采用中间件授权的方式

api/core/app_server.go

@@ -8,29 +8,20 @@ package core
 // * +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
 import (
-	"bytes"
-	"context"
 	"fmt"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/store/model"
 	"geekai/utils"
-	"geekai/utils/resp"
-	"image"
-	"image/jpeg"
 	"io"
 	"net/http"
-	"os"
 	"runtime/debug"
-	"strings"
 	"time"
 
 	"github.com/gin-gonic/gin"
 	"github.com/go-redis/redis/v8"
-	"github.com/golang-jwt/jwt/v5"
 	"github.com/imroc/req/v3"
-	"github.com/nfnt/resize"
 	"github.com/shirou/gopsutil/host"
-	"golang.org/x/image/webp"
 	"gorm.io/gorm"
 )
 
@@ -42,34 +33,39 @@ type AuthConfig struct {
 
 var authConfig = &AuthConfig{
 	ExactPaths: map[string]bool{
-		"/api/user/login":          false,
-		"/api/user/logout":         false,
-		"/api/user/resetPass":      false,
-		"/api/user/register":       false,
-		"/api/admin/login":         false,
-		"/api/admin/logout":        false,
-		"/api/admin/login/captcha": false,
-		"/api/app/list":            false,
-		"/api/app/type/list":       false,
-		"/api/app/list/user":       false,
-		"/api/model/list":          false,
-		"/api/mj/imgWall":          false,
-		"/api/mj/notify":           false,
-		"/api/invite/hits":         false,
-		"/api/sd/imgWall":          false,
-		"/api/dall/imgWall":        false,
-		"/api/product/list":        false,
-		"/api/menu/list":           false,
-		"/api/markMap/client":      false,
-		"/api/payment/doPay":       false,
-		"/api/payment/payWays":     false,
-		"/api/download":            false,
-		"/api/dall/models":         false,
+		"/api/user/login":           false,
+		"/api/user/logout":          false,
+		"/api/user/resetPass":       false,
+		"/api/user/register":        false,
+		"/api/user/clogin":          false,
+		"/api/user/clogin/callback": false,
+		"/api/user/signin":          false,
+		"/api/admin/login":          false,
+		"/api/admin/logout":         false,
+		"/api/admin/login/captcha":  false,
+		"/api/app/list":             false,
+		"/api/app/type/list":        false,
+		"/api/app/list/user":        false,
+		"/api/model/list":           false,
+		"/api/mj/imgWall":           false,
+		"/api/mj/notify":            false,
+		"/api/invite/hits":          false,
+		"/api/sd/imgWall":           false,
+		"/api/dall/imgWall":         false,
+		"/api/product/list":         false,
+		"/api/menu/list":            false,
+		"/api/markMap/client":       false,
+		"/api/payment/doPay":        false,
+		"/api/payment/payWays":      false,
+		"/api/download":             false,
+		"/api/dall/models":          false,
+		"/api/chat/message":         false, // 聊天接口需要特殊处理
+		"/api/realtime":             false, // 实时通信接口需要特殊处理
+		"/api/realtime/voice":       false, // 语音聊天接口需要特殊处理
 	},
 	PrefixPaths: map[string]bool{
 		"/api/test/":           false,
 		"/api/payment/notify/": false,
-		"/api/user/clogin":     false,
 		"/api/config/":         false,
 		"/api/function/":       false,
 		"/api/sms/":            false,
@@ -97,10 +93,8 @@ func NewServer(appConfig *types.AppConfig, redis *redis.Client, sysConfig *types
 }
 
