{"id":6553,"date":"2024-09-19T15:05:14","date_gmt":"2024-09-19T07:05:14","guid":{"rendered":"https:\/\/t.n-years.com\/?p=6553"},"modified":"2024-09-19T15:05:14","modified_gmt":"2024-09-19T07:05:14","slug":"%e5%ae%a2%e6%88%b7%e7%ab%af%e4%b8%8e-server-%e7%ab%af%e5%ae%89%e5%85%a8%e9%80%9a%e4%bf%a1%ef%bc%8cgin-%e4%b8%ba%e4%be%8b","status":"publish","type":"post","link":"https:\/\/t.n-years.com\/?p=6553","title":{"rendered":"\u5ba2\u6237\u7aef\u4e0e Server \u7aef\u5b89\u5168\u901a\u4fe1\uff0cGin \u4e3a\u4f8b"},"content":{"rendered":"

\u4e3a\u4e86\u786e\u4fdd\u5ba2\u6237\u7aef\u4e0e Gin \u670d\u52a1\u5668\u7684\u901a\u4fe1\u5b89\u5168\uff0c\u4ee5\u4e0b\u51e0\u70b9\u662f\u5fc5\u987b\u8981\u8003\u8651\u7684\uff0c\u5305\u62ec\u52a0\u5bc6\u3001\u8eab\u4efd\u9a8c\u8bc1\u3001\u4ee5\u53ca\u9632\u6b62\u5e38\u89c1\u653b\u51fb\u7b49\u3002\u4e0b\u9762\u662f\u5e38\u7528\u7684\u5b89\u5168\u901a\u4fe1\u65b9\u6cd5\u548c\u5ba2\u6237\u7aef\u52a0\u5bc6\u65b9\u6848\uff1a<\/p>\n

1. \u4f7f\u7528 HTTPS\uff08TLS \u52a0\u5bc6\uff09<\/strong><\/h3>\n

\u6700\u57fa\u672c\u4e5f\u662f\u6700\u91cd\u8981\u7684\u4e00\u6b65\u662f\u4f7f\u7528 HTTPS \u6765\u52a0\u5bc6\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u7684\u901a\u4fe1\u3002\u901a\u8fc7 TLS\uff08\u4f20\u8f93\u5c42\u5b89\u5168\u534f\u8bae\uff09\uff0c\u6570\u636e\u5728\u4f20\u8f93\u8fc7\u7a0b\u4e2d\u88ab\u52a0\u5bc6\uff0c\u9632\u6b62\u4e2d\u95f4\u4eba\u653b\u51fb\u548c\u7a83\u542c\u3002<\/p>\n

