fix: error user role

2025-11-10 08:03:41 +08:00 · 2024-09-24 17:48:09 +08:00
parent 50eab6b4e4
commit 221894d972
5 changed files with 46 additions and 12 deletions
--- a/middleware/auth.go
+++ b/middleware/auth.go
@@ -10,6 +10,17 @@ import (
 	"strings"
 )

+func validUserInfo(username string, role int) bool {
+	// check username is empty
+	if strings.TrimSpace(username) == "" {
+		return false
+	}
+	if !common.IsValidateRole(role) {
+		return false
+	}
+	return true
+}
+
 func authHelper(c *gin.Context, minRole int) {
 	session := sessions.Default(c)
 	username := session.Get("username")
@@ -30,6 +41,14 @@ func authHelper(c *gin.Context, minRole int) {
 		}
 		user := model.ValidateAccessToken(accessToken)
 		if user != nil && user.Username != "" {
+			if !validUserInfo(user.Username, user.Role) {
+				c.JSON(http.StatusOK, gin.H{
+					"success": false,
+					"message": "无权进行此操作，用户信息无效",
+				})
+				c.Abort()
+				return
+			}
 			// Token is valid
 			username = user.Username
 			role = user.Role
@@ -91,6 +110,14 @@ func authHelper(c *gin.Context, minRole int) {
 		c.Abort()
 		return
 	}
+	if !validUserInfo(username.(string), role.(int)) {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": "无权进行此操作，用户信息无效",
+		})
+		c.Abort()
+		return
+	}
 	c.Set("username", username)
 	c.Set("role", role)
 	c.Set("id", id)