feat: jwt util

copierutil/converters.go

@@ -42,7 +42,27 @@ var TimestamppbToTimeConverter = copier.TypeConverter{
 	},
 }
 
-func MakeTypeConverter(srcType, dstType interface{}, fn func(src interface{}) (interface{}, error)) copier.TypeConverter {
+func NewTimeStringConverterPair() []copier.TypeConverter {
+	srcType := &time.Time{}
+	dstType := trans.Ptr("")
+
+	fromFn := timeutil.TimeToTimeString
+	toFn := timeutil.StringTimeToTime
+
+	return NewGenericTypeConverterPair(srcType, dstType, fromFn, toFn)
+}
+
+func NewTimeTimestamppbConverterPair() []copier.TypeConverter {
+	srcType := &time.Time{}
+	dstType := &timestamppb.Timestamp{}
+
+	fromFn := timeutil.TimeToTimestamppb
+	toFn := timeutil.TimestamppbToTime
+
+	return NewGenericTypeConverterPair(srcType, dstType, fromFn, toFn)
+}
+
+func NewTypeConverter(srcType, dstType interface{}, fn func(src interface{}) (interface{}, error)) copier.TypeConverter {
 	return copier.TypeConverter{
 		SrcType: srcType,
 		DstType: dstType,
@@ -50,7 +70,7 @@ func MakeTypeConverter(srcType, dstType interface{}, fn func(src interface{}) (i
 	}
 }
 
-func MakeTypeConverterPair(srcType, dstType interface{}, fromFn, toFn func(src interface{}) (interface{}, error)) []copier.TypeConverter {
+func NewTypeConverterPair(srcType, dstType interface{}, fromFn, toFn func(src interface{}) (interface{}, error)) []copier.TypeConverter {
 	return []copier.TypeConverter{
 		{
 			SrcType: srcType,
@@ -65,7 +85,7 @@ func MakeTypeConverterPair(srcType, dstType interface{}, fromFn, toFn func(src i
 	}
 }
 
-func MakeGenericTypeConverterPair[A interface{}, B interface{}](srcType A, dstType B, fromFn func(src A) B, toFn func(src B) A) []copier.TypeConverter {
+func NewGenericTypeConverterPair[A interface{}, B interface{}](srcType A, dstType B, fromFn func(src A) B, toFn func(src B) A) []copier.TypeConverter {
 	return []copier.TypeConverter{
 		{
 			SrcType: srcType,
@@ -84,7 +104,7 @@ func MakeGenericTypeConverterPair[A interface{}, B interface{}](srcType A, dstTy
 	}
 }
 
-func MakeErrorHandlingTypeConverterPair[A interface{}, B interface{}](srcType A, dstType B, fromFn func(src A) (B, error), toFn func(src B) (A, error)) []copier.TypeConverter {
+func NewErrorHandlingGenericTypeConverterPair[A interface{}, B interface{}](srcType A, dstType B, fromFn func(src A) (B, error), toFn func(src B) (A, error)) []copier.TypeConverter {
 	return []copier.TypeConverter{
 		{
 			SrcType: srcType,

copierutil/converters_test.go

@@ -4,35 +4,33 @@ import (
 	"testing"
 	"time"
 
+	"github.com/stretchr/testify/assert"
+	"google.golang.org/protobuf/types/known/timestamppb"
+
 	"github.com/tx7do/go-utils/timeutil"
 	"github.com/tx7do/go-utils/trans"
 )
 
-func TestMakeTypeConverter(t *testing.T) {
+func TestNewTypeConverter(t *testing.T) {
 	srcType := &time.Time{}
 	dstType := trans.Ptr("")
 	fn := func(src interface{}) (interface{}, error) {
 		return timeutil.TimeToTimeString(src.(*time.Time)), nil
 	}
 
-	converter := MakeTypeConverter(srcType, dstType, fn)
+	converter := NewTypeConverter(srcType, dstType, fn)
 
 	// 验证转换器的类型
-	if converter.SrcType != srcType || converter.DstType != dstType {
-		t.Errorf("converter types mismatch")
-	}
+	assert.IsType(t, srcType, converter.SrcType)
+	assert.IsType(t, dstType, converter.DstType)
 
 	// 验证转换器的功能
 	result, err := converter.Fn(&time.Time{})
-	if err != nil {
-		t.Errorf("converter function failed: %v", err)
-	}
-	if _, ok := result.(*string); !ok {
-		t.Errorf("converter result type mismatch")
-	}
+	assert.NoError(t, err)
+	assert.IsType(t, dstType, result)
 }
 
-func TestMakeTypeConverterPair(t *testing.T) {
+func TestNewTypeConverterPair(t *testing.T) {
 	srcType := &time.Time{}
 	dstType := trans.Ptr("")
 	fromFn := func(src interface{}) (interface{}, error) {
@@ -42,75 +40,49 @@ func TestMakeTypeConverterPair(t *testing.T) {
 		return timeutil.StringTimeToTime(src.(*string)), nil
 	}
 
-	converters := MakeTypeConverterPair(srcType, dstType, fromFn, toFn)
-
-	if len(converters) != 2 {
-		t.Fatalf("expected 2 converters, got %d", len(converters))
-	}
+	converters := NewTypeConverterPair(srcType, dstType, fromFn, toFn)
+	assert.Len(t, converters, 2, "expected 2 converters")
 
 	// 验证第一个转换器
-	if converters[0].SrcType != srcType || converters[0].DstType != dstType {
-		t.Errorf("first converter types mismatch")
-	}
+	assert.IsType(t, srcType, converters[0].SrcType)
+	assert.IsType(t, dstType, converters[0].DstType)
 	result, err := converters[0].Fn(&time.Time{})
-	if err != nil {
-		t.Errorf("first converter function failed: %v", err)
-	}
-	if _, ok := result.(*string); !ok {
-		t.Errorf("first converter result type mismatch")
-	}
+	assert.NoError(t, err)
+	assert.IsType(t, dstType, result)
 
