{"id":15324113,"url":"https://github.com/dxvgef/token","last_synced_at":"2025-04-14T23:34:36.343Z","repository":{"id":144200668,"uuid":"120735340","full_name":"dxvgef/token","owner":"dxvgef","description":"Go语言的访问令牌开发包，可用于 session 或 access token 两种模式的应用场景","archived":false,"fork":false,"pushed_at":"2025-03-05T18:16:47.000Z","size":73,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-28T11:39:37.732Z","etag":null,"topics":["access-control","access-management","access-token","authentication","session","token-authetication"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dxvgef.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-02-08T08:49:10.000Z","updated_at":"2025-03-05T18:16:51.000Z","dependencies_parsed_at":"2025-03-05T18:32:22.320Z","dependency_job_id":"74c4609a-4c9c-4707-bc07-5b455464ea4f","html_url":"https://github.com/dxvgef/token","commit_stats":null,"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dxvgef%2Ftoken","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dxvgef%2Ftoken/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dxvgef%2Ftoken/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dxvgef%2Ftoken/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dxvgef","download_url":"https://codeload.github.com/dxvgef/token/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248980258,"owners_count":21193131,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["access-control","access-management","access-token","authentication","session","token-authetication"],"created_at":"2024-10-01T09:24:25.650Z","updated_at":"2025-04-14T23:34:36.338Z","avatar_url":"https://github.com/dxvgef.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# dxvgef/token\n\n`Go`语言的访问令牌开发包，可应用于 Session Cookie 或 OAuth 等多种场景 \n\n## 特点\n\n- 令牌可存储荷载内容\n- 令牌可定义客户端的IP和指纹信息，用于在校验令牌的同时验证客户端有效性 \n- 用自定义回调函数生成和校验令牌字符串，方便使用各种算法\n- 可限制每个令牌的生命周期的刷新次数\n- 使用`Redis`协议兼容的服务端存储令牌数据\n\n## 应用场景\n\n### Session Cookie 模式\n\n创建一个旧短生命周期的令牌作为会话ID，写入到客户端 Cookie。\n\n服务端使用`Token.Valid()`验证令牌有效性。\n\n可用以下两种方案保持会话存活：\n1. 使用`Token.Refresh()`方法延长令牌的生命周期\n2. 销毁当前令牌，并创建一个同样荷载内容的新令牌，发给客户端替换原来的令牌\n\n### OAuth 模式\n\n先创建一个生命周期较长的令牌，作为刷新令牌（refreshToken）。\n\n然后使用刷新令牌的`MakeChildToken()`方法创建一个生命周期较短的子令牌，作为访问令牌（accessToken）\n\n当访问令牌到期，客户端将访问和刷新令牌都发到服务端进行校验。\n\n服务端校验刷新令牌有效，并且校验其子令牌与提交的访问令牌是否匹配\n\n校验都通过后，使用`Manager.DestroyToken(refreshToken, true)`或者`refreshToken.Destroy(true)`将当前的两个令牌都销毁\n\n最后重新创建一对新令牌，发给客户端替换原来的令牌\n\n## 方法列表\n\n### 管理器 (Manager)\n\n- `NewManager()` 创建令牌管理器实例，必须传入`github.com/redis/go-redis`的`*Client`类型的变量\n- `ManagerOptions.MakeTokenFunc()` 管理器创建令牌字符串的回调函数\n- `ManagerOptions.CheckTokenFunc()` 管理器校验令牌字符串的回调函数\n- `Manager.MakeToken()` 创建令牌\n- `Manager.ParseToken()` 将字符串解析成令牌\n- `Manager.DestroyToken()` 销毁指定的令牌，可同时销毁子令牌\n\n### 令牌 (Token)\n\n- `MakeChildToken()` 创建子令牌\n- `Destroy()` 销毁当前令牌，可同时销毁子令牌\n- `Refresh()` 刷新生命周期\n- `Set()` 设置荷载中的键值\n- `Value()` 获取令牌的字符串\n- `Get()` 获取荷载的指定键的数据\n- `GetFields()` 获取荷载的多个键的数据\n- `GetAll()` 获取荷载的所有数据，可包含令牌的元信息(_开头的字段)\n- `CreatedAt()` 获取创建时间\n- `ExpiresAt()` 获取到期时间\n- `TTL()` 获取TTL值\n- `RefreshedAt()` 获取最后刷新时间\n- `RefreshedCount()` 获取刷新次数\n- `RefreshLimit()` 获取刷新上限制\n- `IP()` 获取绑定的客户端IP\n- `Fingerprint()` 获取绑定的客户端指纹信息\n- `ChildToken()` 获取子令牌\n- `ValidateIP()` 验证IP是否匹配\n- `ValidateFingerprint` 验证指纹是否匹配\n- `IsUnexpired()` 未过期\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdxvgef%2Ftoken","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdxvgef%2Ftoken","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdxvgef%2Ftoken/lists"}