2025-10-30 16:35:54 +08:00
|
|
|
|
// Package middleware 存放中间件
|
2025-09-27 23:17:23 +08:00
|
|
|
|
package middleware
|
|
|
|
|
|
|
|
|
|
|
|
import (
|
2025-11-05 18:38:41 +08:00
|
|
|
|
"context"
|
2025-10-30 16:35:54 +08:00
|
|
|
|
"errors"
|
2025-09-27 23:17:23 +08:00
|
|
|
|
"net/http"
|
|
|
|
|
|
"strings"
|
|
|
|
|
|
|
2025-10-30 16:35:54 +08:00
|
|
|
|
"git.huangwc.com/pig/pig-farm-controller/internal/app/controller"
|
2025-10-02 00:18:13 +08:00
|
|
|
|
"git.huangwc.com/pig/pig-farm-controller/internal/domain/token"
|
2025-11-05 18:38:41 +08:00
|
|
|
|
"git.huangwc.com/pig/pig-farm-controller/internal/infra/logs"
|
2025-09-28 01:10:04 +08:00
|
|
|
|
"git.huangwc.com/pig/pig-farm-controller/internal/infra/models"
|
2025-09-28 00:13:47 +08:00
|
|
|
|
"git.huangwc.com/pig/pig-farm-controller/internal/infra/repository"
|
2025-11-05 19:57:30 +08:00
|
|
|
|
|
2025-10-30 16:35:54 +08:00
|
|
|
|
"github.com/labstack/echo/v4"
|
2025-09-28 00:13:47 +08:00
|
|
|
|
"gorm.io/gorm"
|
2025-09-27 23:17:23 +08:00
|
|
|
|
)
|
|
|
|
|
|
|
2025-10-30 16:35:54 +08:00
|
|
|
|
// AuthMiddleware 创建一个Echo中间件,用于JWT身份验证
|
2025-09-28 00:13:47 +08:00
|
|
|
|
// 它依赖于 TokenService 来解析和验证 token,并使用 UserRepository 来获取完整的用户信息
|
2025-11-05 18:38:41 +08:00
|
|
|
|
func AuthMiddleware(ctx context.Context, tokenService token.Service, userRepo repository.UserRepository) echo.MiddlewareFunc {
|
2025-10-30 16:35:54 +08:00
|
|
|
|
return func(next echo.HandlerFunc) echo.HandlerFunc {
|
|
|
|
|
|
return func(c echo.Context) error {
|
2025-11-05 18:38:41 +08:00
|
|
|
|
reqCtx := logs.AddFuncName(ctx, c.Request().Context(), "AuthMiddleware")
|
|
|
|
|
|
|
2025-10-30 16:35:54 +08:00
|
|
|
|
// 从 Authorization header 获取 token
|
|
|
|
|
|
authHeader := c.Request().Header.Get("Authorization")
|
|
|
|
|
|
if authHeader == "" {
|
|
|
|
|
|
return controller.SendErrorWithStatus(c, http.StatusUnauthorized, controller.CodeUnauthorized, "请求未包含授权标头")
|
|
|
|
|
|
}
|
2025-09-27 23:17:23 +08:00
|
|
|
|
|
2025-10-30 16:35:54 +08:00
|
|
|
|
// 授权标头的格式应为 "Bearer <token>"
|
|
|
|
|
|
parts := strings.Split(authHeader, " ")
|
|
|
|
|
|
if len(parts) != 2 || strings.ToLower(parts[0]) != "bearer" {
|
|
|
|
|
|
return controller.SendErrorWithStatus(c, http.StatusUnauthorized, controller.CodeUnauthorized, "授权标头格式不正确")
|
|
|
|
|
|
}
|
2025-09-27 23:17:23 +08:00
|
|
|
|
|
2025-10-30 16:35:54 +08:00
|
|
|
|
tokenString := parts[1]
|
2025-09-27 23:17:23 +08:00
|
|
|
|
|
2025-10-30 16:35:54 +08:00
|
|
|
|
// 解析和验证 token
|
|
|
|
|
|
claims, err := tokenService.ParseToken(tokenString)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return controller.SendErrorWithStatus(c, http.StatusUnauthorized, controller.CodeUnauthorized, "无效的Token")
|
|
|
|
|
|
}
|
2025-09-27 23:17:23 +08:00
|
|
|
|
|
2025-10-30 16:35:54 +08:00
|
|
|
|
// 根据 token 中的用户ID,从数据库中获取完整的用户信息
|
2025-11-05 18:38:41 +08:00
|
|
|
|
user, err := userRepo.FindByID(reqCtx, claims.UserID)
|
2025-10-30 16:35:54 +08:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
if errors.Is(err, gorm.ErrRecordNotFound) {
|
|
|
|
|
|
// Token有效,但对应的用户已不存在
|
|
|
|
|
|
return controller.SendErrorWithStatus(c, http.StatusUnauthorized, controller.CodeUnauthorized, "授权用户不存在")
|
|
|
|
|
|
}
|
|
|
|
|
|
// 其他数据库查询错误
|
|
|
|
|
|
return controller.SendErrorWithStatus(c, http.StatusInternalServerError, controller.CodeInternalError, "获取用户信息失败")
|
2025-09-28 00:13:47 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2025-10-30 16:35:54 +08:00
|
|
|
|
// 将完整的用户对象存储在 context 中,以便后续的处理函数使用
|
|
|
|
|
|
c.Set(models.ContextUserKey.String(), user)
|
2025-09-27 23:17:23 +08:00
|
|
|
|
|
2025-10-30 16:35:54 +08:00
|
|
|
|
// 继续处理请求链中的下一个处理程序
|
|
|
|
|
|
return next(c)
|
|
|
|
|
|
}
|
2025-09-27 23:17:23 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