 func (s *AppServer) Init(client *redis.Client) {
-	s.Engine.Use(corsMiddleware())
-	s.Engine.Use(staticResourceMiddleware())
-	s.Engine.Use(authorizeMiddleware(s, client))
-	s.Engine.Use(parameterHandlerMiddleware())
+	s.Engine.Use(middleware.ParameterHandlerMiddleware())
+	s.Engine.Use(middleware.StaticMiddleware())
 	s.Engine.Use(errorHandler)
 	// 添加静态资源访问
 	s.Engine.Static("/static", s.Config.StaticDir)
@@ -150,283 +144,3 @@ func errorHandler(c *gin.Context) {
 	//加载完 defer recover，继续后续接口调用
 	c.Next()
 }
-
-// 跨域中间件设置
-func corsMiddleware() gin.HandlerFunc {
-	return func(c *gin.Context) {
-		method := c.Request.Method
-		origin := c.Request.Header.Get("Origin")
-
-		// 设置允许的请求源
-		if origin != "" {
-			c.Header("Access-Control-Allow-Origin", origin)
-		} else {
-			c.Header("Access-Control-Allow-Origin", "*")
-		}
-
-		c.Header("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, UPDATE")
-		//允许跨域设置可以返回其他子段，可以自定义字段
-		c.Header("Access-Control-Allow-Headers", "Authorization, Body-Length, Body-Type, Admin-Authorization,content-type")
-		// 允许浏览器（客户端）可以解析的头部 （重要）
-		c.Header("Access-Control-Expose-Headers", "Body-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers")
-		//设置缓存时间
-		c.Header("Access-Control-Max-Age", "172800")
-		//允许客户端传递校验信息比如 cookie (重要)
-		c.Header("Access-Control-Allow-Credentials", "true")
-
-		if method == http.MethodOptions {
-			c.JSON(http.StatusOK, "ok!")
-		}
-
-		defer func() {
-			if err := recover(); err != nil {
-				logger.Info("Panic info is: %v", err)
-			}
-		}()
-
-		c.Next()
-	}
-}
-
-// 用户授权验证
-func authorizeMiddleware(s *AppServer, client *redis.Client) gin.HandlerFunc {
-	return func(c *gin.Context) {
-		if !needLogin(c) {
-			c.Next()
-			return
-		}
-
-		clientProtocols := c.GetHeader("Sec-WebSocket-Protocol")
-		var tokenString string
-		isAdminApi := strings.Contains(c.Request.URL.Path, "/api/admin/")
-		if isAdminApi { // 后台管理 API
-			tokenString = c.GetHeader(types.AdminAuthHeader)
-		} else if clientProtocols != "" { // Websocket 连接
-			// 解析子协议内容
-			protocols := strings.Split(clientProtocols, ",")
-			if protocols[0] == "realtime" {
-				tokenString = strings.TrimSpace(protocols[1][25:])
-			} else if protocols[0] == "token" {
-				tokenString = strings.TrimSpace(protocols[1])
-			}
-		} else {
-			tokenString = c.GetHeader(types.UserAuthHeader)
-		}
-
-		if tokenString == "" {
-			resp.NotAuth(c, "You should put Authorization in request headers")
-			c.Abort()
-			return
-		}
-
-		token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
-			if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
-				return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
-			}
-			if isAdminApi {
-				return []byte(s.Config.AdminSession.SecretKey), nil
-			} else {
-				return []byte(s.Config.Session.SecretKey), nil
-			}
-
-		})
-
-		if err != nil {
-			resp.NotAuth(c, fmt.Sprintf("Error with parse auth token: %v", err))
-			c.Abort()
-			return
-		}
-
-		claims, ok := token.Claims.(jwt.MapClaims)
-		if !ok || !token.Valid {
-			resp.NotAuth(c, "Token is invalid")
-			c.Abort()
-			return
-		}
-
-		expr := utils.IntValue(utils.InterfaceToString(claims["expired"]), 0)
-		if expr > 0 && int64(expr) < time.Now().Unix() {
-			resp.NotAuth(c, "Token is expired")
-			c.Abort()
-			return
-		}
-
-		key := fmt.Sprintf("users/%v", claims["user_id"])
-		if isAdminApi {
-			key = fmt.Sprintf("admin/%v", claims["user_id"])
-		}
-		if _, err := client.Get(context.Background(), key).Result(); err != nil {
-			resp.NotAuth(c, "Token is not found in redis")
-			c.Abort()
-			return
-		}
-		c.Set(types.LoginUserID, claims["user_id"])
-		c.Next()
-	}
-}
-
-func needLogin(c *gin.Context) bool {
-	path := c.Request.URL.Path
-
-	// 如果不是 API 路径，不需要登录
-	if !strings.HasPrefix(path, "/api") {
-		return false
-	}
-
-	// 检查精确匹配的路径
-	if skip, exists := authConfig.ExactPaths[path]; exists {
-		return skip
-	}
-
-	// 检查前缀匹配的路径
-	for prefix, skip := range authConfig.PrefixPaths {
-		if strings.HasPrefix(path, prefix) {
-			return skip
-		}
-	}
-
-	return true
-}
-
-// 跳过授权
-func (s *AppServer) SkipAuth(url string) {
-	authConfig.ExactPaths[url] = false
-}
-
-func (s *AppServer) SkipAuthPrefix(url string) {
-	authConfig.PrefixPaths[url] = false
-}
-
-// 统一参数处理
-func parameterHandlerMiddleware() gin.HandlerFunc {
-	return func(c *gin.Context) {
-		// GET 参数处理
-		params := c.Request.URL.Query()
-		for key, values := range params {
-			for i, value := range values {
-				params[key][i] = strings.TrimSpace(value)
-			}
-		}
-		// update get parameters
-		c.Request.URL.RawQuery = params.Encode()
-		// skip file upload requests
-		contentType := c.Request.Header.Get("Content-Type")
-		if strings.Contains(contentType, "multipart/form-data") {
-			c.Next()
-			return
-		}
-
-		if strings.Contains(contentType, "application/json") {
-			// process POST JSON request body
-			bodyBytes, err := io.ReadAll(c.Request.Body)
-			if err != nil {
-				c.Next()
-				return
-			}
-
-			// 还原请求体
-			c.Request.Body = io.NopCloser(bytes.NewBuffer(bodyBytes))
-			// 将请求体解析为 JSON
-			var jsonData map[string]interface{}
-			if err := c.ShouldBindJSON(&jsonData); err != nil {
-				c.Next()
-				return
-			}
-
-			// 对 JSON 数据中的字符串值去除两端空格
-			trimJSONStrings(jsonData)
-			// 更新请求体
-			c.Request.Body = io.NopCloser(bytes.NewBufferString(utils.JsonEncode(jsonData)))
-		}
-
-		c.Next()
-	}
-}
-
-// 递归对 JSON 数据中的字符串值去除两端空格
-func trimJSONStrings(data interface{}) {
-	switch v := data.(type) {
-	case map[string]interface{}:
-		for key, value := range v {
-			switch valueType := value.(type) {
-			case string:
-				v[key] = strings.TrimSpace(valueType)
-			case map[string]interface{}, []interface{}:
-				trimJSONStrings(value)
-			}
-		}
-	case []interface{}:
-		for i, value := range v {
-			switch valueType := value.(type) {
-			case string:
-				v[i] = strings.TrimSpace(valueType)
-			case map[string]interface{}, []interface{}:
-				trimJSONStrings(value)
-			}
-		}
-	}
-}
-
-// 静态资源中间件
-func staticResourceMiddleware() gin.HandlerFunc {
-	return func(c *gin.Context) {
-
-		url := c.Request.URL.String()
-		// 拦截生成缩略图请求
-		if strings.HasPrefix(url, "/static/") && strings.Contains(url, "?imageView2") {
-			r := strings.SplitAfter(url, "imageView2")
-			size := strings.Split(r[1], "/")
-			if len(size) != 8 {
-				c.String(http.StatusNotFound, "invalid thumb args")
-				return
-			}
-			with := utils.IntValue(size[3], 0)
-			height := utils.IntValue(size[5], 0)
-			quality := utils.IntValue(size[7], 75)
-
-			// 打开图片文件
-			filePath := strings.TrimLeft(c.Request.URL.Path, "/")
-			file, err := os.Open(filePath)
-			if err != nil {
-				c.String(http.StatusNotFound, "Image not found")
-				return
-			}
-			defer file.Close()
-
-			// 解码图片
-			img, _, err := image.Decode(file)
-			// for .webp image
-			if err != nil {
-				img, err = webp.Decode(file)
-			}
-			if err != nil {
-				c.String(http.StatusInternalServerError, "Error decoding image")
-				return
-			}
-
-			var newImg image.Image
-			if height == 0 || with == 0 {
-				// 固定宽度，高度自适应
-				newImg = resize.Resize(uint(with), uint(height), img, resize.Lanczos3)
-			} else {
-				// 生成缩略图
-				newImg = resize.Thumbnail(uint(with), uint(height), img, resize.Lanczos3)
-			}
-			var buffer bytes.Buffer
-			err = jpeg.Encode(&buffer, newImg, &jpeg.Options{Quality: quality})
-			if err != nil {
-				logger.Error(err)
-				c.String(http.StatusInternalServerError, err.Error())
-				return
-			}
-
-			// 设置图片缓存有效期为一年 (365天)
-			c.Header("Cache-Control", "max-age=31536000, public")
-			// 直接输出图像数据流
-			c.Data(http.StatusOK, "image/jpeg", buffer.Bytes())
-			c.Abort() // 中断请求
-
-		}
-		c.Next()
-	}
-}

api/core/middleware/auth.go

@@ -1,4 +1,4 @@
-package midware
+package middleware
 
 import (
 	"context"
@@ -13,7 +13,7 @@ import (
 	"github.com/golang-jwt/jwt"
 )
 
-// 用户授权验证
+// 前端用户授权验证
 func UserAuthMiddleware(secretKey string, redis *redis.Client) gin.HandlerFunc {
 	return func(c *gin.Context) {
 		tokenString := c.GetHeader(types.UserAuthHeader)
@@ -60,6 +60,7 @@ func UserAuthMiddleware(secretKey string, redis *redis.Client) gin.HandlerFunc {
 	}
 }
 