\u5982\u4f55\u8bbe\u7f6e HTTPS\uff1a<\/h4>\n
    \n
  • \u4f7f\u7528\u8bc1\u4e66\u9881\u53d1\u673a\u6784\uff08CA\uff09\u63d0\u4f9b\u7684 SSL\/TLS \u8bc1\u4e66\uff0c\u786e\u4fdd\u670d\u52a1\u5668\u4f7f\u7528 HTTPS \u800c\u4e0d\u662f HTTP\u3002<\/li>\n
  • \u5728 Gin \u4e2d\uff0c\u60a8\u53ef\u4ee5\u901a\u8fc7 ListenAndServeTLS()<\/code> \u65b9\u6cd5\u542f\u7528 HTTPS\uff1a\n
    r := gin.Default()\nr.GET(\"\/ping\", func(c *gin.Context) {\n  c.JSON(200, gin.H{\n      \"message\": \"pong\",\n  })\n})\nr.RunTLS(\":443\", \"server.crt\", \"server.key\")<\/code><\/pre>\n<\/li>\n
  • \u5ba2\u6237\u7aef\u8bf7\u6c42\u65f6\uff0c\u5e94\u786e\u4fdd\u4f7f\u7528 https:\/\/<\/code> \u534f\u8bae\uff0c\u800c\u4e0d\u662f http:\/\/<\/code>\u3002<\/li>\n<\/ul>\n
    2. \u4f7f\u7528 Token \u8ba4\u8bc1\uff08\u4f8b\u5982 JWT\uff09<\/strong><\/h3>\n
    \u4e3a\u4e86\u786e\u4fdd\u5ba2\u6237\u7aef\u8eab\u4efd\u7684\u5b89\u5168\u6027\uff0c\u63a8\u8350\u4f7f\u7528\u4ee4\u724c\uff08token\uff09\u673a\u5236\u6765\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002JWT\uff08JSON Web Token\uff09<\/strong> \u662f\u4e00\u4e2a\u5e38\u7528\u7684\u6807\u51c6\uff0c\u5b83\u53ef\u4ee5\u5b89\u5168\u5730\u5728\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u4e4b\u95f4\u4f20\u9012\u8eab\u4efd\u4fe1\u606f\u3002<\/p>\n
    JWT \u5de5\u4f5c\u6d41\u7a0b\uff1a<\/h4>\n
      \n
    1. \u5ba2\u6237\u7aef\u63d0\u4f9b\u51ed\u8bc1\uff08\u5982\u7528\u6237\u540d\u548c\u5bc6\u7801\uff09\uff0c\u5e76\u901a\u8fc7 HTTPS \u5411\u670d\u52a1\u5668\u8bf7\u6c42\u8eab\u4efd\u9a8c\u8bc1\u3002<\/li>\n
    2. \u670d\u52a1\u5668\u9a8c\u8bc1\u51ed\u8bc1\uff0c\u751f\u6210\u4e00\u4e2a JWT\uff0c\u5e76\u5c06\u5176\u8fd4\u56de\u7ed9\u5ba2\u6237\u7aef\u3002<\/li>\n
    3. \u5ba2\u6237\u7aef\u5c06 JWT \u5b58\u50a8\u5728\u5b89\u5168\u7684\u5730\u65b9\uff08\u5982 localStorage<\/code> \u6216 sessionStorage<\/code>\uff0c\u4f46\u4e0d\u8981\u5b58\u50a8\u5728\u4e0d\u5b89\u5168\u7684\u5730\u65b9\uff0c\u5982 cookie \u4e2d\uff09\u3002<\/li>\n
    4. \u6bcf\u6b21\u8bf7\u6c42\u65f6\uff0c\u5ba2\u6237\u7aef\u5c06 JWT \u9644\u52a0\u5230\u8bf7\u6c42\u7684 Authorization Header \u4e2d\uff1a\n
      Authorization: Bearer <\/code><\/pre>\n<\/li>\n
    5. \u670d\u52a1\u5668\u5728\u63a5\u6536\u5230\u8bf7\u6c42\u540e\uff0c\u9a8c\u8bc1 JWT \u5e76\u89e3\u6790\u51fa\u7528\u6237\u8eab\u4efd\u4fe1\u606f\u3002<\/li>\n<\/ol>\n
      \u4f7f\u7528 JWT \u7684\u597d\u5904\u662f\uff0c\u4ee4\u724c\u5728\u751f\u6210\u65f6\u5305\u542b\u7b7e\u540d\uff0c\u9632\u6b62\u7be1\u6539\uff0c\u5e76\u4e14\u53ef\u4ee5\u8bbe\u7f6e\u8fc7\u671f\u65f6\u95f4\u6765\u589e\u5f3a\u5b89\u5168\u6027\u3002<\/p>\n
      \u793a\u4f8b\uff1a<\/h4>\n
      \u5728 Gin \u4e2d\uff0c\u53ef\u4ee5\u4f7f\u7528 jwt-go<\/code> \u5e93\u6765\u5b9e\u73b0 JWT \u8eab\u4efd\u9a8c\u8bc1\uff1a<\/p>\n
      import (\n    "github.com\/dgrijalva\/jwt-go"\n    "time"\n)\n\nfunc GenerateJWT() (string, error) {\n    mySigningKey := []byte("secret")\n    token := jwt.New(jwt.SigningMethodHS256)\n    claims := token.Claims.(jwt.MapClaims)\n    claims["authorized"] = true\n    claims["user"] = "username"\n    claims["exp"] = time.Now().Add(time.Hour * 24).Unix()\n\n    tokenString, err := token.SignedString(mySigningKey)\n    if err != nil {\n        return "", err\n    }\n    return tokenString, nil\n}<\/code><\/pre>\n
      3. \u8bf7\u6c42\u4f53\u52a0\u5bc6<\/strong><\/h3>\n
      \u4e3a\u4e86\u8fdb\u4e00\u6b65\u4fdd\u62a4\u8bf7\u6c42\u4e2d\u7684\u654f\u611f\u4fe1\u606f\uff0c\u4f60\u53ef\u4ee5\u5728\u5e94\u7528\u5c42\u4e0a\u52a0\u5bc6\u6570\u636e\uff0c\u6bd4\u5982\u5728\u5ba2\u6237\u7aef\u52a0\u5bc6\u8bf7\u6c42\u4f53\uff08\u6216\u67d0\u4e9b\u5b57\u6bb5\uff09\uff0c\u670d\u52a1\u5668\u63a5\u6536\u8bf7\u6c42\u540e\u89e3\u5bc6\u3002<\/p>\n
      \u5e38\u7528\u52a0\u5bc6\u7b97\u6cd5\u5305\u62ec AES<\/strong>\uff08\u5bf9\u79f0\u52a0\u5bc6\uff09\u548c RSA<\/strong>\uff08\u975e\u5bf9\u79f0\u52a0\u5bc6\uff09\u3002\u5e38\u89c1\u505a\u6cd5\u662f\uff1a<\/p>\n