 	// 验证第二个转换器
-	if converters[1].SrcType != dstType || converters[1].DstType != srcType {
-		t.Errorf("second converter types mismatch")
-	}
+	assert.IsType(t, dstType, converters[1].SrcType)
+	assert.IsType(t, srcType, converters[1].DstType)
 	result, err = converters[1].Fn(trans.Ptr(""))
-	if err != nil {
-		t.Errorf("second converter function failed: %v", err)
-	}
-	if _, ok := result.(*time.Time); !ok {
-		t.Errorf("second converter result type mismatch")
-	}
+	assert.NoError(t, err)
+	assert.IsType(t, srcType, result)
 }
 
-func TestMakeGenericTypeConverterPair(t *testing.T) {
+func TestNewGenericTypeConverterPair(t *testing.T) {
 	srcType := &time.Time{}
 	dstType := trans.Ptr("")
 	fromFn := timeutil.TimeToTimeString
 	toFn := timeutil.StringTimeToTime
 
-	converters := MakeGenericTypeConverterPair(srcType, dstType, fromFn, toFn)
-
-	if len(converters) != 2 {
-		t.Fatalf("expected 2 converters, got %d", len(converters))
-	}
+	converters := NewGenericTypeConverterPair(srcType, dstType, fromFn, toFn)
+	assert.Len(t, converters, 2, "expected 2 converters")
 
 	// 验证第一个转换器
-	if converters[0].SrcType != srcType || converters[0].DstType != dstType {
-		t.Errorf("first converter types mismatch")
-	}
+	assert.IsType(t, srcType, converters[0].SrcType)
+	assert.IsType(t, dstType, converters[0].DstType)
 	result, err := converters[0].Fn(&time.Time{})
-	if err != nil {
-		t.Errorf("first converter function failed: %v", err)
-	}
-	if _, ok := result.(*string); !ok {
-		t.Errorf("first converter result type mismatch")
-	}
+	assert.NoError(t, err)
+	assert.IsType(t, dstType, result)
 
 	// 验证第二个转换器
-	if converters[1].SrcType != dstType || converters[1].DstType != srcType {
-		t.Errorf("second converter types mismatch")
-	}
+	assert.IsType(t, dstType, converters[1].SrcType)
+	assert.IsType(t, srcType, converters[1].DstType)
 	result, err = converters[1].Fn(trans.Ptr(""))
-	if err != nil {
-		t.Errorf("second converter function failed: %v", err)
-	}
-	if _, ok := result.(*time.Time); !ok {
-		t.Errorf("second converter result type mismatch")
-	}
+	assert.NoError(t, err)
+	assert.IsType(t, srcType, result)
 }
 
-func TestMakeErrorHandlingTypeConverterPair(t *testing.T) {
+func TestNewErrorHandlingGenericTypeConverterPair(t *testing.T) {
 	srcType := &time.Time{}
 	dstType := trans.Ptr("")
 	fromFn := func(src *time.Time) (*string, error) {
@@ -120,33 +92,62 @@ func TestMakeErrorHandlingTypeConverterPair(t *testing.T) {
 		return timeutil.StringTimeToTime(src), nil
 	}
 
-	converters := MakeErrorHandlingTypeConverterPair(srcType, dstType, fromFn, toFn)
-
-	if len(converters) != 2 {
-		t.Fatalf("expected 2 converters, got %d", len(converters))
-	}
+	converters := NewErrorHandlingGenericTypeConverterPair(srcType, dstType, fromFn, toFn)
+	assert.Len(t, converters, 2, "expected 2 converters")
 
 	// 验证第一个转换器
-	if converters[0].SrcType != srcType || converters[0].DstType != dstType {
-		t.Errorf("first converter types mismatch")
-	}
+	assert.IsType(t, srcType, converters[0].SrcType)
+	assert.IsType(t, dstType, converters[0].DstType)
 	result, err := converters[0].Fn(&time.Time{})
-	if err != nil {
-		t.Errorf("first converter function failed: %v", err)
-	}
-	if _, ok := result.(*string); !ok {
-		t.Errorf("first converter result type mismatch")
-	}
+	assert.NoError(t, err)
+	assert.IsType(t, dstType, result)
 
 	// 验证第二个转换器
-	if converters[1].SrcType != dstType || converters[1].DstType != srcType {
-		t.Errorf("second converter types mismatch")
-	}
+	assert.IsType(t, dstType, converters[1].SrcType)
+	assert.IsType(t, srcType, converters[1].DstType)
 	result, err = converters[1].Fn(trans.Ptr(""))
-	if err != nil {
-		t.Errorf("second converter function failed: %v", err)
+	assert.NoError(t, err)
+	assert.IsType(t, srcType, result)
 }
-	if _, ok := result.(*time.Time); !ok {
-		t.Errorf("second converter result type mismatch")
+
+func TestNewTimeStringConverterPair(t *testing.T) {
+	converters := NewTimeStringConverterPair()
+	assert.Len(t, converters, 2, "expected 2 converters")
+
+	// 验证第一个转换器
+	srcType := &time.Time{}
+	dstType := trans.Ptr("")
+	assert.IsType(t, srcType, converters[0].SrcType)
+	assert.IsType(t, dstType, converters[0].DstType)
+	result, err := converters[0].Fn(&time.Time{})
+	assert.NoError(t, err)
+	assert.IsType(t, dstType, result)
+
+	// 验证第二个转换器
+	assert.IsType(t, dstType, converters[1].SrcType)
+	assert.IsType(t, srcType, converters[1].DstType)
+	result, err = converters[1].Fn(trans.Ptr(""))
+	assert.NoError(t, err)
+	assert.IsType(t, srcType, result)
 }
+
+func TestNewTimeTimestamppbConverterPair(t *testing.T) {
+	converters := NewTimeTimestamppbConverterPair()
+	assert.Len(t, converters, 2, "expected 2 converters")
+
+	// 验证第一个转换器
+	srcType := &time.Time{}
+	dstType := &timestamppb.Timestamp{}
+	assert.IsType(t, srcType, converters[0].SrcType)
+	assert.IsType(t, dstType, converters[0].DstType)
+	result, err := converters[0].Fn(&time.Time{})
+	assert.NoError(t, err)
+	assert.IsType(t, dstType, result)
+
+	// 验证第二个转换器
+	assert.IsType(t, dstType, converters[1].SrcType)
+	assert.IsType(t, srcType, converters[1].DstType)
+	result, err = converters[1].Fn(&timestamppb.Timestamp{})
+	assert.NoError(t, err)
+	assert.IsType(t, srcType, result)
 }

copierutil/go.mod

@@ -9,6 +9,16 @@ require (
 	github.com/tx7do/go-utils v1.1.22
 )
 
