104 lines
2.4 KiB
Go
104 lines
2.4 KiB
Go
package middleware
|
||
|
||
import (
|
||
"dd_fiber_api/internal/admin_auth"
|
||
"dd_fiber_api/internal/admin_auth/service"
|
||
"strings"
|
||
|
||
"github.com/gofiber/fiber/v2"
|
||
)
|
||
|
||
// AuthMiddleware 认证中间件
|
||
func AuthMiddleware(authService *service.AuthService) fiber.Handler {
|
||
return func(c *fiber.Ctx) error {
|
||
// 获取Authorization header
|
||
authHeader := c.Get("Authorization")
|
||
if authHeader == "" {
|
||
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
|
||
"success": false,
|
||
"message": "未授权,请先登录",
|
||
})
|
||
}
|
||
|
||
// 解析Bearer token
|
||
parts := strings.Split(authHeader, " ")
|
||
if len(parts) != 2 || parts[0] != "Bearer" {
|
||
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
|
||
"success": false,
|
||
"message": "token格式错误",
|
||
})
|
||
}
|
||
|
||
tokenString := parts[1]
|
||
|
||
// 验证token
|
||
claims, err := authService.VerifyToken(tokenString)
|
||
if err != nil {
|
||
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
|
||
"success": false,
|
||
"message": "token无效或已过期",
|
||
})
|
||
}
|
||
|
||
// 将claims存储到locals中,供后续使用
|
||
c.Locals("claims", claims)
|
||
c.Locals("user_id", claims.UserID)
|
||
c.Locals("username", claims.Username)
|
||
c.Locals("phone", claims.Phone)
|
||
c.Locals("is_super_admin", claims.IsSuperAdmin)
|
||
|
||
return c.Next()
|
||
}
|
||
}
|
||
|
||
// PermissionMiddleware 权限中间件
|
||
func PermissionMiddleware(permissionCode string) fiber.Handler {
|
||
return func(c *fiber.Ctx) error {
|
||
claims, ok := c.Locals("claims").(*admin_auth.JWTClaims)
|
||
if !ok {
|
||
return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
|
||
"success": false,
|
||
"message": "未授权",
|
||
})
|
||
}
|
||
|
||
// 超级管理员拥有所有权限
|
||
if claims.IsSuperAdmin {
|
||
return c.Next()
|
||
}
|
||
|
||
// 检查是否有指定权限
|
||
hasPermission := false
|
||
for _, perm := range claims.Permissions {
|
||
if perm == permissionCode {
|
||
hasPermission = true
|
||
break
|
||
}
|
||
}
|
||
|
||
if !hasPermission {
|
||
return c.Status(fiber.StatusForbidden).JSON(fiber.Map{
|
||
"success": false,
|
||
"message": "没有权限访问",
|
||
})
|
||
}
|
||
|
||
return c.Next()
|
||
}
|
||
}
|
||
|
||
// SuperAdminMiddleware 超级管理员中间件
|
||
func SuperAdminMiddleware() fiber.Handler {
|
||
return func(c *fiber.Ctx) error {
|
||
isSuperAdmin, ok := c.Locals("is_super_admin").(bool)
|
||
if !ok || !isSuperAdmin {
|
||
return c.Status(fiber.StatusForbidden).JSON(fiber.Map{
|
||
"success": false,
|
||
"message": "需要超级管理员权限",
|
||
})
|
||
}
|
||
|
||
return c.Next()
|
||
}
|
||
}
|