采用中间件授权的方式

2026-04-24 12:04:31 +08:00 · 2025-08-26 10:45:57 +08:00
parent fb76e24c51
commit 728de61bd6
43 changed files with 527 additions and 484 deletions
--- a/api/core/middleware/auth.go
+++ b/api/core/middleware/auth.go
@@ -0,0 +1,108 @@
+package middleware
+
+import (
+	"context"
+	"fmt"
+	"geekai/core/types"
+	"geekai/utils"
+	"geekai/utils/resp"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"github.com/go-redis/redis/v8"
+	"github.com/golang-jwt/jwt"
+)
+
+// 前端用户授权验证
+func UserAuthMiddleware(secretKey string, redis *redis.Client) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		tokenString := c.GetHeader(types.UserAuthHeader)
+		if tokenString == "" {
+			resp.NotAuth(c, "无效的授权令牌")
+			c.Abort()
+			return
+		}
+
+		token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
+			if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+				return nil, fmt.Errorf("不支持的令牌签名方法: %v", token.Header["alg"])
+			}
+			return []byte(secretKey), nil
+		})
+
+		if err != nil {
+			resp.NotAuth(c, fmt.Sprintf("解析授权令牌失败: %v", err))
+			c.Abort()
+			return
+		}
+
+		claims, ok := token.Claims.(jwt.MapClaims)
+		if !ok || !token.Valid {
+			resp.NotAuth(c, "令牌无效")
+			c.Abort()
+			return
+		}
+
+		expr := utils.IntValue(utils.InterfaceToString(claims["expired"]), 0)
+		if expr > 0 && int64(expr) < time.Now().Unix() {
+			resp.NotAuth(c, "令牌过期")
+			c.Abort()
+			return
+		}
+
+		key := fmt.Sprintf("users/%v", claims["user_id"])
+		if _, err := redis.Get(context.Background(), key).Result(); err != nil {
+			resp.NotAuth(c, "当前用户已退出登录")
+			c.Abort()
+			return
+		}
+		c.Set(types.LoginUserID, claims["user_id"])
+	}
+}
+
+// 管理后台用户授权验证
+func AdminAuthMiddleware(secretKey string, redis *redis.Client) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		tokenString := c.GetHeader(types.AdminAuthHeader)
+		if tokenString == "" {
+			resp.NotAuth(c, "无效的授权令牌")
+			c.Abort()
+			return
+		}
+
+		token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
+			if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
+				return nil, fmt.Errorf("不支持的令牌签名方法: %v", token.Header["alg"])
+			}
+			return []byte(secretKey), nil
+		})
+
+		if err != nil {
+			resp.NotAuth(c, fmt.Sprintf("解析授权令牌失败: %v", err))
+			c.Abort()
+			return
+		}
+
+		claims, ok := token.Claims.(jwt.MapClaims)
+		if !ok || !token.Valid {
+			resp.NotAuth(c, "令牌无效")
+			c.Abort()
+			return
+		}
+
+		expr := utils.IntValue(utils.InterfaceToString(claims["expired"]), 0)
+		if expr > 0 && int64(expr) < time.Now().Unix() {
+			resp.NotAuth(c, "令牌过期")
+			c.Abort()
+			return
+		}
+
+		key := fmt.Sprintf("admin/%v", claims["user_id"])
+		if _, err := redis.Get(context.Background(), key).Result(); err != nil {
+			resp.NotAuth(c, "当前用户已退出登录")
+			c.Abort()
+			return
+		}
+		c.Set(types.AdminUserID, claims["user_id"])
+	}
+}