-require google.golang.org/protobuf v1.36.6
+require (
+	github.com/stretchr/testify v1.10.0
+	google.golang.org/protobuf v1.36.6
+)
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/kr/text v0.2.0 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)
 
 replace github.com/tx7do/go-utils => ../

copierutil/go.sum

@@ -1,16 +1,26 @@
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
 github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
 google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

jwtutil/go.mod

@@ -0,0 +1,21 @@
+module github.com/tx7do/go-utils/jwtutil
+
+go 1.23.0
+
+toolchain go1.24.1
+
+require (
+	github.com/go-kratos/kratos/v2 v2.8.4
+	github.com/golang-jwt/jwt/v5 v5.1.0
+	github.com/stretchr/testify v1.10.0
+)
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/kr/text v0.2.0 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)
+
+replace github.com/tx7do/go-utils => ../

jwtutil/go.sum

@@ -0,0 +1,28 @@
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/go-kratos/kratos/v2 v2.8.4 h1:eIJLE9Qq9WSoKx+Buy2uPyrahtF/lPh+Xf4MTpxhmjs=
+github.com/go-kratos/kratos/v2 v2.8.4/go.mod h1:mq62W2101a5uYyRxe+7IdWubu7gZCGYqSNKwGFiiRcw=
+github.com/golang-jwt/jwt/v5 v5.1.0 h1:UGKbA/IPjtS6zLcdB7i5TyACMgSbOTiR8qzXgw8HWQU=
+github.com/golang-jwt/jwt/v5 v5.1.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
+github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

