{"id":231,"date":"2025-12-10T21:41:41","date_gmt":"2025-12-10T13:41:41","guid":{"rendered":"https:\/\/caoxunyi.cn\/?p=231"},"modified":"2025-12-10T21:41:41","modified_gmt":"2025-12-10T13:41:41","slug":"%e3%80%90%e5%85%a8%e6%a0%88%e7%a1%ac%e6%a0%b8%e5%ae%9e%e6%88%98%e3%80%91%e4%bb%8e%e9%9b%b6%e6%89%8b%e6%90%93%e4%b8%80%e4%b8%aa%e5%9f%ba%e4%ba%8e-gin-js-%e7%9a%84%e9%89%b4%e6%9d%83%e9%97%ad%e7%8e%af","status":"publish","type":"post","link":"https:\/\/caoxunyi.cn\/index.php\/231\/","title":{"rendered":"\u3010\u5168\u6808\u786c\u6838\u5b9e\u6218\u3011\u4ece\u96f6\u624b\u6413\u4e00\u4e2a\u57fa\u4e8e Gin + JS \u7684\u9274\u6743\u95ed\u73af\u7cfb\u7edf"},"content":{"rendered":"<blockquote>\n<p>\u5728\u73b0\u5728\u7684 Web \u5f00\u53d1\u4e2d\uff0c\u6211\u4eec\u592a\u4e60\u60ef\u4e8e\u4f9d\u8d56\u73b0\u6210\u7684\u5e93\u4e86\uff1a\u524d\u7aef\u7528 Auth0\uff0c\u540e\u7aef\u7528 Passport.js\u3002\u4f46\u5982\u679c\u5265\u53bb\u8fd9\u4e9b\u5c42\u5c42\u5c01\u88c5\uff0c<strong>\u201c\u767b\u5f55\u201d\u8fd9\u4ef6\u4e8b\u7684\u672c\u8d28\u7a76\u7adf\u662f\u4ec0\u4e48\uff1f<\/strong><\/p>\n<p>\u4eca\u5929\uff0c\u6211\u5c06\u5265\u79bb\u6240\u6709\u590d\u6742\u7684\u7b2c\u4e09\u65b9\u5e93\uff0c\u5e26\u5927\u5bb6\u7528\u6700\u539f\u751f\u7684 Go (Gin) \u548c JavaScript\uff0c\u624b\u6413\u4e00\u4e2a\u5305\u542b<strong>\u540e\u7aef\u4e2d\u95f4\u4ef6\u62e6\u622a<\/strong>\u3001<strong>\u524d\u7aef Token \u7ba1\u7406<\/strong>\u3001<strong>\u4ea4\u4e92\u5f0f\u767b\u5f55\u5f39\u7a97<\/strong>\u7684\u5b8c\u6574\u9274\u6743\u7cfb\u7edf\u3002\u6211\u4eec\u5c06\u4e0d\u4ec5\u5b9e\u73b0\u529f\u80fd\uff0c\u66f4\u8981\u63a2\u8ba8\u5176\u80cc\u540e\u7684\u67b6\u6784\u601d\u7ef4\u3002<\/p>\n<\/blockquote>\n<hr \/>\n<h2>\u7b2c\u4e00\u7ae0\uff1a\u9876\u5c42\u67b6\u6784\u8bbe\u8ba1<\/h2>\n<p>\u5728\u5199\u4ee3\u7801\u4e4b\u524d\uff0c\u6211\u4eec\u5148\u68b3\u7406\u4e00\u4e0b\u903b\u8f91\u3002\u5bf9\u4e8e\u4e2a\u4eba\u535a\u5ba2\u7cfb\u7edf\uff08Mikuweb\uff09\u800c\u8a00\uff0c\u6211\u4eec\u7684\u9700\u6c42\u975e\u5e38\u660e\u786e\uff1a<strong>\u5355\u7ba1\u7406\u5458\u6a21\u5f0f<\/strong>\u3002<\/p>\n<p>\u6211\u4eec\u9700\u8981\u6784\u5efa\u4e00\u4e2a\u201c\u95ed\u73af\u201d\uff1a<\/p>\n<ol>\n<li><strong>\u524d\u7aef<\/strong>\uff1a\u62ff\u7740\u5bc6\u7801\u53bb\u6362\u901a\u884c\u8bc1\uff08Token\uff09\u3002<\/li>\n<li><strong>\u524d\u7aef<\/strong>\uff1a\u628a\u901a\u884c\u8bc1\u7f1d\u5728\u8863\u670d\u4e0a\uff08LocalStorage\uff09\uff0c\u6bcf\u6b21\u529e\u4e8b\uff08\u53d1\u8bf7\u6c42\uff09\u90fd\u4eae\u51fa\u6765\u3002<\/li>\n<li><strong>\u540e\u7aef<\/strong>\uff1a\u8bbe\u7f6e\u4e00\u9053\u5b89\u68c0\u95e8\uff08Middleware\uff09\uff0c\u6709\u8bc1\u7684\u653e\u884c\uff0c\u6ca1\u8bc1\u7684\u62e6\u622a\u3002<\/li>\n<\/ol>\n<h3>\u6570\u636e\u6d41\u5411\u56fe<\/h3>\n<pre><code class=\"lang-mermaid language-mermaid\">sequenceDiagram\n    participant U as \ud83d\udc64 \u7528\u6237 (Browser)\n    participant A as \ud83d\udeaa \u767b\u5f55\u63a5\u53e3 (\/login)\n    participant M as \ud83d\udee1\ufe0f \u9274\u6743\u4e2d\u95f4\u4ef6 (Middleware)\n    participant H as \u2699\ufe0f \u4e1a\u52a1\u903b\u8f91 (\/admin\/posts)\n\n    Note over U, A: \u9636\u6bb5\u4e00\uff1a\u83b7\u53d6\u51ed\u8bc1\n    U-&gt;&gt;A: 