企业官网建设流程全解析

Go语言API认证：JWT与OAuth2实现

1. 认证概述

API认证确保只有授权的客户端才能访问API资源。

2. JWT认证中间件

package auth import ( "net/http" "strings" "github.com/gin-gonic/gin" "github.com/golang-jwt/jwt/v5" ) func JWTAuthMiddleware(secret string) gin.HandlerFunc { return func(c *gin.Context) { authHeader := c.GetHeader("Authorization") if authHeader == "" { c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "authorization header required"}) return } parts := strings.Split(authHeader, " ") if len(parts) != 2 || parts[0] != "Bearer" { c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "invalid authorization header format"}) return } tokenString := parts[1] token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { return []byte(secret), nil }) if err != nil || !token.Valid { c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "invalid token"}) return } claims, ok := token.Claims.(jwt.MapClaims) if !ok { c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "invalid token claims"}) return } c.Set("user_id", claims["user_id"]) c.Next() } }

3. 总结

JWT和OAuth2是API认证的常用方案，应根据安全需求选择合适的认证方式。