jwtutil/jwt.go

@@ -0,0 +1,355 @@
+package jwtutil
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/go-kratos/kratos/v2/encoding"
+	"github.com/golang-jwt/jwt/v5"
+)
+
+// ParseJWTPayload 使用 github.com/golang-jwt/jwt/v5 从 JWT 中解析出 payload
+func ParseJWTPayload(tokenString string) (jwt.MapClaims, error) {
+	// 不验证签名，仅解析
+	parser := jwt.NewParser(jwt.WithoutClaimsValidation())
+	token, _, err := parser.ParseUnverified(tokenString, jwt.MapClaims{})
+	if err != nil {
+		return nil, err
+	}
+
+	claims, ok := token.Claims.(jwt.MapClaims)
+	if !ok {
+		return nil, fmt.Errorf("invalid token claims")
+	}
+
+	return claims, nil
+}
+
+// ParseJWTClaimsToStruct 解析 JWT 的负载部分，不验证签名，仅解析。
+func ParseJWTClaimsToStruct[T any](tokenString string) (*T, error) {
+	// 不验证签名，仅解析
+	parser := jwt.NewParser(jwt.WithoutClaimsValidation())
+	token, _, err := parser.ParseUnverified(tokenString, jwt.MapClaims{})
+	if err != nil {
+		return nil, err
+	}
+
+	claims, ok := token.Claims.(jwt.MapClaims)
+	if !ok {
+		return nil, fmt.Errorf("invalid token claims")
+	}
+
+	codec := encoding.GetCodec("json")
+
+	// 将 claims 转换为目标类型
+	claimsBytes, err := codec.Marshal(claims)
+	if err != nil {
+		return nil, fmt.Errorf("failed to marshal claims: %v", err)
+	}
+
+	var ret T
+	err = codec.Unmarshal(claimsBytes, &ret)
+	if err != nil {
+		return nil, fmt.Errorf("failed to unmarshal claims: %v", err)
+	}
+
+	return &ret, nil
+}
+
+// VerifyJWT 验证 JWT 的签名
+func VerifyJWT(tokenString string, secretKey []byte) (jwt.MapClaims, error) {
+	// 解析并验证 JWT
+	token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
+		// 确保使用的是 HMAC 签名方法
+		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+			return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
+		}
+		return secretKey, nil
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	// 验证 token 是否有效
+	if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
+		return claims, nil
+	}
+
+	return nil, fmt.Errorf("invalid token")
+}
+
+func GetJWTClaims(tokenString string) (map[string]interface{}, error) {
+	claims, err := ParseJWTPayload(tokenString)
+	if err != nil {
+		return nil, err
+	}
+
+	return claims, nil
+}
+
+// GenerateJWT 生成 JWT
+func GenerateJWT(mapClaims jwt.MapClaims, secretKey []byte, signingMethod jwt.SigningMethod) (string, error) {
+	// 检查密钥是否为空，密钥不能为空，否则会有安全隐患。
+	if len(secretKey) == 0 {
+		return "", fmt.Errorf("secret key cannot be empty")
+	}
+
+	// 创建一个新的 JWT Token
+	token := jwt.NewWithClaims(signingMethod, mapClaims)
+
+	// 使用 HMAC 签名方法签名 token
+	signedToken, err := token.SignedString(secretKey)
+	if err != nil {
+		return "", err
+	}
+
+	return signedToken, nil
+}
+
+// GenerateGenericJWT 生成 JWT
+func GenerateGenericJWT[T any](payload T, secretKey []byte, signingMethod jwt.SigningMethod) (string, error) {
+	// 检查密钥是否为空，密钥不能为空，否则会有安全隐患。
+	if len(secretKey) == 0 {
+		return "", fmt.Errorf("secret key cannot be empty")
+	}
+
+	// 将泛型 payload 转换为 jwt.MapClaims
+	claimsMap, err := ToMapClaims(payload)
+	if err != nil {
+		return "", fmt.Errorf("failed to convert payload to claims: %v", err)
+	}
+
+	// 创建一个新的 JWT Token
+	token := jwt.NewWithClaims(signingMethod, claimsMap)
+
+	// 使用 HMAC 签名方法签名 token
+	signedToken, err := token.SignedString(secretKey)
+	if err != nil {
+		return "", err
+	}
+
+	return signedToken, nil
+}
+
+// ToMapClaims 将泛型 payload 转换为 jwt.MapClaims
+func ToMapClaims[T any](payload T) (jwt.MapClaims, error) {
+	codec := encoding.GetCodec("json")
+
+	payloadBytes, err := codec.Marshal(payload)
+	if err != nil {
+		return nil, err
+	}
+
+	var claims jwt.MapClaims
+	err = codec.Unmarshal(payloadBytes, &claims)
+	if err != nil {
+		return nil, err
+	}
+
+	return claims, nil
+}
+
+// RefreshJWT 刷新JWT
+func RefreshJWT(tokenString string, secretKey []byte, newExpiration time.Time) (string, error) {
+	// 解析 JWT 的 payload
+	claims, err := ParseJWTPayload(tokenString)
+	if err != nil {
+		return "", err
+	}
+
+	// 更新过期时间
+	claims["exp"] = newExpiration.Unix()
+
+	// 生成新的 JWT
+	newToken, err := GenerateJWT(claims, secretKey, jwt.SigningMethodHS256)
+	if err != nil {
+		return "", err
+	}
+
+	return newToken, nil
+}
+
+// GenerateJWTWithHeader 生成带自定义头部的JWT
+func GenerateJWTWithHeader(payload jwt.MapClaims, secretKey []byte, signingMethod jwt.SigningMethod, customHeader map[string]interface{}) (string, error) {
+	// 检查密钥是否为空
+	if len(secretKey) == 0 {
+		return "", fmt.Errorf("secret key cannot be empty")
+	}
+
+	// 创建一个新的 JWT Token
+	token := jwt.NewWithClaims(signingMethod, payload)
+
+	// 添加自定义头部
+	for key, value := range customHeader {
+		token.Header[key] = value
+	}
+
+	// 使用密钥签名生成 JWT
+	signedToken, err := token.SignedString(secretKey)
+	if err != nil {
+		return "", err
+	}
+
+	return signedToken, nil
+}
+
+// ExtractJWTFromRequest 从请求中提取JWT
+func ExtractJWTFromRequest(r *http.Request) (string, error) {
+	// 从 Authorization Header 中提取 JWT
+	authHeader := r.Header.Get("Authorization")
+	if authHeader == "" {
+		return "", fmt.Errorf("authorization header is missing")
+	}
+
+	// 检查是否以 "Bearer " 开头
+	const bearerPrefix = "Bearer "
+	if len(authHeader) <= len(bearerPrefix) || authHeader[:len(bearerPrefix)] != bearerPrefix {
+		return "", fmt.Errorf("invalid authorization header format")
+	}
+
+	// 提取 JWT 部分
+	token := authHeader[len(bearerPrefix):]
+	return token, nil
+}
+
+// GenerateShortLivedJWT 生成短期有效的JWT
+func GenerateShortLivedJWT(payload jwt.MapClaims, secretKey []byte, signingMethod jwt.SigningMethod, duration time.Duration) (string, error) {
+	// 检查密钥是否为空
+	if len(secretKey) == 0 {
+		return "", fmt.Errorf("secret key cannot be empty")
+	}
+
+	// 设置过期时间
+	expirationTime := time.Now().Add(duration).Unix()
+	payload["exp"] = expirationTime
+
+	// 创建一个新的 JWT Token
+	token := jwt.NewWithClaims(signingMethod, payload)
+
+	// 使用密钥签名生成 JWT
+	signedToken, err := token.SignedString(secretKey)
+	if err != nil {
+		return "", err
+	}
+
+	return signedToken, nil
+}
+
+// ValidateJWTAudience 验证JWT受众
+func ValidateJWTAudience(tokenString string, expectedAudience string) (bool, error) {
+	// 解析 JWT 的 payload
+	claims, err := ParseJWTPayload(tokenString)
+	if err != nil {
+		return false, err
+	}
+
+	// 获取 `aud` 字段
+	audience, err := claims.GetAudience()
+	if err != nil {
+		return false, err
+	}
+
+	// 验证 `aud` 是否包含预期值
+	for _, aud := range audience {
+		if aud == expectedAudience {
+			return true, nil
+		}
+	}
+
+	return false, nil
+}
+
+// ValidateJWTAlgorithm 验证JWT算法
+func ValidateJWTAlgorithm(tokenString string, expectedAlgorithm string) (bool, error) {
+	// 使用 jwt.Parser 解析 JWT，不验证签名
+	parser := jwt.NewParser(jwt.WithoutClaimsValidation())
+	token, _, err := parser.ParseUnverified(tokenString, jwt.MapClaims{})
+	if err != nil {
+		return false, err
+	}
+
+	// 获取 `alg` 字段
+	alg, ok := token.Header["alg"].(string)
+	if !ok {
+		return false, fmt.Errorf("invalid or missing algorithm in token header")
+	}
+
+	// 验证算法是否符合预期
+	if alg != expectedAlgorithm {
+		return false, nil
+	}
+
+	return true, nil
+}
+
+// IsJWTExpired 检查JWT是否过期
+func IsJWTExpired(tokenString string) (bool, error) {
+	// 解析 JWT 的 payload
+	claims, err := ParseJWTPayload(tokenString)
+	if err != nil {
+		return false, err
+	}
+
+	// 获取 `exp` 字段
+	exp, err := claims.GetExpirationTime()
+	if err != nil {
+		return false, err
+	}
+
+	// 检查当前时间是否超过 `exp`
+	if time.Now().After(exp.Time) {
+		return true, nil
+	}
+
+	return false, nil
+}
+
+// GetJWTHeader 获取JWT头部
+func GetJWTHeader(tokenString string) (map[string]interface{}, error) {
+	// 使用 jwt.Parser 解析 JWT，不验证签名
+	parser := jwt.NewParser(jwt.WithoutClaimsValidation())
+	token, _, err := parser.ParseUnverified(tokenString, jwt.MapClaims{})
+	if err != nil {
+		return nil, err
+	}
+
+	return token.Header, nil
+}
+
+// ValidateJWTIssuer 验证JWT发行者
+func ValidateJWTIssuer(tokenString string, expectedIssuer string) (bool, error) {
+	// 解析 JWT 的 payload
+	claims, err := ParseJWTPayload(tokenString)
+	if err != nil {
+		return false, err
+	}
+
+	// 获取 `iss` 字段
+	issuer, err := claims.GetIssuer()
+	if err != nil {
+		return false, err
+	}
+
+	// 验证 `iss` 是否符合预期
+	if issuer != expectedIssuer {
+		return false, nil
+	}
+
+	return true, nil
+}
+
+// GetJWTIssuedAt 获取JWT签发时间
+func GetJWTIssuedAt(tokenString string) (*time.Time, error) {
+	claims, err := ParseJWTPayload(tokenString)
+	if err != nil {
+		return nil, err
+	}
+
+	iat, err := claims.GetIssuedAt()
+	if err != nil {
+		return nil, err
+	}
+
+	return &iat.Time, nil
+}

