limit 'LINUX DO' trust level now available

Signed-off-by: wozulong <>
2025-11-08 23:23:42 +08:00 · 2024-03-20 16:54:38 +08:00
parent 17c409de23
commit f35e63e3f3
13 changed files with 102 additions and 7 deletions
--- a/middleware/auth.go
+++ b/middleware/auth.go
@@ -15,6 +15,7 @@ func authHelper(c *gin.Context, minRole int) {
 	role := session.Get("role")
 	id := session.Get("id")
 	status := session.Get("status")
+	linuxDoEnable := session.Get("linuxdo_enable")
 	if username == nil {
 		// Check access token
 		accessToken := c.Request.Header.Get("Authorization")
@@ -33,6 +34,7 @@ func authHelper(c *gin.Context, minRole int) {
 			role = user.Role
 			id = user.Id
 			status = user.Status
+			linuxDoEnable = user.LinuxDoId == "" || user.LinuxDoLevel >= common.LinuxDoMinLevel
 		} else {
 			c.JSON(http.StatusOK, gin.H{
 				"success": false,
@@ -50,6 +52,14 @@ func authHelper(c *gin.Context, minRole int) {
 		c.Abort()
 		return
 	}
+	if nil != linuxDoEnable && !linuxDoEnable.(bool) {
+		c.JSON(http.StatusOK, gin.H{
+			"success": false,
+			"message": "用户 LINUX DO 信任等级不足",
+		})
+		c.Abort()
+		return
+	}
 	if role.(int) < minRole {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
@@ -112,6 +122,15 @@ func TokenAuth() func(c *gin.Context) {
 			abortWithOpenAiMessage(c, http.StatusForbidden, "用户已被封禁")
 			return
 		}
+		linuxDoEnabled, err := model.CacheIsLinuxDoEnabled(token.UserId)
+		if err != nil {
+			abortWithOpenAiMessage(c, http.StatusInternalServerError, err.Error())
+			return
+		}
+		if !linuxDoEnabled {
+			abortWithOpenAiMessage(c, http.StatusForbidden, "用户 LINUX DO 信任等级不足")
+			return
+		}
 		c.Set("id", token.UserId)
 		c.Set("token_id", token.Id)
 		c.Set("token_name", token.Name)