+// 管理后台用户授权验证
 func AdminAuthMiddleware(secretKey string, redis *redis.Client) gin.HandlerFunc {
 	return func(c *gin.Context) {
 		tokenString := c.GetHeader(types.AdminAuthHeader)

api/core/middleware/parameter.go

@@ -1,4 +1,4 @@
-package midware
+package middleware
 
 import (
 	"bytes"

api/core/middleware/rate_limit.go

@@ -1,4 +1,4 @@
-package midware
+package middleware
 
 import (
 	"context"

api/core/middleware/static.go

@@ -0,0 +1,78 @@
+package middleware
+
+import (
+	"bytes"
+	"geekai/utils"
+	"image"
+	"image/jpeg"
+	"net/http"
+	"os"
+	"strings"
+
+	"github.com/gin-gonic/gin"
+	"github.com/nfnt/resize"
+	"golang.org/x/image/webp"
+)
+
+// 静态资源中间件
+func StaticMiddleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+
+		url := c.Request.URL.String()
+		// 拦截生成缩略图请求
+		if strings.HasPrefix(url, "/static/") && strings.Contains(url, "?imageView2") {
+			r := strings.SplitAfter(url, "imageView2")
+			size := strings.Split(r[1], "/")
+			if len(size) != 8 {
+				c.String(http.StatusNotFound, "invalid thumb args")
+				return
+			}
+			with := utils.IntValue(size[3], 0)
+			height := utils.IntValue(size[5], 0)
+			quality := utils.IntValue(size[7], 75)
+
+			// 打开图片文件
+			filePath := strings.TrimLeft(c.Request.URL.Path, "/")
+			file, err := os.Open(filePath)
+			if err != nil {
+				c.String(http.StatusNotFound, "Image not found")
+				return
+			}
+			defer file.Close()
+
+			// 解码图片
+			img, _, err := image.Decode(file)
+			// for .webp image
+			if err != nil {
+				img, err = webp.Decode(file)
+			}
+			if err != nil {
+				c.String(http.StatusInternalServerError, "Error decoding image")
+				return
+			}
+
+			var newImg image.Image
+			if height == 0 || with == 0 {
+				// 固定宽度，高度自适应
+				newImg = resize.Resize(uint(with), uint(height), img, resize.Lanczos3)
+			} else {
+				// 生成缩略图
+				newImg = resize.Thumbnail(uint(with), uint(height), img, resize.Lanczos3)
+			}
+			var buffer bytes.Buffer
+			err = jpeg.Encode(&buffer, newImg, &jpeg.Options{Quality: quality})
+			if err != nil {
+				c.String(http.StatusInternalServerError, err.Error())
+				return
+			}
+
+			// 设置图片缓存有效期为一年 (365天)
+			c.Header("Cache-Control", "max-age=31536000, public")
+			// 直接输出图像数据流
+			c.Data(http.StatusOK, "image/jpeg", buffer.Bytes())
+			c.Abort() // 中断请求
+
+		}
+		c.Next()
+	}
+}

api/handler/admin/admin_handler.go

@@ -11,6 +11,7 @@ import (
 	"context"
 	"fmt"
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/handler"
 	logger2 "geekai/logger"
@@ -49,14 +50,21 @@ func NewAdminHandler(app *core.AppServer, db *gorm.DB, client *redis.Client, cap
 // RegisterRoutes 注册路由
 func (h *ManagerHandler) RegisterRoutes() {
 	group := h.App.Engine.Group("/api/admin/")
+
+	// 公开接口，不需要授权
 	group.POST("login", h.Login)
 	group.GET("logout", h.Logout)
 	group.GET("session", h.Session)
-	group.GET("list", h.List)
-	group.POST("save", h.Save)
-	group.POST("enable", h.Enable)
-	group.GET("remove", h.Remove)
-	group.POST("resetPass", h.ResetPass)
+
+	// 需要管理员授权的接口
+	group.Use(middleware.AdminAuthMiddleware(h.App.Config.AdminSession.SecretKey, h.App.Redis))
+	{
+		group.GET("list", h.List)
+		group.POST("save", h.Save)
+		group.POST("enable", h.Enable)
+		group.GET("remove", h.Remove)
+		group.POST("resetPass", h.ResetPass)
+	}
 }
 
 // Login 登录

api/handler/admin/api_key_handler.go

@@ -10,6 +10,7 @@ package admin
 import (
 	"fmt"
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/handler"
 	"geekai/store/model"
@@ -32,11 +33,16 @@ func NewApiKeyHandler(app *core.AppServer, db *gorm.DB) *ApiKeyHandler {
 
 // RegisterRoutes 注册路由
 func (h *ApiKeyHandler) RegisterRoutes() {
-	group := h.App.Engine.Group("/api/admin/apikey/")
-	group.POST("save", h.Save)
-	group.GET("list", h.List)
-	group.POST("set", h.Set)
-	group.GET("remove", h.Remove)
+	group := h.App.Engine.Group("/api/admin/apiKey/")
+
+	// 需要管理员授权的接口
+	group.Use(middleware.AdminAuthMiddleware(h.App.Config.AdminSession.SecretKey, h.App.Redis))
+	{
+		group.GET("list", h.List)
+		group.POST("save", h.Save)
+		group.POST("set", h.Set)
+		group.GET("remove", h.Remove)
+	}
 }
 
 func (h *ApiKeyHandler) Save(c *gin.Context) {

api/handler/admin/chat_app_handler.go

@@ -10,6 +10,7 @@ package admin
 import (
 	"fmt"
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/handler"
 	"geekai/store/model"
@@ -32,12 +33,17 @@ func NewChatAppHandler(app *core.AppServer, db *gorm.DB) *ChatAppHandler {
 
 // RegisterRoutes 注册路由
 func (h *ChatAppHandler) RegisterRoutes() {
-	group := h.App.Engine.Group("/api/admin/role/")
-	group.GET("list", h.List)
-	group.POST("save", h.Save)
-	group.POST("sort", h.Sort)
-	group.POST("set", h.Set)
-	group.GET("remove", h.Remove)
+	group := h.App.Engine.Group("/api/admin/app/")
+
+	// 需要管理员授权的接口
+	group.Use(middleware.AdminAuthMiddleware(h.App.Config.AdminSession.SecretKey, h.App.Redis))
+	{
+		group.GET("list", h.List)
+		group.POST("save", h.Save)
+		group.POST("sort", h.Sort)
+		group.POST("set", h.Set)
+		group.GET("remove", h.Remove)
+	}
 }
 
 // Save 创建或者更新某个角色
@@ -184,7 +190,6 @@ func (h *ChatAppHandler) Remove(c *gin.Context) {
 	}
 	res := h.DB.Where("id", id).Delete(&model.ChatRole{})
 	if res.Error != nil {
-		logger.Error("error with update database：", res.Error)
 		resp.ERROR(c, "删除失败！")
 		return
 	}

api/handler/admin/chat_app_type_handler.go

@@ -2,12 +2,14 @@ package admin
 
 import (
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/handler"
 	"geekai/store/model"
 	"geekai/store/vo"
 	"geekai/utils"
 	"geekai/utils/resp"
+
 	"github.com/gin-gonic/gin"
 	"gorm.io/gorm"
 )
@@ -22,12 +24,17 @@ func NewChatAppTypeHandler(app *core.AppServer, db *gorm.DB) *ChatAppTypeHandler
 