jwtutil/jwt_test.go

@@ -0,0 +1,519 @@
+package jwtutil
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+	"time"
+
+	"github.com/golang-jwt/jwt/v5"
+	"github.com/stretchr/testify/assert"
+
+	_ "github.com/go-kratos/kratos/v2/encoding/json"
+	_ "github.com/go-kratos/kratos/v2/encoding/proto"
+)
+
+func TestParseJWTPayload(t *testing.T) {
+	var secretKey = []byte("secret")
+
+	// 测试有效的 JWT 负载解析
+	token, err := GenerateJWT(jwt.MapClaims{
+		"sub": "userId",
+		"exp": 1672728000,
+	}, secretKey, jwt.SigningMethodHS256)
+	if err != nil {
+		t.Fatalf("failed to create token: %v", err)
+	}
+
+	result, err := ParseJWTPayload(token)
+	assert.NoError(t, err)
+	assert.NotNil(t, result)
+	assert.Equal(t, "userId", result["sub"])
+	assert.Equal(t, float64(1672728000), result["exp"]) // 注意：JSON 解码后数字为 float64
+
+	// 测试无效的 JWT
+	invalidToken := "invalid.token.string"
+	result, err = ParseJWTPayload(invalidToken)
+	assert.Error(t, err)
+	assert.Nil(t, result)
+
+	// 测试空字符串
+	result, err = ParseJWTPayload("")
+	assert.Error(t, err)
+	assert.Nil(t, result)
+}
+
+func TestParseJWTClaimsToStruct(t *testing.T) {
+	// 测试有效的 JWT 负载解析
+	type Payload struct {
+		Sub string `json:"sub"`
+		Exp int64  `json:"exp"`
+	}
+
+	var secretKey = []byte("secret")
+
+	// 验证签名以生成有效的 token
+	token, err := GenerateJWT(jwt.MapClaims{
+		"sub": "userId",
+		"exp": 1672728000,
+	}, secretKey, jwt.SigningMethodHS256)
+	if err != nil {
+		t.Fatalf("failed to create token: %v", err)
+	}
+
+	result, err := ParseJWTClaimsToStruct[Payload](token)
+	assert.NoError(t, err)
+	assert.NotNil(t, result)
+	assert.Equal(t, "userId", result.Sub)
+	assert.Equal(t, int64(1672728000), result.Exp)
+
+	// 测试无效的 JWT
+	invalidToken := "invalid.token.string"
+	result, err = ParseJWTClaimsToStruct[Payload](invalidToken)
+	assert.Error(t, err)
+	assert.Nil(t, result)
+
+	// 测试空字符串
+	result, err = ParseJWTClaimsToStruct[Payload]("")
+	assert.Error(t, err)
+	assert.Nil(t, result)
+}
+
+func TestVerifyJWT(t *testing.T) {
+	// 测试有效的 JWT 验证
+	secretKey := []byte("secret")
+
+	token, err := GenerateJWT(jwt.MapClaims{
+		"sub": "userId",
+	}, secretKey, jwt.SigningMethodHS256)
+	if err != nil {
+		t.Fatalf("failed to create token: %v", err)
+	}
+
+	result, err := VerifyJWT(token, secretKey)
+	assert.NoError(t, err)
+	assert.NotNil(t, result)
+	assert.Equal(t, "userId", result["sub"])
+
+	// 测试无效的签名
+	invalidSecretKey := []byte("invalid_secret")
+	result, err = VerifyJWT(token, invalidSecretKey)
+	assert.Error(t, err)
+	assert.Nil(t, result)
+
+	// 测试无效的 JWT 格式
+	invalidToken := "invalid.token.string"
+	result, err = VerifyJWT(invalidToken, secretKey)
+	assert.Error(t, err)
+	assert.Nil(t, result)
+
+	// 测试空字符串
+	result, err = VerifyJWT("", secretKey)
+	assert.Error(t, err)
+	assert.Nil(t, result)
+}
+
+func TestGenerateGenericJWT(t *testing.T) {
+	// 定义测试用的 payload 和密钥
+	type Payload struct {
+		Sub string `json:"sub"`
+		Exp int64  `json:"exp"`
+	}
+	secretKey := []byte("secret")
+	payload := Payload{
+		Sub: "userId",
+		Exp: 1672728000,
+	}
+
+	// 测试生成有效的 JWT
+	token, err := GenerateGenericJWT(payload, secretKey, jwt.SigningMethodHS256)
+	assert.NoError(t, err)
+	assert.NotEmpty(t, token)
+
+	// 验证生成的 JWT 是否正确
+	parsedPayload, err := ParseJWTClaimsToStruct[Payload](token)
+	assert.NoError(t, err)
+	assert.NotNil(t, parsedPayload)
+	assert.Equal(t, payload.Sub, parsedPayload.Sub)
+	assert.Equal(t, payload.Exp, parsedPayload.Exp)
+
+	// 测试使用空密钥生成 JWT
+	emptySecretKey := []byte("")
+	token, err = GenerateGenericJWT(payload, emptySecretKey, jwt.SigningMethodHS256)
+	assert.Error(t, err)
+	assert.Empty(t, token)
+}
+
+func TestGenerateJWT(t *testing.T) {
+	// 定义测试用的 payload 和密钥
+	payload := jwt.MapClaims{
+		"sub": "userId",
+		"exp": 1672728000,
+	}
+	secretKey := []byte("secret")
+
+	// 测试生成有效的 JWT
+	token, err := GenerateJWT(payload, secretKey, jwt.SigningMethodHS256)
+	assert.NoError(t, err)
+	assert.NotEmpty(t, token)
+
+	// 验证生成的 JWT 是否正确
+	parsedPayload, err := ParseJWTPayload(token)
+	assert.NoError(t, err)
+	assert.NotNil(t, parsedPayload)
+	assert.Equal(t, payload["sub"], parsedPayload["sub"])
+	assert.Equal(t, float64(payload["exp"].(int)), parsedPayload["exp"].(float64)) // 注意：JSON 解码后数字为 float64
+
+	// 测试使用空密钥生成 JWT
+	emptySecretKey := []byte("")
+	token, err = GenerateJWT(payload, emptySecretKey, jwt.SigningMethodHS256)
+	assert.Error(t, err)
+	assert.Empty(t, token)
+}
+
+func TestRefreshJWT(t *testing.T) {
+	secretKey := []byte("secret")
+
+	// 创建一个初始的 JWT
+	originalToken, err := GenerateJWT(jwt.MapClaims{
