From 8aafcbd91cb35643412e7e501cddba895630e8cd Mon Sep 17 00:00:00 2001
From: yanweidong <david.yan@qq.com>
Date: Mon, 13 Oct 2025 13:10:01 +0800
Subject: [PATCH] fix bug

---
 crypto/token/jwt.go |  6 +++---
 middleware/jwt.go   | 30 +++++++++++++++++++-----------
 2 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/crypto/token/jwt.go b/crypto/token/jwt.go
index f9a3b71..6f85631 100644
--- a/crypto/token/jwt.go
+++ b/crypto/token/jwt.go
@@ -77,19 +77,19 @@ func (t *tokenJwt) IsExpired(tokenstring string) (bool, error) {
 	// 分割JWT的三个部分
 	parts := strings.Split(tokenstring, ".")
 	if len(parts) != 3 {
-		return false, errcode.ErrTokenDataInvalid
+		return true, errcode.ErrTokenDataInvalid
 	}
 
 	// 解码Payload部分
 	payload, err := base64.RawURLEncoding.DecodeString(parts[1])
 	if err != nil {
-		return false, errcode.String(errcode.ErrTokenBase64Decode, err.Error())
+		return true, errcode.String(errcode.ErrTokenBase64Decode, err.Error())
 	}
 
 	// 解析JSON
 	var claims jwt.RegisteredClaims
 	if err := json.Unmarshal(payload, &claims); err != nil {
-		return false, errcode.String(errcode.ErrTokenJsonDecode, err.Error())
+		return true, errcode.String(errcode.ErrTokenJsonDecode, err.Error())
 	}
 
 	// 检查过期时间
diff --git a/middleware/jwt.go b/middleware/jwt.go
index 00201a2..a8d01c3 100644
--- a/middleware/jwt.go
+++ b/middleware/jwt.go
@@ -6,9 +6,9 @@ import (
 	"encoding/json"
 	"log"
 	"net/http"
-	"time"
 
-	"git.apinb.com/bsm-sdk/core/crypto/encipher"
+	"git.apinb.com/bsm-sdk/core/crypto/token"
+	"git.apinb.com/bsm-sdk/core/env"
 	"git.apinb.com/bsm-sdk/core/errcode"
 	"git.apinb.com/bsm-sdk/core/types"
 	"github.com/gin-gonic/gin"
@@ -27,19 +27,18 @@ func JwtAuth(time_verify bool) gin.HandlerFunc {
 			c.Abort()
 			return
 		}
-		// 提取Token
-		claims, err := encipher.ParseTokenAes(authHeader)
-		if err != nil || claims == nil {
-			log.Printf("提取token异常:%v\n", err)
-			c.JSON(http.StatusUnauthorized, gin.H{"error": "Token is required"})
-			c.Abort()
-			return
-		}
 
 		// 检测是否需要验证token时间
 		if time_verify {
 			// 判断时间claims.ExpiresAt
-			if time.Now().Unix() > claims.ExpiresAt {
+			isExpire, err := token.New(env.Runtime.JwtSecretKey).IsExpired(authHeader)
+			if err != nil {
+				log.Println("token解析异常:", err)
+				c.JSON(http.StatusUnauthorized, gin.H{"error": "Token is required"})
+				c.Abort()
+				return
+			}
+			if isExpire {
 				log.Println("token过期，请重新获取:", "Token has expired")
 				c.JSON(http.StatusUnauthorized, gin.H{"error": "Token has expired"})
 				c.Abort()
@@ -47,6 +46,15 @@ func JwtAuth(time_verify bool) gin.HandlerFunc {
 			}
 		}
 
+		// 提取Token
+		claims, err := token.New(env.Runtime.JwtSecretKey).ParseJwt(authHeader)
+		if err != nil || claims == nil {
+			log.Printf("提取token异常:%v\n", err)
+			c.JSON(http.StatusUnauthorized, gin.H{"error": "Token is required"})
+			c.Abort()
+			return
+		}
+
 		// 将解析后的 Token 存储到上下文中
 		c.Set("Auth", claims)
 		// 如果 Token 有效，继续处理请求