 // RegisterRoutes 注册路由
 func (h *ChatAppTypeHandler) RegisterRoutes() {
-	group := h.App.Engine.Group("/api/admin/app/type")
-	group.POST("save", h.Save)
-	group.GET("list", h.List)
-	group.GET("remove", h.Remove)
-	group.POST("enable", h.Enable)
-	group.POST("sort", h.Sort)
+	group := h.App.Engine.Group("/api/admin/app/type/")
+
+	// 需要管理员授权的接口
+	group.Use(middleware.AdminAuthMiddleware(h.App.Config.AdminSession.SecretKey, h.App.Redis))
+	{
+		group.GET("list", h.List)
+		group.POST("save", h.Save)
+		group.GET("remove", h.Remove)
+		group.POST("enable", h.Enable)
+		group.POST("sort", h.Sort)
+	}
 }
 
 // Save 创建或更新App类型

api/handler/admin/chat_handler.go

@@ -9,6 +9,7 @@ package admin
 
 import (
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/handler"
 	"geekai/store/model"
@@ -31,11 +32,16 @@ func NewChatHandler(app *core.AppServer, db *gorm.DB) *ChatHandler {
 // RegisterRoutes 注册路由
 func (h *ChatHandler) RegisterRoutes() {
 	group := h.App.Engine.Group("/api/admin/chat/")
-	group.POST("list", h.List)
-	group.POST("message", h.Messages)
-	group.GET("history", h.History)
-	group.GET("remove", h.RemoveChat)
-	group.GET("message/remove", h.RemoveMessage)
+
+	// 需要管理员授权的接口
+	group.Use(middleware.AdminAuthMiddleware(h.App.Config.AdminSession.SecretKey, h.App.Redis))
+	{
+		group.POST("list", h.List)
+		group.POST("message", h.Messages)
+		group.GET("history", h.History)
+		group.GET("remove", h.RemoveChat)
+		group.GET("message/remove", h.RemoveMessage)
+	}
 }
 
 type chatItemVo struct {

api/handler/admin/chat_model_handler.go

@@ -10,6 +10,7 @@ package admin
 import (
 	"fmt"
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/handler"
 	"geekai/store/model"
@@ -32,12 +33,17 @@ func NewChatModelHandler(app *core.AppServer, db *gorm.DB) *ChatModelHandler {
 // RegisterRoutes 注册路由
 func (h *ChatModelHandler) RegisterRoutes() {
 	group := h.App.Engine.Group("/api/admin/model/")
-	group.POST("save", h.Save)
-	group.GET("list", h.List)
-	group.POST("set", h.Set)
-	group.POST("sort", h.Sort)
-	group.GET("remove", h.Remove)
-	group.POST("batch-remove", h.BatchRemove)
+
+	// 需要管理员授权的接口
+	group.Use(middleware.AdminAuthMiddleware(h.App.Config.AdminSession.SecretKey, h.App.Redis))
+	{
+		group.GET("list", h.List)
+		group.POST("save", h.Save)
+		group.POST("set", h.Set)
+		group.POST("sort", h.Sort)
+		group.GET("remove", h.Remove)
+		group.POST("batch-remove", h.BatchRemove)
+	}
 }
 
 func (h *ChatModelHandler) Save(c *gin.Context) {

api/handler/admin/config_handler.go

@@ -11,6 +11,7 @@ import (
 	"encoding/json"
 	"errors"
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/handler"
 	"geekai/service"
@@ -42,12 +43,17 @@ func NewConfigHandler(app *core.AppServer, db *gorm.DB, levelDB *store.LevelDB,
 
 // RegisterRoutes 注册路由
 func (h *ConfigHandler) RegisterRoutes() {
-	group := h.App.Engine.Group("/api/admin/config")
-	group.POST("update", h.Update)
-	group.GET("get", h.Get)
-	group.POST("active", h.Active)
-	group.POST("test", h.Test)
-	group.GET("license", h.GetLicense)
+	group := h.App.Engine.Group("/api/admin/config/")
+
+	// 需要管理员授权的接口
+	group.Use(middleware.AdminAuthMiddleware(h.App.Config.AdminSession.SecretKey, h.App.Redis))
+	{
+		group.POST("update", h.Update)
+		group.GET("get", h.Get)
+		group.POST("active", h.Active)
+		group.POST("test", h.Test)
+		group.GET("license", h.GetLicense)
+	}
 }
 
 func (h *ConfigHandler) Update(c *gin.Context) {

api/handler/admin/function_handler.go

@@ -9,6 +9,7 @@ package admin
 
 import (
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/handler"
 	"geekai/store/model"
@@ -33,11 +34,16 @@ func NewFunctionHandler(app *core.AppServer, db *gorm.DB) *FunctionHandler {
 // RegisterRoutes 注册路由
 func (h *FunctionHandler) RegisterRoutes() {
 	group := h.App.Engine.Group("/api/admin/function/")
-	group.POST("save", h.Save)
-	group.POST("set", h.Set)
-	group.GET("list", h.List)
-	group.GET("remove", h.Remove)
-	group.GET("token", h.GenToken)
+
+	// 需要管理员授权的接口
+	group.Use(middleware.AdminAuthMiddleware(h.App.Config.AdminSession.SecretKey, h.App.Redis))
+	{
+		group.GET("list", h.List)
+		group.POST("save", h.Save)
+		group.POST("set", h.Set)
+		group.GET("remove", h.Remove)
+		group.GET("token", h.GenToken)
+	}
 }
 
 func (h *FunctionHandler) Save(c *gin.Context) {
@@ -129,7 +135,6 @@ func (h *FunctionHandler) GenToken(c *gin.Context) {
 	})
 	tokenString, err := token.SignedString([]byte(h.App.Config.Session.SecretKey))
 	if err != nil {
-		logger.Error("error with generate token", err)
 		resp.ERROR(c)
 		return
 	}

api/handler/admin/image_handler.go

@@ -10,6 +10,7 @@ package admin
 import (
 	"fmt"
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/handler"
 	"geekai/service"
@@ -35,11 +36,16 @@ func NewImageHandler(app *core.AppServer, db *gorm.DB, userService *service.User
 