+		"sub": "userId",
+		"exp": time.Now().Add(1 * time.Hour).Unix(),
+	}, secretKey, jwt.SigningMethodHS256)
+	if err != nil {
+		t.Fatalf("failed to create token: %v", err)
+	}
+
+	// 刷新 JWT，设置新的过期时间
+	newExpiration := time.Now().Add(2 * time.Hour)
+	refreshedToken, err := RefreshJWT(originalToken, secretKey, newExpiration)
+	assert.NoError(t, err)
+	assert.NotEmpty(t, refreshedToken)
+
+	// 验证刷新后的 JWT 是否包含新的过期时间
+	claims, err := ParseJWTPayload(refreshedToken)
+	assert.NoError(t, err)
+	assert.NotNil(t, claims)
+
+	exp, ok := claims["exp"].(float64)
+	assert.True(t, ok)
+	assert.Equal(t, newExpiration.Unix(), int64(exp))
+
+	// 测试无效的 JWT
+	invalidToken := "invalid.token.string"
+	_, err = RefreshJWT(invalidToken, secretKey, newExpiration)
+	assert.Error(t, err)
+
+	// 测试空字符串
+	_, err = RefreshJWT("", secretKey, newExpiration)
+	assert.Error(t, err)
+}
+
+func TestGenerateJWTWithHeader(t *testing.T) {
+	// 定义测试用的 payload、密钥和自定义头部
+	payload := jwt.MapClaims{
+		"sub": "userId",
+		"exp": time.Now().Add(1 * time.Hour).Unix(),
+	}
+	secretKey := []byte("secret")
+	customHeader := map[string]interface{}{
+		"kid": "key-id-123",
+	}
+
+	// 测试生成有效的 JWT
+	token, err := GenerateJWTWithHeader(payload, secretKey, jwt.SigningMethodHS256, customHeader)
+	assert.NoError(t, err)
+	assert.NotEmpty(t, token)
+
+	// 验证生成的 JWT 是否包含自定义头部
+	parser := jwt.NewParser(jwt.WithoutClaimsValidation())
+	parsedToken, _, err := parser.ParseUnverified(token, jwt.MapClaims{})
+	assert.NoError(t, err)
+	assert.NotNil(t, parsedToken)
+
+	// 检查头部是否包含自定义字段
+	assert.Equal(t, "key-id-123", parsedToken.Header["kid"])
+
+	// 测试使用空密钥生成 JWT
+	emptySecretKey := []byte("")
+	token, err = GenerateJWTWithHeader(payload, emptySecretKey, jwt.SigningMethodHS256, customHeader)
+	assert.Error(t, err)
+	assert.Empty(t, token)
+}
+
+func TestExtractJWTFromRequest(t *testing.T) {
+	// 测试有效的 Authorization Header
+	req := httptest.NewRequest(http.MethodGet, "/", nil)
+	req.Header.Set("Authorization", "Bearer valid.jwt.token")
+	token, err := ExtractJWTFromRequest(req)
+	assert.NoError(t, err)
+	assert.Equal(t, "valid.jwt.token", token)
+
+	// 测试缺少 Authorization Header
+	req = httptest.NewRequest(http.MethodGet, "/", nil)
+	token, err = ExtractJWTFromRequest(req)
+	assert.Error(t, err)
+	assert.Equal(t, "authorization header is missing", err.Error())
+	assert.Empty(t, token)
+
+	// 测试无效的 Authorization Header 格式
+	req = httptest.NewRequest(http.MethodGet, "/", nil)
+	req.Header.Set("Authorization", "InvalidFormat")
+	token, err = ExtractJWTFromRequest(req)
+	assert.Error(t, err)
+	assert.Equal(t, "invalid authorization header format", err.Error())
+	assert.Empty(t, token)
+
+	// 测试空的 Bearer Token
+	req = httptest.NewRequest(http.MethodGet, "/", nil)
+	req.Header.Set("Authorization", "Bearer ")
+	token, err = ExtractJWTFromRequest(req)
+	assert.Error(t, err)
+	assert.Empty(t, token)
+}
+
+func TestGenerateShortLivedJWT(t *testing.T) {
+	secretKey := []byte("secret")
+	payload := jwt.MapClaims{
+		"sub": "userId",
+	}
+
+	// 测试生成短期有效的 JWT
+	duration := 1 * time.Hour
+	token, err := GenerateShortLivedJWT(payload, secretKey, jwt.SigningMethodHS256, duration)
+	assert.NoError(t, err)
+	assert.NotEmpty(t, token)
+
+	// 验证生成的 JWT 是否包含正确的过期时间
+	claims, err := ParseJWTPayload(token)
+	assert.NoError(t, err)
+	assert.NotNil(t, claims)
+
+	exp, ok := claims["exp"].(float64)
+	assert.True(t, ok)
+	expectedExp := time.Now().Add(duration).Unix()
+	assert.InDelta(t, expectedExp, int64(exp), 5) // 允许 5 秒的时间误差
+
+	// 测试空密钥
+	emptySecretKey := []byte("")
+	token, err = GenerateShortLivedJWT(payload, emptySecretKey, jwt.SigningMethodHS256, duration)
+	assert.Error(t, err)
+	assert.Empty(t, token)
+}
+
+func TestValidateJWTAudience(t *testing.T) {
+	secretKey := []byte("secret")
+
+	// 创建一个包含受众的 JWT
+	token, err := GenerateJWT(jwt.MapClaims{
+		"aud": []string{"audience1", "audience2"},
+	}, secretKey, jwt.SigningMethodHS256)
+	assert.NoError(t, err)
+	assert.NotEmpty(t, token)
+
+	// 测试受众验证成功
+	valid, err := ValidateJWTAudience(token, "audience1")
+	assert.NoError(t, err)
+	assert.True(t, valid)
+
+	// 测试受众验证失败
+	valid, err = ValidateJWTAudience(token, "audience3")
+	assert.NoError(t, err)
+	assert.False(t, valid)
+
+	// 测试无效的 JWT
+	invalidToken := "invalid.token.string"
+	valid, err = ValidateJWTAudience(invalidToken, "audience1")
+	assert.Error(t, err)
+	assert.False(t, valid)
+
+	// 测试空字符串
+	valid, err = ValidateJWTAudience("", "audience1")
+	assert.Error(t, err)
+	assert.False(t, valid)
+}
+
+func TestValidateJWTAlgorithm(t *testing.T) {
