trace-system/backend-go
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
backend-go/middleware/auth.go
ZHENG XIAOYI e01cdc9889 Initial commit
2026-02-12 14:31:30 +08:00

113 lines
2.6 KiB
Go
Raw Permalink Blame History

package middleware
import (
"errors"
"net/http"
"strings"
"time"
"git.beifan.cn/trace-system/backend-go/config"
"git.beifan.cn/trace-system/backend-go/database"
"git.beifan.cn/trace-system/backend-go/models"
"github.com/gin-gonic/gin"
"github.com/golang-jwt/jwt/v5"
)
// JWTAuthMiddleware JWT 认证中间件
func JWTAuthMiddleware() gin.HandlerFunc {
return func(c *gin.Context) {
authHeader := c.GetHeader("Authorization")
if authHeader == "" {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
"message": "缺少授权头部",
})
return
}
parts := strings.SplitN(authHeader, " ", 2)
if !(len(parts) == 2 && parts[0] == "Bearer") {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
"message": "授权头部格式错误",
})
return
}
tokenStr := parts[1]
// 解析 JWT token
token, err := jwt.Parse(tokenStr, func(token *jwt.Token) (interface{}, error) {
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, errors.New("不支持的签名方法")
}
cfg := config.GetAppConfig()
return []byte(cfg.JWT.Secret), nil
})
if err != nil || !token.Valid {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
"message": "无效的访问令牌",
})
return
}
// 验证 claims
if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {
// 检查过期时间
if exp, ok := claims["exp"].(float64); ok {
if time.Now().Unix() > int64(exp) {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
"message": "令牌已过期",
})
return
}
}
// 获取用户 ID
if userId, ok := claims["userId"].(float64); ok {
// 验证用户是否存在
var user models.User
result := database.DB.First(&user, uint(userId))
if result.Error != nil {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
"message": "用户不存在",
})
return
}
// 将用户信息存储到上下文
c.Set("user", user)
} else {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
"message": "令牌无效",
})
return
}
}
c.Next()
}
}
// AdminMiddleware 管理员权限中间件
func AdminMiddleware() gin.HandlerFunc {
return func(c *gin.Context) {
user, exists := c.Get("user")
if !exists {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
"message": "未认证",
})
return
}
userModel := user.(models.User)
if userModel.Role != "admin" {
c.AbortWithStatusJSON(http.StatusForbidden, gin.H{
"message": "无权限访问此资源",
})
return
}
c.Next()
}
}
Reference in New Issue View Git Blame Copy Permalink