 // RegisterRoutes 注册路由
 func (h *ImageHandler) RegisterRoutes() {
-	group := h.App.Engine.Group("/api/admin/image")
-	group.POST("/list/mj", h.MjList)
-	group.POST("/list/sd", h.SdList)
-	group.POST("/list/dall", h.DallList)
-	group.GET("/remove", h.Remove)
+	group := h.App.Engine.Group("/api/admin/image/")
+
+	// 需要管理员授权的接口
+	group.Use(middleware.AdminAuthMiddleware(h.App.Config.AdminSession.SecretKey, h.App.Redis))
+	{
+		group.POST("list/mj", h.MjList)
+		group.POST("list/sd", h.SdList)
+		group.POST("list/dall", h.DallList)
+		group.GET("remove", h.Remove)
+	}
 }
 
 type imageQuery struct {

api/handler/admin/media_handler.go

@@ -10,6 +10,7 @@ package admin
 import (
 	"fmt"
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/handler"
 	"geekai/service"
@@ -35,10 +36,15 @@ func NewMediaHandler(app *core.AppServer, db *gorm.DB, userService *service.User
 
 // RegisterRoutes 注册路由
 func (h *MediaHandler) RegisterRoutes() {
-	group := h.App.Engine.Group("/api/admin/media")
-	group.POST("/suno", h.SunoList)
-	group.POST("/videos", h.Videos)
-	group.GET("/remove", h.Remove)
+	group := h.App.Engine.Group("/api/admin/media/")
+
+	// 需要管理员授权的接口
+	group.Use(middleware.AdminAuthMiddleware(h.App.Config.AdminSession.SecretKey, h.App.Redis))
+	{
+		group.POST("suno", h.SunoList)
+		group.POST("videos", h.Videos)
+		group.GET("remove", h.Remove)
+	}
 }
 
 type mediaQuery struct {

api/handler/admin/upload_handler.go

@@ -9,6 +9,7 @@ package admin
 
 import (
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/handler"
 	"geekai/service/oss"
 	"geekai/store/model"
@@ -30,7 +31,13 @@ func NewUploadHandler(app *core.AppServer, db *gorm.DB, manager *oss.UploaderMan
 
 // RegisterRoutes 注册路由
 func (h *UploadHandler) RegisterRoutes() {
-	h.App.Engine.POST("/api/admin/upload", h.Upload)
+	group := h.App.Engine.Group("/api/admin/upload/")
+
+	// 需要管理员授权的接口
+	group.Use(middleware.AdminAuthMiddleware(h.App.Config.AdminSession.SecretKey, h.App.Redis))
+	{
+		group.POST("upload", h.Upload)
+	}
 }
 
 func (h *UploadHandler) Upload(c *gin.Context) {

api/handler/admin/user_handler.go

@@ -10,6 +10,7 @@ package admin
 import (
 	"fmt"
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/handler"
 	"geekai/service"
@@ -19,10 +20,9 @@ import (
 	"geekai/utils/resp"
 	"time"
 
+	"github.com/gin-gonic/gin"
 	"github.com/go-redis/redis/v8"
 	"github.com/golang-jwt/jwt/v5"
-
-	"github.com/gin-gonic/gin"
 	"gorm.io/gorm"
 )
 
@@ -39,12 +39,17 @@ func NewUserHandler(app *core.AppServer, db *gorm.DB, licenseService *service.Li
 // RegisterRoutes 注册路由
 func (h *UserHandler) RegisterRoutes() {
 	group := h.App.Engine.Group("/api/admin/user/")
-	group.GET("list", h.List)
-	group.POST("save", h.Save)
-	group.GET("remove", h.Remove)
-	group.GET("loginLog", h.LoginLog)
-	group.GET("genLoginLink", h.GenLoginLink)
-	group.POST("resetPass", h.ResetPass)
+
+	// 需要管理员授权的接口
+	group.Use(middleware.AdminAuthMiddleware(h.App.Config.AdminSession.SecretKey, h.App.Redis))
+	{
+		group.GET("list", h.List)
+		group.POST("save", h.Save)
+		group.GET("remove", h.Remove)
+		group.GET("loginLog", h.LoginLog)
+		group.GET("genLoginLink", h.GenLoginLink)
+		group.POST("resetPass", h.ResetPass)
+	}
 }
 
 // List 用户列表

api/handler/captcha_handler.go

@@ -9,6 +9,7 @@ package handler
 
 import (
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/service"
 	"geekai/utils/resp"
@@ -31,10 +32,15 @@ func NewCaptchaHandler(app *core.AppServer, s *service.CaptchaService, sysConfig
 // RegisterRoutes 注册路由
 func (h *CaptchaHandler) RegisterRoutes() {
 	group := h.App.Engine.Group("/api/captcha/")
-	group.GET("get", h.Get)
-	group.POST("check", h.Check)
-	group.GET("slide/get", h.SlideGet)
-	group.POST("slide/check", h.SlideCheck)
+
+	// 需要用户授权的接口
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.GET("get", h.Get)
+		group.POST("check", h.Check)
+		group.GET("slide/get", h.SlideGet)
+		group.POST("slide/check", h.SlideCheck)
+	}
 }
 
 func (h *CaptchaHandler) Get(c *gin.Context) {

api/handler/chat_app_type_handler.go

@@ -2,6 +2,7 @@ package handler
 
 import (
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/store/model"
 	"geekai/store/vo"
 	"geekai/utils"
@@ -21,8 +22,13 @@ func NewChatAppTypeHandler(app *core.AppServer, db *gorm.DB) *ChatAppTypeHandler
 
 // RegisterRoutes 注册路由
 func (h *ChatAppTypeHandler) RegisterRoutes() {
-	group := h.App.Engine.Group("/api/app/type")
-	group.GET("list", h.List)
+	group := h.App.Engine.Group("/api/app/type/")
+
+	// 需要用户授权的接口
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.GET("list", h.List)
+	}
 }
 
 // List 获取App类型列表

api/handler/chat_handler.go

@@ -14,6 +14,7 @@ import (
 	"errors"
 	"fmt"
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/service"
 	"geekai/service/oss"
@@ -81,16 +82,23 @@ func NewChatHandler(app *core.AppServer, db *gorm.DB, redis *redis.Client, manag
 // RegisterRoutes 注册路由
 func (h *ChatHandler) RegisterRoutes() {
 	group := h.App.Engine.Group("/api/chat/")
+
+	// 聊天接口不需要授权（已在authConfig中配置）
 	group.Any("message", h.Chat)
-	group.GET("list", h.List)
-	group.GET("detail", h.Detail)
-	group.POST("update", h.Update)
-	group.GET("remove", h.Remove)
-	group.GET("history", h.History)
-	group.GET("clear", h.Clear)
-	group.POST("tokens", h.Tokens)
-	group.GET("stop", h.StopGenerate)
-	group.POST("tts", h.TextToSpeech)
+
+	// 其他接口需要用户授权
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.GET("list", h.List)
+		group.GET("detail", h.Detail)
+		group.POST("update", h.Update)
+		group.GET("remove", h.Remove)
+		group.GET("history", h.History)
+		group.GET("clear", h.Clear)
+		group.POST("tokens", h.Tokens)
+		group.GET("stop", h.StopGenerate)
+		group.POST("tts", h.TextToSpeech)
+	}
 }
 
