package middleware import ( "dd_fiber_api/internal/admin_auth" "dd_fiber_api/internal/admin_auth/service" "strings" "github.com/gofiber/fiber/v2" ) // AuthMiddleware 认证中间件 func AuthMiddleware(authService *service.AuthService) fiber.Handler { return func(c *fiber.Ctx) error { // 获取Authorization header authHeader := c.Get("Authorization") if authHeader == "" { return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{ "success": false, "message": "未授权,请先登录", }) } // 解析Bearer token parts := strings.Split(authHeader, " ") if len(parts) != 2 || parts[0] != "Bearer" { return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{ "success": false, "message": "token格式错误", }) } tokenString := parts[1] // 验证token claims, err := authService.VerifyToken(tokenString) if err != nil { return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{ "success": false, "message": "token无效或已过期", }) } // 将claims存储到locals中,供后续使用 c.Locals("claims", claims) c.Locals("user_id", claims.UserID) c.Locals("username", claims.Username) c.Locals("phone", claims.Phone) c.Locals("is_super_admin", claims.IsSuperAdmin) return c.Next() } } // PermissionMiddleware 权限中间件 func PermissionMiddleware(permissionCode string) fiber.Handler { return func(c *fiber.Ctx) error { claims, ok := c.Locals("claims").(*admin_auth.JWTClaims) if !ok { return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{ "success": false, "message": "未授权", }) } // 超级管理员拥有所有权限 if claims.IsSuperAdmin { return c.Next() } // 检查是否有指定权限 hasPermission := false for _, perm := range claims.Permissions { if perm == permissionCode { hasPermission = true break } } if !hasPermission { return c.Status(fiber.StatusForbidden).JSON(fiber.Map{ "success": false, "message": "没有权限访问", }) } return c.Next() } } // SuperAdminMiddleware 超级管理员中间件 func SuperAdminMiddleware() fiber.Handler { return func(c *fiber.Ctx) error { isSuperAdmin, ok := c.Locals("is_super_admin").(bool) if !ok || !isSuperAdmin { return c.Status(fiber.StatusForbidden).JSON(fiber.Map{ "success": false, "message": "需要超级管理员权限", }) } return c.Next() } }