1. \u63d0\u4ea4\u5bc6\u7801 (POST \/login)\n    alt \u5bc6\u7801\u6b63\u786e\n        A--&gt;&gt;U: 2. \u8fd4\u56de Token (\u51ed\u8bc1)\n        Note over U: \u5c06 Token \u5b58\u5165 LocalStorage\n    else \u5bc6\u7801\u9519\u8bef\n        A--&gt;&gt;U: 401 Unauthorized\n    end\n\n    Note over U, H: \u9636\u6bb5\u4e8c\uff1a\u4f7f\u7528\u51ed\u8bc1\n    U-&gt;&gt;M: 3. \u53d1\u8d77\u654f\u611f\u64cd\u4f5c (Header\u643a\u5e26 Token)\n    M-&gt;&gt;M: 4. \u68c0\u67e5 Token \u662f\u5426\u6709\u6548\n    alt \u9a8c\u8bc1\u901a\u8fc7\n        M-&gt;&gt;H: 5. next() \u653e\u884c\n        H--&gt;&gt;U: 6. \u64cd\u4f5c\u6210\u529f\n    else \u9a8c\u8bc1\u5931\u8d25\n        M--&gt;&gt;U: 401 \u62e6\u622a\u8bf7\u6c42\n    end<\/code><\/pre>\n<hr \/>\n<h2>\u7b2c\u4e8c\u7ae0\uff1a\u540e\u7aef\u5b9e\u73b0 \u2014\u2014 \u5b88\u95e8\u5458\u7684\u827a\u672f (Go + Gin)<\/h2>\n<p>\u540e\u7aef\u7684\u7075\u9b42\u4e0d\u5728\u4e8e\u90a3\u4e2a <code>login<\/code> \u63a5\u53e3\uff0c\u800c\u5728\u4e8e<strong>\u4e2d\u95f4\u4ef6 (Middleware)<\/strong> \u7684\u8bbe\u8ba1\u3002<\/p>\n<h3>1. \u5b9a\u4e49\u201c\u4e0a\u5e1d\u5bc6\u7801\u201d\u4e0e\u914d\u7f6e<\/h3>\n<p>\u4e3a\u4e86\u6f14\u793a\u6700\u7eaf\u7cb9\u7684\u903b\u8f91\uff0c\u6211\u4eec\u8fd9\u91cc\u4f7f\u7528\u201c\u786c\u7f16\u7801\u201d\u7684\u5355\u5bc6\u7801\u6a21\u5f0f\uff08\u751f\u4ea7\u73af\u5883\u8bf7\u52a1\u5fc5\u4f7f\u7528\u73af\u5883\u53d8\u91cf\uff09\u3002<\/p>\n<pre><code class=\"lang-go language-go go\">\/\/ main.go\nconst (\n    \/\/ \u8fd9\u662f\u552f\u4e00\u7684\u901a\u5173\u79d8\u7c4d\uff0c\u5b9e\u9645\u5f00\u53d1\u4e2d\u5efa\u8bae\u8bfb\u53d6 os.Getenv(&quot;APP_PASSWORD&quot;)\n    ADMIN_PASSWORD = &quot;miku_is_cute&quot; \n\n    \/\/ \u7ba1\u7406\u5458\u516c\u5f00\u4fe1\u606f\n    ADMIN_NICKNAME = &quot;awkker&quot;\n    ADMIN_AVATAR   = &quot;\/static\/xunyi.png&quot;\n)<\/code><\/pre>\n<h3>2. \u6838\u5fc3\uff1a\u7f16\u5199\u9274\u6743\u4e2d\u95f4\u4ef6 (The Gatekeeper)<\/h3>\n<p>\u8fd9\u662f\u5f88\u591a\u521d\u5b66\u8005\u5bb9\u6613\u5361\u4f4f\u7684\u5730\u65b9\u3002<strong>\u4e2d\u95f4\u4ef6\u672c\u8d28\u4e0a\u662f\u4e00\u4e2a\u62e6\u622a\u5668<\/strong>\u3002\u5728 Gin \u4e2d\uff0c\u5b83\u63a7\u5236\u7740\u8bf7\u6c42\u7684\u751f\u547d\u5468\u671f\u3002<\/p>\n<pre><code class=\"lang-go language-go go\">\/\/ AuthMiddleware \u5c31\u50cf\u673a\u573a\u5b89\u68c0\uff0c\u4e0d\u901a\u8fc7\u5b89\u68c0\uff08Token\u9519\u8bef\uff09\uff0c\u6c38\u8fdc\u8fdb\u4e0d\u4e86\u5019\u673a\u5385\uff08\u4e1a\u52a1\u903b\u8f91\uff09\nfunc AuthMiddleware() gin.HandlerFunc {\n    return func(c *gin.Context) {\n        \/\/ Step 1: \u68c0\u67e5\u65c5\u5ba2\u6709\u6ca1\u6709\u5e26&ldquo;\u901a\u884c\u8bc1&rdquo;\n        \/\/ \u7ea6\u5b9a\uff1a\u524d\u7aef\u5fc5\u987b\u5728 HTTP Header \u7684 &quot;Authorization&quot; \u5b57\u6bb5\u4e2d\u643a\u5e26 Token\n        token := c.GetHeader(&quot;Authorization&quot;)\n\n        \/\/ Step 2: \u9a8c\u8bc1\u901a\u884c\u8bc1\u7684\u771f\u4f2a\n        \/\/ \u8fd9\u91cc\u6211\u4eec\u505a\u7b80\u5355\u7684\u5b57\u7b26\u4e32\u6bd4\u5bf9\uff0c\u5b9e\u9645\u573a\u666f\u4e2d\u901a\u5e38\u662f\u6821\u9a8c JWT \u7684\u7b7e\u540d\n        if token != ADMIN_PASSWORD {\n            \/\/ \ud83d\uded1 \u6838\u5fc3\u64cd\u4f5c\uff1aAbort\n            \/\/ Abort() \u4f1a\u963b\u6b62\u6302\u5728\u5f53\u524d\u8def\u7531\u4e0b\u7684\u540e\u7eed Handler \u6267\u884c\n            c.AbortWithStatusJSON(401, gin.H{\n                &quot;error&quot;: &quot;\u6743\u9650\u4e0d\u8db3\uff1a\u8bf7\u5148\u767b\u5f55\u55b5\uff01(&gt;_&lt;)&quot;,\n            })\n            return \/\/ \u5fc5\u987b return\uff0c\u5426\u5219\u51fd\u6570\u4f1a\u7ee7\u7eed\u5411\u4e0b\u8dd1\n        }\n\n        \/\/ \u2705 \u6838\u5fc3\u64cd\u4f5c\uff1aNext\n        \/\/ \u9a8c\u8bc1\u901a\u8fc7\uff0c\u653e\u884c\u7ed9\u4e0b\u4e00\u4e2a\u5904\u7406\u51fd\u6570\uff08\u6bd4\u5982\u53d1\u5e03\u6587\u7ae0\u7684 Controller\uff09\n        c.Next()\n    }\n}<\/code><\/pre>\n<h3>3. \u8def\u7531\u5206\u7ec4\uff1a\u58f0\u660e\u5f0f\u6743\u9650\u7ba1\u7406<\/h3>\n<p>\u6709\u4e86\u4e2d\u95f4\u4ef6\uff0c\u6211\u4eec\u4e0d\u9700\u8981\u5728\u6bcf\u4e2a\u63a5\u53e3\u91cc\u5199 <code>if password == ...<\/code>\u3002\u6211\u4eec\u5229\u7528 <strong>\u8def\u7531\u7ec4 (Group)<\/strong> \u6765\u5708\u5b9a\u4fdd\u62a4\u8303\u56f4\u3002<\/p>\n<pre><code class=\"lang-go language-go go\">func main() {\n    r := gin.Default()\n\n    \/\/ === \u516c\u5171\u533a\u57df (Public) ===\n    \/\/ \u4efb\u4f55\u4eba\u90fd\u53ef\u4ee5\u770b\u6587\u7ae0\uff0c\u4e0d\u9700\u8981 Token\n    r.GET(&quot;\/posts&quot;, postController.GetList)\n    r.POST(&quot;\/login&quot;, authController.Login) \/\/ \u767b\u5f55\u63a5\u53e3\u672c\u8eab\u5fc5\u987b\u662f\u516c\u5f00\u7684\n\n    \/\/ === \u7981\u533a (Private\/Admin) ===\n    \/\/ \u4f7f\u7528 Use() \u6302\u8f7d\u6211\u4eec\u521a\u624d\u5199\u7684\u4e2d\u95f4\u4ef6\n    admin := r.Group(&quot;\/admin&quot;)\n    admin.Use(AuthMiddleware()) \n    {\n        \/\/ \u53ea\u6709\u643a\u5e26\u6b63\u786e Token \u7684\u8bf7\u6c42\u624d\u80fd\u5230\u8fbe\u8fd9\u91cc\n        admin.POST(&quot;\/posts&quot;, postController.Create)   \/\/ \u5199\u6587\u7ae0\n        admin.DELETE(&quot;\/posts\/:id&quot;, postController.Delete) \/\/ \u5220\u6587\u7ae0\n    }\n\n    r.Run(&quot;:8080&quot;)\n}<\/code><\/pre>\n<hr \/>\n<h2>\u7b2c\u4e09\u7ae0\uff1a\u524d\u7aef\u5b9e\u73b0 \u2014\u2014 \u72b6\u6001\u7ba1\u7406\u4e0e\u5fae\u4ea4\u4e92 (Native JS)<\/h2>\n<p>\u524d\u7aef\u7684\u96be\u70b9\u5728\u4e8e\uff1a<strong>HTTP \u662f\u65e0\u72b6\u6001\u7684\uff0c\u6d4f\u89c8\u5668\u600e\u4e48\u201c\u8bb0\u4f4f\u201d\u6211\u767b\u5f55\u4e86\uff1f<\/strong> \u4ee5\u53ca\uff0c\u5982\u4f55\u901a\u8fc7\u5fae\u5c0f\u7684\u52a8\u753b\u63d0\u5347\u7528\u6237\u4f53\u9a8c\uff1f<\/p>\n<h3>1. \u72b6\u6001\u6301\u4e45\u5316\uff1aLocalStorage<\/h3>\n<p>\u6211\u4eec\u4f7f\u7528 <code>localStorage<\/code> \u800c\u4e0d\u662f <code>sessionStorage<\/code>\uff0c\u8fd9\u6837\u5373\u4f7f\u7528\u6237\u5173\u95ed\u6d4f\u89c8\u5668\u518d\u6253\u5f00\uff0c\u767b\u5f55\u72b6\u6001\u4f9d\u7136\u5b58\u5728\u3002<\/p>\n<pre><code class=\"lang-javascript language-javascript javascript\">\/\/ static\/js\/user.js\n\n\/\/ \u5c01\u88c5\u4e00\u4e2a User \u6a21\u5757\uff0c\u8d1f\u8d23\u7ba1\u7406\u8eab\u4efd\nconst UserModule = {\n    \/\/ \u68c0\u67e5\u662f\u5426\u767b\u5f55\uff1a\u4e5f\u5c31\u662f\u770b\u770b\u515c\u91cc\u6709\u6ca1\u6709 