OptimusX
/
OneAuth
mirror of https://github.com/veypi/OneAuth.git
3
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
v3
v2
v1.0.0
v0.1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c0914bb802'
${ noResults }
OneAuth/auth/middleware.go

85 lines
2.2 KiB
Go
Raw Normal View History Unescape Escape

upgrade new version
1 week ago
// Copyright (C) 2024 veypi <i@veypi.com>
// 2025-03-04 16:08:06
// Distributed under terms of the MIT license.
update
1 week ago
package auth
upgrade new version
1 week ago
import (
"strings"
update
1 week ago
"github.com/veypi/vbase/cfg"
upgrade new version
1 week ago
"github.com/veypi/vbase/libs/cache"
"github.com/veypi/vbase/libs/jwt"
update
1 week ago
"github.com/veypi/vbase/models"
upgrade new version
1 week ago
"github.com/veypi/vigo"
)
update
1 week ago
// AuthMiddleware 统一认证中间件
// 1. JWT认证: 解析token验证有效性设置用户信息
// 2. 组织上下文: 如果请求包含org_id验证用户成员身份设置组织信息
func AuthMiddleware() func(*vigo.X) error {
upgrade new version
1 week ago
return func(x *vigo.X) error {
update
1 week ago
// === 1. JWT 认证部分 ===
upgrade new version
1 week ago
tokenString := extractToken(x)
if tokenString == "" {
return vigo.ErrNotAuthorized.WithString("missing token")
}
// 解析token
claims, err := jwt.ParseToken(tokenString)
if err != nil {
if err == jwt.ErrExpiredToken {
return vigo.ErrNotAuthorized.WithString("token expired")
}
return vigo.ErrNotAuthorized.WithString("invalid token")
}
// 检查token是否在黑名单中
if cache.IsEnabled() {
blacklisted, _ := cache.IsTokenBlacklisted(claims.ID)
if blacklisted {
return vigo.ErrNotAuthorized.WithString("token has been revoked")
}
}
// 将用户信息存入上下文
x.Set("user_id", claims.UserID)
x.Set("user_name", claims.Username)
x.Set("user_orgs", claims.Orgs)
x.Set("token_claims", claims)
update
1 week ago
// === 2. 组织上下文部分 ===
orgID := x.Request.Header.Get("X-Org-ID")
if orgID == "" {
orgID = x.Request.URL.Query().Get("org_id")
}
if orgID == "" {
// 没有指定组织,仅完成用户认证
return nil
}
// 验证用户是否为组织成员
var member models.OrgMember
if err := cfg.DB().Where("org_id = ? AND user_id = ? AND status = ?",
orgID, claims.UserID, models.MemberStatusActive).First(&member).Error; err != nil {
return vigo.ErrForbidden.WithString("you are not a member of this organization")
}
x.Set("org_id", orgID)
x.Set("org_roles", member.RoleIDs)
upgrade new version
1 week ago
return nil
}
}
func extractToken(x *vigo.X) string {
auth := x.Request.Header.Get("Authorization")
if auth != "" {
if len(auth) > 7 && strings.HasPrefix(auth, "Bearer ") {
return auth[7:]
}
}
return x.Request.URL.Query().Get("access_token")
}