55 lines
1.4 KiB
Go
55 lines
1.4 KiB
Go
|
package middleware
|
|||
|
|
|
|||
|
|
import (
|
|||
|
|
"context"
|
|||
|
|
"errors"
|
|||
|
|
"github.com/zeromicro/go-zero/core/logx"
|
|||
|
|
xhttp "github.com/zeromicro/x/http"
|
|||
|
|
"tianyuan-api/apps/gateway/internal/config"
|
|||
|
|
jwtx "tianyuan-api/pkg/jwt"
|
|||
|
|
"net/http"
|
|||
|
|
"time"
|
|||
|
|
)
|
|||
|
|
|
|||
|
|
type AuthInterceptorMiddleware struct {
|
|||
|
|
Config config.Config
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
func NewAuthInterceptorMiddleware(c config.Config) *AuthInterceptorMiddleware {
|
|||
|
|
return &AuthInterceptorMiddleware{
|
|||
|
|
Config: c,
|
|||
|
|
}
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
func (m *AuthInterceptorMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
|
|||
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|||
|
|
// 从 Cookie 中获取 JWT
|
|||
|
|
cookie, err := r.Cookie("Authorization")
|
|||
|
|
if err != nil {
|
|||
|
|
xhttp.JsonBaseResponseCtx(r.Context(), w, errors.New("用户未登录"))
|
|||
|
|
return
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
tokenStr := cookie.Value
|
|||
|
|
// 验证并解析 JWT
|
|||
|
|
userId, err := jwtx.ParseJwtToken(tokenStr, m.Config.AuthJWT.AccessSecret)
|
|||
|
|
if err != nil {
|
|||
|
|
// 设置过期的 Cookie 来删除无效的 Token
|
|||
|
|
http.SetCookie(w, &http.Cookie{
|
|||
|
|
Name: "Authorization",
|
|||
|
|
Value: "",
|
|||
|
|
Path: "/",
|
|||
|
|
HttpOnly: true,
|
|||
|
|
Expires: time.Unix(0, 0), // 过期时间设置为过去
|
|||
|
|
})
|
|||
|
|
logx.Error("Invalid JWT: ", err)
|
|||
|
|
xhttp.JsonBaseResponseCtx(r.Context(), w, errors.New("未经授权的访问"))
|
|||
|
|
return
|
|||
|
|
}
|
|||
|
|
|
|||
|
|
// 将 userId 存入 context,供后续逻辑使用
|
|||
|
|
ctx := context.WithValue(r.Context(), "userId", userId)
|
|||
|
|
next(w, r.WithContext(ctx))
|
|||
|
|
}
|
|||
|
|
}
|