Token\n    isLoggedIn() {\n        return !!localStorage.getItem('auth_token');\n    },\n\n    \/\/ \u767b\u5f55\u6210\u529f\u540e\u7684\u5904\u7406\n    loginSuccess(token, userInfo) {\n        \/\/ \ud83d\udddd\ufe0f \u6838\u5fc3\uff1a\u628a Token \u5b58\u8d77\u6765\uff01\n        localStorage.setItem('auth_token', token);\n        localStorage.setItem('user_info', JSON.stringify(userInfo));\n\n        \/\/ \u5237\u65b0\u9875\u9762\uff0c\u8ba9 UI \u6839\u636e\u65b0\u72b6\u6001\u91cd\u65b0\u6e32\u67d3\n        location.reload();\n    },\n\n    \/\/ \u9000\u51fa\u767b\u5f55\n    logout() {\n        \/\/ \u9500\u6bc1 Token\n        localStorage.removeItem('auth_token');\n        location.reload();\n    }\n};<\/code><\/pre>\n<h3>2. \u53d1\u8d77\u5e26\u6743\u7684\u8bf7\u6c42 (Fetch Wrapper)<\/h3>\n<p>\u8fd9\u662f\u6700\u5173\u952e\u7684\u4e00\u6b65\u3002\u5f53\u6211\u4eec\u8c03\u7528\u540e\u7aef\u7684 <code>\/admin<\/code> \u63a5\u53e3\u65f6\uff0c\u5fc5\u987b<strong>\u624b\u52a8<\/strong>\u628a Token \u585e\u8fdb Header \u91cc\u3002<\/p>\n<pre><code class=\"lang-javascript language-javascript javascript\">async function deleteArticle(id) {\n    const token = localStorage.getItem('auth_token');\n\n    \/\/ \u5982\u679c\u6ca1\u6709 Token\uff0c\u76f4\u63a5\u5728\u8fd9\u91cc\u62e6\u622a\uff0c\u7701\u53bb\u4e00\u6b21\u7f51\u7edc\u8bf7\u6c42\n    if (!token) {\n        alert(&quot;\u8bf7\u5148\u767b\u5f55\uff01&quot;);\n        return;\n    }\n\n    const response = await fetch(`\/admin\/posts\/${id}`, {\n        method: 'DELETE',\n        headers: {\n            'Content-Type': 'application\/json',\n            \/\/ \ud83d\udddd\ufe0f \u6838\u5fc3\uff1a\u51fa\u793a\u901a\u884c\u8bc1\uff01\u540d\u5b57\u8981\u548c\u540e\u7aef GetHeader \u91cc\u7684\u4fdd\u6301\u4e00\u81f4\n            'Authorization': token \n        }\n    });\n\n    if (response.status === 401) {\n        \/\/ \u5bb9\u9519\u5904\u7406\uff1a\u6bd4\u5982 Token \u8fc7\u671f\u4e86\uff0c\u6216\u8005\u88ab\u540e\u7aef\u6539\u4e86\u5bc6\u7801\n        alert(&quot;\u767b\u5f55\u5931\u6548\uff0c\u8bf7\u91cd\u65b0\u767b\u5f55&quot;);\n        UserModule.logout();\n    }\n}<\/code><\/pre>\n<h3>3. UI \u4ea4\u4e92\uff1aQ\u5f39\u7684\u9519\u8bef\u53cd\u9988<\/h3>\n<p>\u5f53\u7528\u6237\u8f93\u9519\u5bc6\u7801\u65f6\uff0c\u4e0d\u8981\u53ea\u5f39\u4e00\u4e2a\u51b0\u51b7\u7684 <code>alert<\/code>\u3002\u6211\u4eec\u7528 CSS \u52a8\u753b\u6a21\u62df\u4e00\u4e2a\u201c\u6447\u5934\u201d\u7684\u52a8\u4f5c\uff0c\u8fd9\u4f1a\u8ba9\u7f51\u9875\u611f\u89c9\u66f4\u6709\u751f\u547d\u529b\u3002<\/p>\n<p><strong>CSS (login.css):<\/strong>\n\u5229\u7528 <code>cubic-bezier<\/code> \u8d1d\u585e\u5c14\u66f2\u7ebf\uff0c\u5b9e\u73b0\u4e00\u79cd\u5bcc\u6709\u5f39\u6027\u7684\u6296\u52a8\u3002<\/p>\n<pre><code class=\"lang-css language-css css\">@keyframes shake {\n    0%, 100% { transform: translateX(0); }\n    20%, 60% { transform: translateX(-10px); } \/* \u5411\u5de6\u731b\u7529 *\/\n    40%, 80% { transform: translateX(10px); }  \/* \u5411\u53f3\u731b\u7529 *\/\n}\n\n\/* \u6fc0\u6d3b\u8fd9\u4e2a\u7c7b\u540d\u65f6\uff0c\u6267\u884c 0.5\u79d2 \u7684\u52a8\u753b *\/\n.login-box.shake {\n    animation: shake 0.5s