70 lines
1.8 KiB
Go
70 lines
1.8 KiB
Go
package middleware
|
||
|
||
import (
|
||
"net/http"
|
||
"strings"
|
||
|
||
"tydata-server/app/main/api/internal/config"
|
||
"tydata-server/app/main/model"
|
||
jwtx "tydata-server/common/jwt"
|
||
"tydata-server/common/result"
|
||
"tydata-server/common/xerr"
|
||
|
||
"github.com/zeromicro/go-zero/rest/httpx"
|
||
)
|
||
|
||
// UserDisableCheckMiddleware 全局中间件:若当前用户已被封禁(disable=1),则拒绝请求并返回封禁原因
|
||
type UserDisableCheckMiddleware struct {
|
||
Config config.Config
|
||
UserModel model.UserModel
|
||
}
|
||
|
||
// NewUserDisableCheckMiddleware 创建封禁检查中间件
|
||
func NewUserDisableCheckMiddleware(c config.Config, userModel model.UserModel) *UserDisableCheckMiddleware {
|
||
return &UserDisableCheckMiddleware{
|
||
Config: c,
|
||
UserModel: userModel,
|
||
}
|
||
}
|
||
|
||
// Handle 仅对携带用户 JWT 的请求做封禁校验;无 token 或 admin token 直接放行
|
||
func (m *UserDisableCheckMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
|
||
return func(w http.ResponseWriter, r *http.Request) {
|
||
authHeader := r.Header.Get("Authorization")
|
||
if authHeader == "" {
|
||
next(w, r)
|
||
return
|
||
}
|
||
|
||
token := strings.TrimPrefix(authHeader, "Bearer ")
|
||
if token == authHeader {
|
||
next(w, r)
|
||
return
|
||
}
|
||
|
||
// 仅使用用户端 JWT 密钥解析;管理员 token 会解析失败,直接放行由后续中间件处理
|
||
claims, err := jwtx.ParseJwtToken(token, m.Config.JwtAuth.AccessSecret)
|
||
if err != nil {
|
||
next(w, r)
|
||
return
|
||
}
|
||
|
||
// 查封禁状态不走缓存,封禁后立即生效,已登录用户下次请求即被拒绝
|
||
disable, err := m.UserModel.FindDisableByUserId(r.Context(), claims.UserId)
|
||
if err != nil {
|
||
next(w, r)
|
||
return
|
||
}
|
||
|
||
// disable: 0 可用,1 封禁
|
||
if disable == 1 {
|
||
errcode := xerr.USER_DISABLED
|
||
errmsg := xerr.MapErrMsg(errcode)
|
||
httpx.WriteJson(w, http.StatusForbidden, result.Error(errcode, errmsg))
|
||
return
|
||
}
|
||
|
||
next(w, r)
|
||
}
|
||
}
|