 // Chat 处理聊天请求

api/handler/chat_model_handler.go

@@ -9,6 +9,7 @@ package handler
 
 import (
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/store/model"
 	"geekai/store/vo"
 	"geekai/utils"
@@ -29,7 +30,12 @@ func NewChatModelHandler(app *core.AppServer, db *gorm.DB) *ChatModelHandler {
 // RegisterRoutes 注册路由
 func (h *ChatModelHandler) RegisterRoutes() {
 	group := h.App.Engine.Group("/api/model/")
-	group.GET("list", h.List)
+
+	// 需要用户授权的接口
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.GET("list", h.List)
+	}
 }
 
 // List 模型列表

api/handler/chat_role_handler.go

@@ -9,6 +9,7 @@ package handler
 
 import (
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/store/model"
 	"geekai/store/vo"
@@ -29,10 +30,15 @@ func NewChatRoleHandler(app *core.AppServer, db *gorm.DB) *ChatRoleHandler {
 
 // RegisterRoutes 注册路由
 func (h *ChatRoleHandler) RegisterRoutes() {
-	group := h.App.Engine.Group("/api/app/")
-	group.GET("list", h.List)
-	group.GET("list/user", h.ListByUser)
-	group.POST("update", h.UpdateRole)
+	group := h.App.Engine.Group("/api/role/")
+
+	// 需要用户授权的接口
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.GET("list", h.List)
+		group.GET("list/user", h.ListByUser)
+		group.POST("update", h.UpdateRole)
+	}
 }
 
 // List 获取用户聊天应用列表

api/handler/config_handler.go

@@ -9,6 +9,7 @@ package handler
 
 import (
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/service"
 	"geekai/store/model"
 	"geekai/utils"
@@ -30,8 +31,13 @@ func NewConfigHandler(app *core.AppServer, db *gorm.DB, licenseService *service.
 // RegisterRoutes 注册路由
 func (h *ConfigHandler) RegisterRoutes() {
 	group := h.App.Engine.Group("/api/config/")
-	group.GET("get", h.Get)
-	group.GET("license", h.License)
+
+	// 需要用户授权的接口
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.GET("get", h.Get)
+		group.GET("license", h.License)
+	}
 }
 
 // Get 获取指定的系统配置

api/handler/dalle_handler.go

@@ -10,6 +10,7 @@ package handler
 import (
 	"fmt"
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/service"
 	"geekai/service/dalle"
@@ -44,13 +45,20 @@ func NewDallJobHandler(app *core.AppServer, db *gorm.DB, service *dalle.Service,
 
 // RegisterRoutes 注册路由
 func (h *DallJobHandler) RegisterRoutes() {
-	group := h.App.Engine.Group("/api/dall")
-	group.POST("image", h.Image)
-	group.GET("jobs", h.JobList)
+	group := h.App.Engine.Group("/api/dall/")
+
+	// 公开接口，不需要授权
 	group.GET("imgWall", h.ImgWall)
-	group.GET("remove", h.Remove)
-	group.GET("publish", h.Publish)
 	group.GET("models", h.GetModels)
+
+	// 需要用户授权的接口
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.POST("image", h.Image)
+		group.GET("jobs", h.JobList)
+		group.GET("remove", h.Remove)
+		group.GET("publish", h.Publish)
+	}
 }
 
 // Image 创建一个绘画任务

api/handler/function_handler.go

@@ -11,6 +11,7 @@ import (
 	"errors"
 	"fmt"
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/service"
 	"geekai/service/crawler"
@@ -57,11 +58,16 @@ func NewFunctionHandler(
 // RegisterRoutes 注册路由
 func (h *FunctionHandler) RegisterRoutes() {
 	group := h.App.Engine.Group("/api/function/")
-	group.POST("weibo", h.WeiBo)
-	group.POST("zaobao", h.ZaoBao)
-	group.POST("dalle3", h.Dall3)
-	group.POST("websearch", h.WebSearch)
-	group.GET("list", h.List)
+
+	// 需要用户授权的接口
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.POST("weibo", h.WeiBo)
+		group.POST("zaobao", h.ZaoBao)
+		group.POST("dalle3", h.Dall3)
+		group.POST("websearch", h.WebSearch)
+		group.GET("list", h.List)
+	}
 }
 
 type resVo struct {

api/handler/invite_handler.go

@@ -10,6 +10,7 @@ package handler
 import (
 	"fmt"
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/store/model"
 	"geekai/store/vo"
 	"geekai/utils"
@@ -33,11 +34,18 @@ func NewInviteHandler(app *core.AppServer, db *gorm.DB) *InviteHandler {
 // RegisterRoutes 注册路由
 func (h *InviteHandler) RegisterRoutes() {
 	group := h.App.Engine.Group("/api/invite/")
-	group.GET("code", h.Code)
-	group.GET("list", h.List)
+
+	// 公开接口，不需要授权
 	group.GET("hits", h.Hits)
-	group.GET("stats", h.Stats)
-	group.GET("rules", h.Rules)
+
+	// 需要用户授权的接口
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.GET("code", h.Code)
+		group.GET("list", h.List)
+		group.GET("stats", h.Stats)
+		group.GET("rules", h.Rules)
+	}
 }
 
 // Code 获取当前用户邀请码

api/handler/jimeng_handler.go

@@ -2,8 +2,8 @@ package handler
 
 import (
 	"fmt"
-
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/service"
 	"geekai/service/jimeng"
@@ -34,12 +34,17 @@ func NewJimengHandler(app *core.AppServer, jimengService *jimeng.Service, db *go
 
 // RegisterRoutes 注册路由，新增统一任务接口
 func (h *JimengHandler) RegisterRoutes() {
-	rg := h.App.Engine.Group("/api/jimeng")
-	rg.POST("task", h.CreateTask)            // 只保留统一任务接口
-	rg.GET("power-config", h.GetPowerConfig) // 新增算力配置接口
-	rg.POST("jobs", h.Jobs)
-	rg.GET("remove", h.Remove)
-	rg.GET("retry", h.Retry)
+	group := h.App.Engine.Group("/api/jimeng/")
+
+	// 需要用户授权的接口
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.POST("task", h.CreateTask)
+		group.GET("power-config", h.GetPowerConfig)
+		group.POST("jobs", h.Jobs)
+		group.GET("remove", h.Remove)
+		group.GET("retry", h.Retry)
+	}
 }
 
 // JimengTaskRequest 统一任务请求结构体

api/handler/markmap_handler.go

@@ -10,6 +10,7 @@ package handler
 import (
 	"fmt"
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/service"
 	"geekai/store/model"
@@ -37,7 +38,13 @@ func NewMarkMapHandler(app *core.AppServer, db *gorm.DB, userService *service.Us
 
 // RegisterRoutes 注册路由
 func (h *MarkMapHandler) RegisterRoutes() {
-	h.App.Engine.POST("/api/markMap/gen", h.Generate)
+	group := h.App.Engine.Group("/api/markMap/")
+
+	// 需要用户授权的接口
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.POST("gen", h.Generate)
+	}
 }
 
