2026-01-30 15:56:38 +08:00
|
|
|
|
package middleware
|
|
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
|
"context"
|
2026-02-04 15:18:37 +08:00
|
|
|
|
"fmt"
|
2026-01-30 15:56:38 +08:00
|
|
|
|
"net/http"
|
2026-02-04 15:18:37 +08:00
|
|
|
|
"strconv"
|
2026-01-30 15:56:38 +08:00
|
|
|
|
|
|
|
|
|
|
"xingfucha-server/app/main/api/internal/config"
|
2026-02-04 15:18:37 +08:00
|
|
|
|
"xingfucha-server/app/main/api/internal/types"
|
2026-02-02 13:15:13 +08:00
|
|
|
|
"xingfucha-server/app/main/model"
|
2026-01-30 15:56:38 +08:00
|
|
|
|
jwtx "xingfucha-server/common/jwt"
|
2026-02-04 15:18:37 +08:00
|
|
|
|
"xingfucha-server/common/result"
|
2026-01-30 15:56:38 +08:00
|
|
|
|
"xingfucha-server/common/xerr"
|
|
|
|
|
|
|
|
|
|
|
|
"github.com/pkg/errors"
|
2026-02-04 15:18:37 +08:00
|
|
|
|
"github.com/redis/go-redis/v9"
|
2026-01-30 15:56:38 +08:00
|
|
|
|
"github.com/zeromicro/go-zero/rest/httpx"
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
|
// 定义错误码
|
|
|
|
|
|
ErrCodeUnauthorized = 401
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
type AuthInterceptorMiddleware struct {
|
2026-02-02 13:15:13 +08:00
|
|
|
|
Config config.Config
|
|
|
|
|
|
UserModel model.UserModel
|
2026-02-04 15:18:37 +08:00
|
|
|
|
Redis RedisStore
|
2026-01-30 15:56:38 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
2026-02-04 15:18:37 +08:00
|
|
|
|
func NewAuthInterceptorMiddleware(c config.Config, userModel model.UserModel, redisStore RedisStore) *AuthInterceptorMiddleware {
|
2026-01-30 15:56:38 +08:00
|
|
|
|
return &AuthInterceptorMiddleware{
|
2026-02-02 13:15:13 +08:00
|
|
|
|
Config: c,
|
|
|
|
|
|
UserModel: userModel,
|
2026-02-04 15:18:37 +08:00
|
|
|
|
Redis: redisStore,
|
2026-01-30 15:56:38 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func (m *AuthInterceptorMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
|
|
|
|
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
|
// 从请求头中获取Authorization字段
|
|
|
|
|
|
authHeader := r.Header.Get("Authorization")
|
|
|
|
|
|
|
|
|
|
|
|
// 如果没有Authorization头,直接放行
|
|
|
|
|
|
if authHeader == "" {
|
|
|
|
|
|
next(w, r)
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 解析JWT令牌
|
|
|
|
|
|
claims, err := jwtx.ParseJwtToken(authHeader, m.Config.JwtAuth.AccessSecret)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
// JWT解析失败,返回401错误
|
|
|
|
|
|
httpx.Error(w, errors.Wrapf(xerr.NewErrCode(ErrCodeUnauthorized), "token解析失败: %v", err))
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2026-02-04 15:18:37 +08:00
|
|
|
|
// 携带 token 的请求:先查 Redis 封禁缓存,未命中再查库,减少轮询
|
|
|
|
|
|
if m.UserModel != nil && m.Redis != nil && claims.UserId > 0 {
|
|
|
|
|
|
disabled, err := m.isUserDisabled(r.Context(), w, claims.UserId)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
if disabled {
|
|
|
|
|
|
msg := xerr.MapErrMsg(xerr.USER_DISABLED)
|
|
|
|
|
|
httpx.WriteJson(w, http.StatusOK, result.Error(xerr.USER_DISABLED, msg))
|
2026-02-02 13:15:13 +08:00
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2026-01-30 15:56:38 +08:00
|
|
|
|
ctx := context.WithValue(r.Context(), jwtx.ExtraKey, claims)
|
|
|
|
|
|
|
|
|
|
|
|
// 使用新的上下文继续处理请求
|
|
|
|
|
|
next(w, r.WithContext(ctx))
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2026-02-04 15:18:37 +08:00
|
|
|
|
|
|
|
|
|
|
// isUserDisabled 先查 Redis 封禁缓存,未命中再查 DB 并回写缓存
|
|
|
|
|
|
func (m *AuthInterceptorMiddleware) isUserDisabled(ctx context.Context, w http.ResponseWriter, userID int64) (bool, error) {
|
|
|
|
|
|
key := fmt.Sprintf(types.UserDisableCacheKey, userID)
|
|
|
|
|
|
val, err := m.Redis.Get(key)
|
|
|
|
|
|
if err == nil {
|
|
|
|
|
|
return val == "1", nil
|
|
|
|
|
|
}
|
|
|
|
|
|
if err != redis.Nil {
|
|
|
|
|
|
// Redis 异常时降级为查库
|
|
|
|
|
|
}
|
|
|
|
|
|
user, err := m.UserModel.FindOne(ctx, userID)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return false, nil // 用户不存在时放行,由业务层处理
|
|
|
|
|
|
}
|
|
|
|
|
|
_ = m.Redis.Setex(key, strconv.FormatInt(user.Disable, 10), types.UserDisableCacheTTL)
|
|
|
|
|
|
return user.Disable == model.UserDisableBanned, nil
|
|
|
|
|
|
}
|
