|
|
|
|
// Copyright (C) 2024 veypi <i@veypi.com>
|
|
|
|
|
// 2025-03-04 16:08:06
|
|
|
|
|
// Distributed under terms of the MIT license.
|
|
|
|
|
|
|
|
|
|
package auth
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"strings"
|
|
|
|
|
|
|
|
|
|
"github.com/veypi/vbase/libs/cache"
|
|
|
|
|
"github.com/veypi/vbase/libs/jwt"
|
|
|
|
|
"github.com/veypi/vigo"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// AuthMiddleware 统一认证中间件
|
|
|
|
|
// 仅处理 JWT 认证,设置 CtxKeyUserID
|
|
|
|
|
// 组织信息的加载需按需调用 Auth.LoadOrg(x)
|
|
|
|
|
func AuthMiddleware() func(*vigo.X) error {
|
|
|
|
|
return func(x *vigo.X) error {
|
|
|
|
|
// === 1. JWT 认证部分 ===
|
|
|
|
|
tokenString := extractToken(x)
|
|
|
|
|
if tokenString == "" {
|
|
|
|
|
return vigo.ErrUnauthorized.WithString("missing token")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 解析token
|
|
|
|
|
claims, err := jwt.ParseToken(tokenString)
|
|
|
|
|
if err != nil {
|
|
|
|
|
if err == jwt.ErrExpiredToken {
|
|
|
|
|
return vigo.ErrTokenExpired
|
|
|
|
|
}
|
|
|
|
|
return vigo.ErrTokenInvalid
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 检查token是否在黑名单中
|
|
|
|
|
if cache.IsEnabled() {
|
|
|
|
|
blacklisted, _ := cache.IsTokenBlacklisted(claims.ID)
|
|
|
|
|
if blacklisted {
|
|
|
|
|
return vigo.ErrUnauthorized.WithString("token has been revoked")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 将用户信息存入上下文
|
|
|
|
|
x.Set(CtxKeyUserID, claims.UserID)
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func extractToken(x *vigo.X) string {
|
|
|
|
|
auth := x.Request.Header.Get("Authorization")
|
|
|
|
|
if auth != "" {
|
|
|
|
|
if len(auth) > 7 && strings.HasPrefix(auth, "Bearer ") {
|
|
|
|
|
return auth[7:]
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return x.Request.URL.Query().Get("access_token")
|
|
|
|
|
}
|