 // Generate 生成思维导图

api/handler/menu_handler.go

@@ -9,10 +9,12 @@ package handler
 
 import (
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/store/model"
 	"geekai/store/vo"
 	"geekai/utils"
 	"geekai/utils/resp"
+
 	"github.com/gin-gonic/gin"
 	"gorm.io/gorm"
 )
@@ -28,7 +30,12 @@ func NewMenuHandler(app *core.AppServer, db *gorm.DB) *MenuHandler {
 // RegisterRoutes 注册路由
 func (h *MenuHandler) RegisterRoutes() {
 	group := h.App.Engine.Group("/api/menu/")
-	group.GET("list", h.List)
+
+	// 需要用户授权的接口
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.GET("list", h.List)
+	}
 }
 
 // List 数据列表

api/handler/mj_handler.go

@@ -10,6 +10,7 @@ package handler
 import (
 	"fmt"
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/service"
 	"geekai/service/mj"
@@ -49,13 +50,20 @@ func NewMidJourneyHandler(app *core.AppServer, db *gorm.DB, snowflake *service.S
 // RegisterRoutes 注册路由
 func (h *MidJourneyHandler) RegisterRoutes() {
 	group := h.App.Engine.Group("/api/mj/")
-	group.POST("image", h.Image)
-	group.POST("upscale", h.Upscale)
-	group.POST("variation", h.Variation)
-	group.GET("jobs", h.JobList)
+
+	// 公开接口，不需要授权
 	group.GET("imgWall", h.ImgWall)
-	group.GET("remove", h.Remove)
-	group.GET("publish", h.Publish)
+
+	// 需要用户授权的接口
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.POST("image", h.Image)
+		group.POST("upscale", h.Upscale)
+		group.POST("variation", h.Variation)
+		group.GET("jobs", h.JobList)
+		group.GET("remove", h.Remove)
+		group.GET("publish", h.Publish)
+	}
 }
 
 func (h *MidJourneyHandler) preCheck(c *gin.Context) bool {

api/handler/net_handler.go

@@ -9,6 +9,7 @@ package handler
 
 import (
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/service/oss"
 	"geekai/store/model"
@@ -34,9 +35,17 @@ func NewNetHandler(app *core.AppServer, db *gorm.DB, manager *oss.UploaderManage
 
 // RegisterRoutes 注册路由
 func (h *NetHandler) RegisterRoutes() {
-	h.App.Engine.POST("/api/upload", h.Upload)
-	h.App.Engine.POST("/api/upload/list", h.List)
-	h.App.Engine.GET("/api/upload/remove", h.Remove)
+	group := h.App.Engine.Group("/api/upload/")
+
+	// 需要用户授权的接口
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.POST("upload", h.Upload)
+		group.POST("list", h.List)
+		group.GET("remove", h.Remove)
+	}
+
+	// 公开接口，不需要授权
 	h.App.Engine.GET("/api/download", h.Download)
 }
 

api/handler/order_handler.go

@@ -9,6 +9,7 @@ package handler
 
 import (
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/store/model"
 	"geekai/store/vo"
@@ -31,8 +32,13 @@ func NewOrderHandler(app *core.AppServer, db *gorm.DB) *OrderHandler {
 // RegisterRoutes 注册路由
 func (h *OrderHandler) RegisterRoutes() {
 	group := h.App.Engine.Group("/api/order/")
-	group.GET("list", h.List)
-	group.GET("query", h.Query)
+
+	// 需要用户授权的接口
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.GET("list", h.List)
+		group.GET("query", h.Query)
+	}
 }
 
 // List 订单列表

api/handler/power_log_handler.go

@@ -9,6 +9,7 @@ package handler
 
 import (
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/store/model"
 	"geekai/store/vo"
@@ -31,8 +32,13 @@ func NewPowerLogHandler(app *core.AppServer, db *gorm.DB) *PowerLogHandler {
 // RegisterRoutes 注册路由
 func (h *PowerLogHandler) RegisterRoutes() {
 	group := h.App.Engine.Group("/api/powerLog/")
-	group.POST("list", h.List)
-	group.GET("stats", h.Stats)
+
+	// 需要用户授权的接口
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.POST("list", h.List)
+		group.GET("stats", h.Stats)
+	}
 }
 
 func (h *PowerLogHandler) List(c *gin.Context) {

api/handler/product_handler.go

@@ -9,10 +9,12 @@ package handler
 
 import (
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/store/model"
 	"geekai/store/vo"
 	"geekai/utils"
 	"geekai/utils/resp"
+
 	"github.com/gin-gonic/gin"
 	"gorm.io/gorm"
 )
@@ -28,7 +30,12 @@ func NewProductHandler(app *core.AppServer, db *gorm.DB) *ProductHandler {
 // RegisterRoutes 注册路由
 func (h *ProductHandler) RegisterRoutes() {
 	group := h.App.Engine.Group("/api/product/")
-	group.GET("list", h.List)
+
+	// 需要用户授权的接口
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.GET("list", h.List)
+	}
 }
 
 // List 模型列表

api/handler/prompt_handler.go

@@ -10,6 +10,7 @@ package handler
 import (
 	"fmt"
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/service"
 	"geekai/store/model"
@@ -41,11 +42,16 @@ func NewPromptHandler(app *core.AppServer, db *gorm.DB, userService *service.Use
 
 // RegisterRoutes 注册路由
 func (h *PromptHandler) RegisterRoutes() {
-	group := h.App.Engine.Group("/api/prompt")
-	group.POST("/lyric", h.Lyric)
-	group.POST("/image", h.Image)
-	group.POST("/video", h.Video)
-	group.POST("/meta", h.MetaPrompt)
+	group := h.App.Engine.Group("/api/prompt/")
+
+	// 需要用户授权的接口
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.POST("lyric", h.Lyric)
+		group.POST("image", h.Image)
+		group.POST("video", h.Video)
+		group.POST("meta", h.MetaPrompt)
+	}
 }
 
 // Lyric 生成歌词

api/handler/realtime_handler.go

@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/service"
 	"geekai/store/model"
@@ -41,8 +42,14 @@ func NewRealtimeHandler(server *core.AppServer, db *gorm.DB, userService *servic
 