cubic-bezier(.36,.07,.19,.97) both;\n}<\/code><\/pre>\n<p><strong>JS \u8c03\u7528:<\/strong><\/p>\n<pre><code class=\"lang-javascript language-javascript javascript\">if (!response.ok) {\n    \/\/ \u6dfb\u52a0\u7c7b\u540d\u89e6\u53d1\u52a8\u753b\n    loginBox.classList.add('shake');\n\n    \/\/ 500ms \u52a8\u753b\u7ed3\u675f\u540e\uff0c\u79fb\u9664\u7c7b\u540d\uff0c\u4ee5\u4fbf\u4e0b\u6b21\u8fd8\u80fd\u89e6\u53d1\n    setTimeout(() =&gt; {\n        loginBox.classList.remove('shake');\n    }, 500);\n}<\/code><\/pre>\n<hr \/>\n<h2>\u7b2c\u56db\u7ae0\uff1a\u5b89\u5168\u6027\u53cd\u601d (Production Note)<\/h2>\n<p>\u5199\u5230\u8fd9\u91cc\uff0c\u6211\u4eec\u5df2\u7ecf\u5b8c\u6210\u4e86\u4e00\u4e2a\u529f\u80fd\u95ed\u73af\u3002\u4f46\u4f5c\u4e3a\u4e00\u4e2a\u6709\u8ffd\u6c42\u7684\u5f00\u53d1\u8005\uff0c\u5fc5\u987b\u8bda\u5b9e\u5730\u6307\u51fa\u5f53\u524d\u5b9e\u73b0\u7684\u5c40\u9650\u6027\u3002<\/p>\n<p>\u5982\u679c\u8fd9\u662f\u5728\u516c\u53f8\u7ea7\u7684\u751f\u4ea7\u73af\u5883\uff0c\u6211\u4eec\u9700\u8981\u505a\u4ee5\u4e0b\u5347\u7ea7\uff1a<\/p>\n<ol>\n<li><strong>\u62d2\u7edd\u660e\u6587\u4f20\u8f93<\/strong>\uff1aToken \u548c\u5bc6\u7801\u76ee\u524d\u662f\u5728 HTTP \u88f8\u5954\u7684\u3002<strong>\u89e3\u51b3\u65b9\u6848<\/strong>\uff1a\u5fc5\u987b\u90e8\u7f72 SSL \u8bc1\u4e66\uff0c\u542f\u7528 <strong>HTTPS<\/strong>\u3002<\/li>\n<li><strong>\u62d2\u7edd\u524d\u7aef\u660e\u6587\u5b58\u50a8<\/strong>\uff1aLocalStorage \u5bb9\u6613\u88ab XSS \u653b\u51fb\u8bfb\u53d6\u3002<strong>\u89e3\u51b3\u65b9\u6848<\/strong>\uff1a\u4f7f\u7528 <code>HttpOnly Cookie<\/code>\uff0c\u8fd9\u6837 JS \u8bfb\u4e0d\u5230\uff0c\u4f46\u6d4f\u89c8\u5668\u53d1\u8bf7\u6c42\u4f1a\u81ea\u52a8\u5e26\u4e0a\u3002<\/li>\n<li><strong>Token \u65f6\u6548\u6027<\/strong>\uff1a\u76ee\u524d\u7684 Token \u662f\u6c38\u4e45\u6709\u6548\u7684\u3002<strong>\u89e3\u51b3\u65b9\u6848<\/strong>\uff1a\u5f15\u5165 <strong>JWT (JSON Web Token)<\/strong>\uff0c\u8bbe\u7f6e <code>exp<\/code> (\u8fc7\u671f\u65f6\u95f4) \u5b57\u6bb5\u3002<\/li>\n<li><strong>\u5bc6\u7801\u5b58\u50a8<\/strong>\uff1a\u540e\u7aef\u4e0d\u5e94\u660e\u6587\u6bd4\u5bf9\u5bc6\u7801\u3002<strong>\u89e3\u51b3\u65b9\u6848<\/strong>\uff1a\u6570\u636e\u5e93\u5b58\u50a8\u5bc6\u7801\u7684\u54c8\u5e0c\u503c\uff08\u5982 bcrypt\uff09\uff0c\u6bd4\u5bf9\u65f6\u4f7f\u7528 <code>bcrypt.CompareHashAndPassword<\/code>\u3002<\/li>\n<\/ol>\n<h2>\u7b2c\u4e94\u7ae0\uff1ademo\u5c55\u793a<\/h2>\n<p>\u4f60\u53ef\u4ee5\u5728\u81ea\u5df1\u7684\u7535\u8111\u4e0a\u5c1d\u8bd5\u8fd0\u884c\u4ee5\u4e0b\u4ee3\u7801<\/p>\n<h3>\u9879\u76ee\u7ed3\u6784<\/h3>\n<pre><code class=\"lang-text language-text text\">demo\/\n\u251c\u2500\u2500 main.go        # \u540e\u7aef\uff1a\u8d1f\u8d23\u9274\u6743\u548c API\n\u2514\u2500\u2500 index.html     # \u524d\u7aef\uff1a\u5305\u542b\u9875\u9762\u3001\u6837\u5f0f\u548c JS \u903b\u8f91<\/code><\/pre>\n<h3>1. \u540e\u7aef\u4ee3\u7801 (<code>main.go<\/code>)<\/h3>\n<blockquote>\n<p>\u8fd9\u91cc\u5c55\u793a\u4e86\u4e2d\u95f4\u4ef6\u62e6\u622a\u548c Token \u9a8c\u8bc1\u7684\u6838\u5fc3\u903b\u8f91\u3002<\/p>\n<\/blockquote>\n<pre><code class=\"lang-go language-go go\">package main\n\nimport (\n    &quot;net\/http&quot;\n    &quot;github.com\/gin-gonic\/gin&quot;\n)\n\n\/\/ \ud83d\udd10 \u914d\u7f6e\u4e0a\u5e1d\u5bc6\u7801 (\u5b9e\u9645\u5f00\u53d1\u8bf7\u7528\u73af\u5883\u53d8\u91cf)\nconst APP_PASSWORD = &quot;miku&quot;\n\nfunc main() {\n    r := gin.Default()\n\n    \/\/ 1. \u9759\u6001\u6587\u4ef6\u670d\u52a1 (\u7528\u6765\u5c55\u793a\u524d\u7aef\u9875\u9762)\n    r.LoadHTMLFiles(&quot;index.html&quot;)\n    r.GET(&quot;\/&quot;, func(c *gin.Context) {\n        c.HTML(200, &quot;index.html&quot;, nil)\n    })\n\n    \/\/ 2. \u767b\u5f55\u63a5\u53e3 (\u516c\u5f00)\n    r.POST(&quot;\/api\/login&quot;, func(c *gin.Context) {\n        var json struct {\n            Password string `json:&quot;password&quot;`\n        }\n        if c.ShouldBindJSON(&amp;json) == nil &amp;&amp; json.Password == APP_PASSWORD {\n            \/\/ \u767b\u5f55\u6210\u529f\uff0c\u76f4\u63a5\u628a\u5bc6\u7801\u5f53\u4f5c Token \u8fd4\u56de (\u7b80\u5316\u6f14\u793a)\n            c.JSON(200, gin.H{\n                &quot;token&quot;: APP_PASSWORD,\n                &quot;msg&quot;:   &quot;\u6b22\u8fce\u56de\u6765\uff0c\u4e3b\u4eba\uff01&quot;,\n            })\n        } else {\n            c.JSON(401, gin.H{&quot;error&quot;: &quot;\u5bc6\u7801\u9519\u8bef\u55b5\uff01&quot;})\n        }\n    })\n\n    \/\/ 3. \u9700\u8981\u6743\u9650\u7684\u63a5\u53e3\u7ec4\n    admin := r.Group(&quot;\/admin&quot;)\n    admin.Use(AuthMiddleware()) \/\/ \ud83d\udee1\ufe0f \u6302\u8f7d\u9274\u6743\u4e2d\u95f4\u4ef6\n    {\n        admin.POST(&quot;\/delete&quot;, func(c *gin.Context) {\n            c.JSON(200, gin.H{&quot;status&quot;: &quot;success&quot;, &quot;data&quot;: &quot;\u6587\u7ae0\u5df2\u5220\u9664\uff01&quot;})\n        })\n    }\n\n    r.Run(&quot;:8080&quot;)\n}\n\n\/\/ \ud83d\udee1\ufe0f \u6838\u5fc3\u4e2d\u95f4\u4ef6\uff1a\u68c0\u67e5\u8bf7\u6c42\u5934\u91cc\u6709\u6ca1\u6709 Token\nfunc AuthMiddleware() gin.HandlerFunc {\n    return func(c *gin.Context) {\n        token := c.GetHeader(&quot;Authorization&quot;)\n\n        if token != APP_PASSWORD {\n            \/\/ \ud83d\udeab \u62e6\u622a\u8bf7\u6c42\uff0c\u4e0d\u518d\u5f80\u4e0b\u6267\u884c\n            c.AbortWithStatusJSON(401, gin.H{&quot;error&quot;: &quot;\u65e0\u6743\u8bbf\u95ee\uff0c\u8bf7\u5148\u767b\u5f55\uff01&quot;})\n            return\n        }\n\n        \/\/ \u2705 \u653e\u884c\n        c.Next()\n    }\n}<\/code><\/pre>\n<hr \/>\n<h3>2. \u524d\u7aef\u4ee3\u7801 (<code>index.html<\/code>)<\/h3>\n<pre><code class=\"lang-html language-html html\">&lt;!DOCTYPE html&gt;\n&lt;html lang=&quot;zh-CN&quot;&gt;\n&lt;head&gt;\n    &lt;meta charset=&quot;UTF-8&quot;&gt;\n\n&lt;title&gt;Mikuweb \u9274\u6743\u6f14\u793a&lt;\/title&gt;\n\n&lt;style&gt;\n        \/* \u2728 \u7b80\u5355\u7684\u5c45\u4e2d\u6837\u5f0f *\/\n        body {\n            font-family: sans-serif;\n            background: #f0f2f5;\n            display: flex;\n            justify-content: center;\n            align-items: center;\n            height: 100vh;\n        }\n        .card {\n            background: white;\n            padding: 2rem;\n            border-radius: 16px;\n            box-shadow: 0 4px 12px rgba(0,0,0,0.1);\n            text-align: center;\n            width: 300px;\n        }\n        input, button {\n            width: 100%;\n            margin-top: 10px;\n            padding: 10px;\n            box-sizing: border-box;\n        }\n        \/* \ud83d\udd34 \u6838\u5fc3\uff1a\u9519\u8bef\u65f6\u7684\u6296\u52a8\u52a8\u753b *\/\n        .shake {\n            animation: shake 0.5s cubic-bezier(.36,.07,.19,.97) both;\n        }\n        @keyframes shake {\n            10%, 90% { transform: translate3d(-1px, 0, 0); }\n            20%, 80% { transform: translate3d(2px, 0, 0); }\n            30%, 50%, 70% { transform: translate3d(-4px, 0, 0); }\n            40%, 60% { transform: translate3d(4px, 0, 0); }\n        }\n    &lt;\/style&gt;\n&lt;\/head&gt;\n&lt;body&gt;\n\n&lt;div class=&quot;card&quot; id=&quot;login-box&quot;&gt;\n\n&lt;h2&gt;\ud83d\udd10 \u8bf7\u767b\u5f55&lt;\/h2&gt;\n    &lt;input type=&quot;password&quot; id=&quot;password&quot; placeholder=&quot;\u8f93\u5165 miku \u8bd5\u8bd5&quot;&gt;\n    &lt;button onclick=&quot;handleLogin()&quot;&gt;\u767b\u5f55&lt;\/button&gt;\n&lt;\/div&gt;\n\n&lt;div class=&quot;card&quot; id=&quot;admin-box&quot; style=&quot;display: none;&quot;&gt;\n\n&lt;h2&gt;\ud83d\udc4b \u7ba1\u7406\u5458\u6a21\u5f0f&lt;\/h2&gt;\n\n&lt;p&gt;Token \u5df2\u4fdd\u5b58\u5230 LocalStorage&lt;\/p&gt;\n    &lt;button onclick=&quot;sensitiveAction()&quot;&gt;\ud83d\uddd1\ufe0f \u6d4b\u8bd5\u5220\u9664\u6587\u7ae0&lt;\/button&gt;\n    &lt;button onclick=&quot;logout()&quot; style=&quot;background: #ff4757; color: white;&quot;&gt;\u9000\u51fa\u767b\u5f55&lt;\/button&gt;\n&lt;\/div&gt;\n\n&lt;script&gt;\n    \/\/ \ud83d\udd04 \u9875\u9762\u52a0\u8f7d\u65f6\u68c0\u67e5\u72b6\u6001\n    const token = localStorage.getItem('auth_token');\n    if (token) toggleView(true);\n\n    \/\/ 1\ufe0f\u20e3 \u767b\u5f55\u903b\u8f91\n    async function handleLogin() {\n        const pwd = document.getElementById('password').value;\n        const box = document.getElementById('login-box');\n\n        const res = await fetch('\/api\/login', {\n            method: 'POST',\n            headers: {'Content-Type': 'application\/json'},\n            body: JSON.stringify({ password: pwd })\n        });\n\n        if (res.ok) {\n            const data = await res.json();\n            localStorage.setItem('auth_token', data.token); \/\/ \u4fdd\u5b58 Token\n            toggleView(true);\n            alert(data.msg);\n        } else {\n            \/\/ \u274c \u89e6\u53d1\u6296\u52a8\u52a8\u753b\n            box.classList.remove('shake'); \/\/ \u91cd\u7f6e\u52a8\u753b\n            void box.offsetWidth;          \/\/ \u5f3a\u5236\u91cd\u7ed8\n            box.classList.add('shake');    \/\/ \u518d\u6b21\u6dfb\u52a0\n        }\n    }\n\n    \/\/ 2\ufe0f\u20e3 \u654f\u611f\u64cd\u4f5c (\u5e26 Token \u8bf7\u6c42)\n    async function sensitiveAction() {\n        const res = await fetch('\/admin\/delete', {\n            method: 'POST',\n            headers: {\n                \/\/ \ud83d\udddd\ufe0f \u6838\u5fc3\uff1a\u628a Token \u4eae\u7ed9\u540e\u7aef\u770b\n                'Authorization': localStorage.getItem('auth_token')\n            }\n        });\n\n        if (res.status === 401) {\n            alert(&quot;Token \u5931\u6548\uff0c\u8bf7\u91cd\u65b0\u767b\u5f55\uff01&quot;);\n            logout();\n        } else {\n            const data = await res.json();\n            alert(&quot;\u64cd\u4f5c\u6210\u529f\uff1a&quot; + data.data);\n        }\n    }\n\n    \/\/ 3\ufe0f\u20e3 \u8f85\u52a9\u529f\u80fd\n    function logout() {\n        localStorage.removeItem('auth_token');\n        location.reload();\n    }\n\n    function toggleView(isLoggedIn) {\n        document.getElementById('login-box').style.display = isLoggedIn ? 