+	secretKey := []byte("secret")
+
+	// 测试有效的 JWT 算法验证
+	token, err := GenerateJWT(jwt.MapClaims{
+		"sub": "userId",
+	}, secretKey, jwt.SigningMethodHS256)
+	assert.NoError(t, err)
+	assert.NotEmpty(t, token)
+
+	valid, err := ValidateJWTAlgorithm(token, "HS256")
+	assert.NoError(t, err)
+	assert.True(t, valid)
+
+	// 测试无效的算法
+	valid, err = ValidateJWTAlgorithm(token, "RS256")
+	assert.NoError(t, err)
+	assert.False(t, valid)
+
+	// 测试无效的 JWT
+	invalidToken := "invalid.token.string"
+	valid, err = ValidateJWTAlgorithm(invalidToken, "HS256")
+	assert.Error(t, err)
+	assert.False(t, valid)
+
+	// 测试空字符串
+	valid, err = ValidateJWTAlgorithm("", "HS256")
+	assert.Error(t, err)
+	assert.False(t, valid)
+}
+
+func TestIsJWTExpired(t *testing.T) {
+	secretKey := []byte("secret")
+
+	// 测试未过期的 JWT
+	notExpiredToken, err := GenerateJWT(jwt.MapClaims{
+		"sub": "userId",
+		"exp": time.Now().Add(1 * time.Hour).Unix(),
+	}, secretKey, jwt.SigningMethodHS256)
+	assert.NoError(t, err)
+	assert.NotEmpty(t, notExpiredToken)
+
+	isExpired, err := IsJWTExpired(notExpiredToken)
+	assert.NoError(t, err)
+	assert.False(t, isExpired)
+
+	// 测试已过期的 JWT
+	expiredToken, err := GenerateJWT(jwt.MapClaims{
+		"sub": "userId",
+		"exp": time.Now().Add(-1 * time.Hour).Unix(),
+	}, secretKey, jwt.SigningMethodHS256)
+	assert.NoError(t, err)
+	assert.NotEmpty(t, expiredToken)
+
+	isExpired, err = IsJWTExpired(expiredToken)
+	assert.NoError(t, err)
+	assert.True(t, isExpired)
+
+	// 测试无效的 JWT
+	invalidToken := "invalid.token.string"
+	isExpired, err = IsJWTExpired(invalidToken)
+	assert.Error(t, err)
+	assert.False(t, isExpired)
+
+	// 测试空字符串
+	isExpired, err = IsJWTExpired("")
+	assert.Error(t, err)
+	assert.False(t, isExpired)
+}
+
+func TestGetJWTHeader(t *testing.T) {
+	secretKey := []byte("secret")
+
+	// 测试有效的 JWT 头部解析
+	token, err := GenerateJWT(jwt.MapClaims{
+		"sub": "userId",
+	}, secretKey, jwt.SigningMethodHS256)
+	assert.NoError(t, err)
+	assert.NotEmpty(t, token)
+
+	header, err := GetJWTHeader(token)
+	assert.NoError(t, err)
+	assert.NotNil(t, header)
+	assert.Equal(t, "JWT", header["typ"])
+	assert.Equal(t, "HS256", header["alg"])
+
+	// 测试无效的 JWT
+	invalidToken := "invalid.token.string"
+	header, err = GetJWTHeader(invalidToken)
+	assert.Error(t, err)
+	assert.Nil(t, header)
+
+	// 测试空字符串
+	header, err = GetJWTHeader("")
+	assert.Error(t, err)
+	assert.Nil(t, header)
+}
+
+func TestValidateJWTIssuer(t *testing.T) {
+	secretKey := []byte("secret")
+
+	// 测试有效的发行者验证
+	token, err := GenerateJWT(jwt.MapClaims{
+		"iss": "trusted-issuer",
+	}, secretKey, jwt.SigningMethodHS256)
+	assert.NoError(t, err)
+	assert.NotEmpty(t, token)
+
+	valid, err := ValidateJWTIssuer(token, "trusted-issuer")
+	assert.NoError(t, err)
+	assert.True(t, valid)
+
+	// 测试无效的发行者
+	valid, err = ValidateJWTIssuer(token, "untrusted-issuer")
+	assert.NoError(t, err)
+	assert.False(t, valid)
+
+	// 测试无效的 JWT
+	invalidToken := "invalid.token.string"
+	valid, err = ValidateJWTIssuer(invalidToken, "trusted-issuer")
+	assert.Error(t, err)
+	assert.False(t, valid)
+
+	// 测试空字符串
+	valid, err = ValidateJWTIssuer("", "trusted-issuer")
+	assert.Error(t, err)
+	assert.False(t, valid)
+}
+
+func TestGetJWTIssuedAt(t *testing.T) {
+	secretKey := []byte("secret")
+
+	// 测试有效的 JWT 签发时间
+	issuedAt := time.Now().Add(-1 * time.Hour).Unix()
+	token, err := GenerateJWT(jwt.MapClaims{
+		"sub": "userId",
+		"iat": issuedAt,
+	}, secretKey, jwt.SigningMethodHS256)
+	assert.NoError(t, err)
+	assert.NotEmpty(t, token)
+
+	iat, err := GetJWTIssuedAt(token)
+	assert.NoError(t, err)
+	assert.NotNil(t, iat)
+	assert.Equal(t, issuedAt, iat.Unix())
+
+	// 测试无效的 JWT
+	invalidToken := "invalid.token.string"
+	iat, err = GetJWTIssuedAt(invalidToken)
+	assert.Error(t, err)
+	assert.Nil(t, iat)
+
+	// 测试空字符串
+	iat, err = GetJWTIssuedAt("")
+	assert.Error(t, err)
+	assert.Nil(t, iat)
+}
+
+func TestGetJWTClaims(t *testing.T) {
+	secretKey := []byte("secret")
+
+	// 测试有效的 JWT
+	token, err := GenerateJWT(jwt.MapClaims{
+		"sub": "userId",
+		"exp": time.Now().Add(1 * time.Hour).Unix(),
+	}, secretKey, jwt.SigningMethodHS256)
+	assert.NoError(t, err)
+	assert.NotEmpty(t, token)
+
+	claims, err := GetJWTClaims(token)
+	assert.NoError(t, err)
+	assert.NotNil(t, claims)
+	assert.Equal(t, "userId", claims["sub"])
+
+	// 测试无效的 JWT
+	invalidToken := "invalid.token.string"
+	claims, err = GetJWTClaims(invalidToken)
+	assert.Error(t, err)
+	assert.Nil(t, claims)
+
+	// 测试空字符串
+	claims, err = GetJWTClaims("")
+	assert.Error(t, err)
+	assert.Nil(t, claims)
+}