 // RegisterRoutes 注册路由
 func (h *RealtimeHandler) RegisterRoutes() {
-	h.App.Engine.Any("/api/realtime", h.Connection)
-	h.App.Engine.POST("/api/realtime/voice", h.VoiceChat)
+	group := h.App.Engine.Group("/api/realtime/")
+
+	// 需要用户授权的接口
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.Any("", h.Connection)
+		group.POST("voice", h.VoiceChat)
+	}
 }
 
 func (h *RealtimeHandler) Connection(c *gin.Context) {

api/handler/redeem_handler.go

@@ -10,14 +10,16 @@ package handler
 import (
 	"fmt"
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/service"
 	"geekai/store/model"
 	"geekai/utils/resp"
-	"github.com/gin-gonic/gin"
-	"gorm.io/gorm"
 	"sync"
 	"time"
+
+	"github.com/gin-gonic/gin"
+	"gorm.io/gorm"
 )
 
 type RedeemHandler struct {
@@ -33,7 +35,12 @@ func NewRedeemHandler(app *core.AppServer, db *gorm.DB, userService *service.Use
 // RegisterRoutes 注册路由
 func (h *RedeemHandler) RegisterRoutes() {
 	group := h.App.Engine.Group("/api/redeem/")
-	group.POST("verify", h.Verify)
+
+	// 需要用户授权的接口
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.POST("verify", h.Verify)
+	}
 }
 
 func (h *RedeemHandler) Verify(c *gin.Context) {

api/handler/sd_handler.go

@@ -10,6 +10,7 @@ package handler
 import (
 	"fmt"
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/service"
 	"geekai/service/oss"
@@ -58,12 +59,19 @@ func NewSdJobHandler(app *core.AppServer,
 
 // RegisterRoutes 注册路由
 func (h *SdJobHandler) RegisterRoutes() {
-	group := h.App.Engine.Group("/api/sd")
-	group.POST("image", h.Image)
-	group.GET("jobs", h.JobList)
+	group := h.App.Engine.Group("/api/sd/")
+
+	// 公开接口，不需要授权
 	group.GET("imgWall", h.ImgWall)
-	group.GET("remove", h.Remove)
-	group.GET("publish", h.Publish)
+
+	// 需要用户授权的接口
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.POST("image", h.Image)
+		group.GET("jobs", h.JobList)
+		group.GET("remove", h.Remove)
+		group.GET("publish", h.Publish)
+	}
 }
 
 func (h *SdJobHandler) preCheck(c *gin.Context) bool {

api/handler/sms_handler.go

@@ -9,6 +9,7 @@ package handler
 
 import (
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/service"
 	"geekai/service/sms"
@@ -47,7 +48,12 @@ func NewSmsHandler(
 // RegisterRoutes 注册路由
 func (h *SmsHandler) RegisterRoutes() {
 	group := h.App.Engine.Group("/api/sms/")
-	group.POST("code", h.SendCode)
+
+	// 需要用户授权的接口
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.POST("code", h.SendCode)
+	}
 }
 
 // SendCode 发送验证码

api/handler/suno_handler.go

@@ -10,6 +10,7 @@ package handler
 import (
 	"fmt"
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/service"
 	"geekai/service/oss"
@@ -45,14 +46,21 @@ func NewSunoHandler(app *core.AppServer, db *gorm.DB, service *suno.Service, upl
 
 // RegisterRoutes 注册路由
 func (h *SunoHandler) RegisterRoutes() {
-	group := h.App.Engine.Group("/api/suno")
-	group.POST("create", h.Create)
-	group.GET("list", h.List)
-	group.GET("remove", h.Remove)
-	group.GET("publish", h.Publish)
-	group.POST("update", h.Update)
-	group.GET("detail", h.Detail)
+	group := h.App.Engine.Group("/api/suno/")
+
+	// 公开接口，不需要授权
 	group.GET("play", h.Play)
+
+	// 需要用户授权的接口
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.POST("create", h.Create)
+		group.GET("list", h.List)
+		group.GET("remove", h.Remove)
+		group.GET("publish", h.Publish)
+		group.POST("update", h.Update)
+		group.GET("detail", h.Detail)
+	}
 }
 
 func (h *SunoHandler) Create(c *gin.Context) {

api/handler/test_handler.go

@@ -2,6 +2,7 @@ package handler
 
 import (
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/service"
 	"geekai/service/payment"
 	"net/http"
@@ -23,8 +24,13 @@ func NewTestHandler(app *core.AppServer, db *gorm.DB, snowflake *service.Snowfla
 
 // RegisterRoutes 注册路由
 func (h *TestHandler) RegisterRoutes() {
-	group := h.App.Engine.Group("/api/test")
-	group.Any("sse", h.PostTest, h.SseTest)
+	group := h.App.Engine.Group("/api/test/")
+
+	// 需要用户授权的接口
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.Any("sse", h.PostTest, h.SseTest)
+	}
 }
 
 func (h *TestHandler) SseTest(c *gin.Context) {

api/handler/user_handler.go

@@ -10,6 +10,7 @@ package handler
 import (
 	"fmt"
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/service"
 	"geekai/store"
@@ -61,19 +62,26 @@ func NewUserHandler(
 // RegisterRoutes 注册路由
 func (h *UserHandler) RegisterRoutes() {
 	group := h.App.Engine.Group("/api/user/")
+
+	// 公开接口，不需要授权
 	group.POST("register", h.Register)
 	group.POST("login", h.Login)
-	group.GET("logout", h.Logout)
-	group.GET("session", h.Session)
-	group.GET("profile", h.Profile)
-	group.POST("profile/update", h.ProfileUpdate)
-	group.POST("password", h.UpdatePass)
-	group.POST("bind/mobile", h.BindMobile)
-	group.POST("bind/email", h.BindEmail)
 	group.POST("resetPass", h.ResetPass)
 	group.GET("clogin", h.CLogin)
 	group.GET("clogin/callback", h.CLoginCallback)
-	group.GET("signin", h.SignIn)
+
+	// 需要用户授权的接口
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.GET("logout", h.Logout)
+		group.GET("session", h.Session)
+		group.GET("profile", h.Profile)
+		group.POST("profile/update", h.ProfileUpdate)
+		group.POST("password", h.UpdatePass)
+		group.POST("bind/mobile", h.BindMobile)
+		group.POST("bind/email", h.BindEmail)
+		group.GET("signin", h.SignIn)
+	}
 }
 
 // Register user register

api/handler/video_handler.go

@@ -10,6 +10,7 @@ package handler
 import (
 	"fmt"
 	"geekai/core"
+	"geekai/core/middleware"
 	"geekai/core/types"
 	"geekai/service"
 	"geekai/service/oss"
@@ -45,12 +46,17 @@ func NewVideoHandler(app *core.AppServer, db *gorm.DB, service *video.Service, u
 
 // RegisterRoutes 注册路由
 func (h *VideoHandler) RegisterRoutes() {
-	group := h.App.Engine.Group("/api/video")
-	group.POST("luma/create", h.LumaCreate)
-	group.POST("keling/create", h.KeLingCreate)
-	group.GET("list", h.List)
-	group.GET("remove", h.Remove)
-	group.GET("publish", h.Publish)
+	group := h.App.Engine.Group("/api/video/")
+
+	// 需要用户授权的接口
+	group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis))
+	{
+		group.POST("luma/create", h.LumaCreate)
+		group.POST("keling/create", h.KeLingCreate)
+		group.GET("list", h.List)
+		group.GET("remove", h.Remove)
+		group.GET("publish", h.Publish)
+	}
 }
 
 func (h *VideoHandler) LumaCreate(c *gin.Context) {