'none' : 'block';\n        document.getElementById('admin-box').style.display = isLoggedIn ? 'block' : 'none';\n    }\n&lt;\/script&gt;\n&lt;\/body&gt;\n&lt;\/html&gt;<\/code><\/pre>\n<hr \/>\n<h2>\u603b\u7ed3<\/h2>\n<p>\u901a\u8fc7\u624b\u6413\u8fd9\u5957\u7cfb\u7edf\uff0c\u6211\u4eec\u5b9e\u9645\u4e0a\u590d\u4e60\u4e86 Web \u5f00\u53d1\u4e2d\u6700\u91cd\u8981\u7684\u51e0\u4e2a\u6982\u5ff5\uff1a<\/p>\n<ul>\n<li><strong>\u4e2d\u95f4\u4ef6\u6a21\u5f0f<\/strong>\uff1a\u5982\u4f55\u89e3\u8026\u4e1a\u52a1\u4e0e\u9274\u6743\u3002<\/li>\n<li><strong>RESTful \u89c4\u8303<\/strong>\uff1a\u5229\u7528 Header \u4f20\u9012\u5143\u6570\u636e\u3002<\/li>\n<li><strong>\u72b6\u6001\u7ba1\u7406<\/strong>\uff1a\u524d\u7aef\u5982\u4f55\u5229\u7528 Storage \u7ef4\u6301\u4f1a\u8bdd\u3002<\/li>\n<li><strong>\u4ea4\u4e92\u7ec6\u8282<\/strong>\uff1a\u5982\u4f55\u7528 CSS \u63d0\u5347\u7528\u6237\u4f53\u9a8c\u3002<\/li>\n<\/ul>\n<p>\u54ea\u6015\u662f\u6700\u7b80\u5355\u7684\u201c\u5355\u5bc6\u7801\u201d\u7cfb\u7edf\uff0c\u53ea\u8981\u7528\u5fc3\u96d5\u7422\uff0c\u4e5f\u80fd\u6210\u4e3a\u4f60\u6280\u672f\u6808\u4e2d\u95ea\u5149\u7684\u4e00\u73af\u3002<\/p>","protected":false},"excerpt":{"rendered":"<p>\u5728\u73b0\u5728\u7684 Web \u5f00\u53d1\u4e2d\uff0c\u6211\u4eec\u592a\u4e60\u60ef\u4e8e\u4f9d\u8d56\u73b0\u6210\u7684\u5e93\u4e86\uff1a\u524d\u7aef\u7528 Auth0\uff0c\u540e\u7aef\u7528 Passport.js\u3002\u4f46\u5982\u679c\u5265\u53bb\u8fd9\u4e9b\u5c42\u5c42\u5c01\u88c5\uff0c &#8230;<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"emotion":"","emotion_color":"","title_style":"","license":"","footnotes":""},"categories":[23],"tags":[],"class_list":["post-231","post","type-post","status-publish","format-standard","hentry","category-web"],"_links":{"self":[{"href":"https:\/\/caoxunyi.cn\/index.php\/wp-json\/wp\/v2\/posts\/231","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/caoxunyi.cn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/caoxunyi.cn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/caoxunyi.cn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/caoxunyi.cn\/index.php\/wp-json\/wp\/v2\/comments?post=231"}],"version-history":[{"count":1,"href":"https:\/\/caoxunyi.cn\/index.php\/wp-json\/wp\/v2\/posts\/231\/revisions"}],"predecessor-version":[{"id":232,"href":"https:\/\/caoxunyi.cn\/index.php\/wp-json\/wp\/v2\/posts\/231\/revisions\/232"}],"wp:attachment":[{"href":"https:\/\/caoxunyi.cn\/index.php\/wp-json\/wp\/v2\/media?parent=231"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/caoxunyi.cn\/index.php\/wp-json\/wp\/v2\/categories?post=231"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/caoxunyi.cn\/index.php\/wp-json\/wp\/v2\/tags?post=231"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}