the authentication time) is to determine whether the token-service information exists.
Checking the remaining time for the authentication to take effect is to get the remaining storage time of the token-service
To cancel the authentication (make the authentication invalid) means to manually delete the token-service information. Generally speaking, you need to cancel the authentication information when logging out.
Adapter is used to persist operations such as storage deletion.
/weloe/token-go/blob/9d1a8be2c16559d46460c82b33995b789e6e31c4/enforcer_interface.go#L58
OpenSafe(token string, service string, time int64) error IsSafe(token string, service string) bool GetSafeTime(token string, service string) int64 CloseSafe(token string, service string) error
Code implementation
With the idea, the code implementation is actually very simple. It is nothing more than storing information, judging whether the information exists and deleting information.
Perform certification
/weloe/token-go/blob/9d1a8be2c16559d46460c82b33995b789e6e31c4/#L646
First, check the parameters. Before performing authentication, you need to determine whether to log in, otherwise how can you say it is a level 2 authentication? Store token and service information, call logger, and finally call watcher to provide extension points.
func (e *Enforcer) OpenSafe(token string, service string, time int64) error {
if time == 0 {
return nil
}
// Determine whether to log in err := (token)
if err != nil {
return err
}
err = ((token, service), , time)
if err != nil {
return err
}
if != nil {
(, token, service, time)
}
return nil
}Determine authentication or not
/weloe/token-go/blob/ac8674dc3ebbd4bcb213328b43f4c11678191919/#L665
Determining whether to authenticate is to determine whether token-service information exists.
func (e *Enforcer) IsSafe(token string, service string) bool {
if token == "" {
return false
}
str := ((token, service))
return str != ""
}Check the remaining time for certification to take effect
/weloe/token-go/blob/ac8674dc3ebbd4bcb213328b43f4c11678191919/#L673
func (e *Enforcer) GetSafeTime(token string, service string) int64 {
if token == "" {
return 0
}
timeout := ((token, service))
return timeout
}Cancel the certification
/weloe/token-go/blob/ac8674dc3ebbd4bcb213328b43f4c11678191919/#L681
Cancel means using adapter to delete the token-service information
func (e *Enforcer) CloseSafe(token string, service string) error {
if token == "" {
return nil
}
err := ((token, service))
if err != nil {
return err
}
if != nil {
(, token, service)
}
return nil
}test
/weloe/token-go/blob/9d1a8be2c16559d46460c82b33995b789e6e31c4/enforcer_test.go#L478
func TestEnforcer_SecSafe(t *) {
err, enforcer, _ := NewTestEnforcer(t)
if err != nil {
("NewTestEnforcer() failed: %v", err)
}
tokenValue, err := ("1")
if err != nil {
("LoginById() failed: %v", err)
}
service := "default_service"
err = (tokenValue, service, 600000)
if err != nil {
("OpenSafe() failed: %v", err)
}
isSafe := (tokenValue, service)
if !isSafe {
("IsSafe() failed, unexpected return value: %v", isSafe)
}
time := (tokenValue, service)
("safe time is %v", time)
err = (tokenValue, service)
if err != nil {
("CloseSafe() failed: %v", err)
}
time = (tokenValue, service)
if time != {
("error safe time: %v", time)
}
isSafe = (tokenValue, service)
if isSafe {
("IsSafe() failed, unexpected return value: %v", isSafe)
}
}=== RUN TestEnforcer_SecSafe
2023/10/02 20:56:00 timer period = 30, timer start
enforcer_test.go:497: safe time is 600000
--- PASS: TestEnforcer_SecSafe (0.01s)
PASSBy using Go to encapsulate the secondary authentication function, we can achieve a simple and efficient user authentication process. This not only improves account security, but also simplifies our code and improves development efficiency.
This article is about simplicity and efficiency! This is the article that implements the Go language encapsulation of the secondary authentication function. For more information about encapsulation of the secondary authentication function, please search for my previous articles or continue browsing the related articles below. I hope everyone will support me in the future!