tag.bat

@@ -1,9 +1,10 @@
-git tag v1.1.22
+git tag v1.1.23
 
 git tag bank_card/v1.1.5
 git tag geoip/v1.1.5
 git tag translator/v1.1.2
-git tag copierutil/v0.0.2
+git tag copierutil/v0.0.3
+git tag jwtutil/v0.0.2
 
 git tag entgo/v1.1.28
 git tag gorm/v1.1.6

timeutil/trans.go

@@ -236,7 +236,7 @@ func DurationpbToDuration(duration *durationpb.Duration) *time.Duration {
 	return &d
 }
 
-func DurationpbSecond(duration *durationpb.Duration) *float64 {
+func DurationpbToSecond(duration *durationpb.Duration) *float64 {
 	if duration == nil {
 		return nil
 	}
@@ -244,3 +244,20 @@ func DurationpbSecond(duration *durationpb.Duration) *float64 {
 	secondsInt64 := seconds
 	return &secondsInt64
 }
+
+func StringToDurationpb(in *string) *durationpb.Duration {
+	if in == nil {
+		return nil
+	}
+
+	f, _ := time.ParseDuration(*in)
+	return durationpb.New(f)
+}
+
+func DurationpbToString(in *durationpb.Duration) *string {
+	if in == nil {
+		return nil
+	}
+
+	return trans.Ptr(in.AsDuration().String())
+}

timeutil/trans_test.go

@@ -288,21 +288,21 @@ func TestSecondToDurationpb(t *testing.T) {
 	assert.Nil(t, result)
 }
 
-func TestDurationpbSecond(t *testing.T) {
+func TestDurationpbToSecond(t *testing.T) {
 	// 测试非空输入
 	duration := durationpb.New(5 * time.Second)
-	result := DurationpbSecond(duration)
+	result := DurationpbToSecond(duration)
 	assert.NotNil(t, result)
 	assert.Equal(t, 5.0, *result, "应返回正确的秒数")
 
 	// 测试零输入
 	duration = durationpb.New(0)
-	result = DurationpbSecond(duration)
+	result = DurationpbToSecond(duration)
 	assert.NotNil(t, result)
 	assert.Equal(t, 0.0, *result, "应返回零秒")
 
 	// 测试空输入
-	result = DurationpbSecond(nil)
+	result = DurationpbToSecond(nil)
 	assert.Nil(t, result, "空输入应返回nil")
 }
 
@@ -353,3 +353,48 @@ func TestTimeToUnixSecondInt64Ptr(t *testing.T) {
 	result = TimeToUnixSecondInt64Ptr(nil)
 	assert.Nil(t, result)
 }
+
+func TestStringToDurationpb(t *testing.T) {
+	// 测试有效输入
+	validInput := "1h30m"
+	expected := durationpb.New(90 * time.Minute)
+	result := StringToDurationpb(&validInput)
+	assert.NotNil(t, result)
+	assert.Equal(t, expected, result)
+
+	// 测试无效输入
+	invalidInput := "invalid-duration"
+	result = StringToDurationpb(&invalidInput)
+	assert.NotNil(t, result) // 即使输入无效，time.ParseDuration 返回零值
+	assert.Equal(t, durationpb.New(0), result)
+
+	// 测试空字符串输入
+	emptyInput := ""
+	result = StringToDurationpb(&emptyInput)
+	assert.NotNil(t, result) // 空字符串解析为零值
+	assert.Equal(t, durationpb.New(0), result)
+
+	// 测试空指针输入
+	result = StringToDurationpb(nil)
+	assert.Nil(t, result)
+}
+
+func TestDurationpbToString(t *testing.T) {
+	// 测试有效输入
+	duration := durationpb.New(90 * time.Second) // 90秒
+	expected := "1m30s"
+	result := DurationpbToString(duration)
+	assert.NotNil(t, result)
+	assert.Equal(t, expected, *result)
+
+	// 测试零值输入
+	duration = durationpb.New(0)
+	expected = "0s"
+	result = DurationpbToString(duration)
+	assert.NotNil(t, result)
+	assert.Equal(t, expected, *result)
+
+	// 测试空输入
+	result = DurationpbToString(nil)
+	assert.Nil(t, result)
+}