f

2026-02-04 15:18:37 +08:00
parent e44793c89e
commit 39c51aa4a2
6 changed files with 86 additions and 16 deletions
--- a/app/main/api/internal/middleware/authinterceptormiddleware.go
+++ b/app/main/api/internal/middleware/authinterceptormiddleware.go
@@ -2,14 +2,19 @@ package middleware

 import (
 	"context"
+	"fmt"
 	"net/http"
+	"strconv"

 	"xingfucha-server/app/main/api/internal/config"
+	"xingfucha-server/app/main/api/internal/types"
 	"xingfucha-server/app/main/model"
 	jwtx "xingfucha-server/common/jwt"
+	"xingfucha-server/common/result"
 	"xingfucha-server/common/xerr"

 	"github.com/pkg/errors"
+	"github.com/redis/go-redis/v9"
 	"github.com/zeromicro/go-zero/rest/httpx"
 )

@@ -21,12 +26,14 @@ const (
 type AuthInterceptorMiddleware struct {
 	Config    config.Config
 	UserModel model.UserModel
+	Redis     RedisStore
 }

-func NewAuthInterceptorMiddleware(c config.Config, userModel model.UserModel) *AuthInterceptorMiddleware {
+func NewAuthInterceptorMiddleware(c config.Config, userModel model.UserModel, redisStore RedisStore) *AuthInterceptorMiddleware {
 	return &AuthInterceptorMiddleware{
 		Config:    c,
 		UserModel: userModel,
+		Redis:     redisStore,
 	}
 }

@@ -49,11 +56,15 @@ func (m *AuthInterceptorMiddleware) Handle(next http.HandlerFunc) http.HandlerFu
 			return
 		}

-		// 携带token的请求：校验用户是否被封禁（保证封禁即时生效）
-		if m.UserModel != nil && claims.UserId > 0 {
-			user, err := m.UserModel.FindOne(r.Context(), claims.UserId)
-			if err == nil && user.Disable == model.UserDisableBanned {
-				httpx.Error(w, xerr.NewErrCode(xerr.USER_DISABLED))
+		// 携带 token 的请求：先查 Redis 封禁缓存，未命中再查库，减少轮询
+		if m.UserModel != nil && m.Redis != nil && claims.UserId > 0 {
+			disabled, err := m.isUserDisabled(r.Context(), w, claims.UserId)
+			if err != nil {
+				return
+			}
+			if disabled {
+				msg := xerr.MapErrMsg(xerr.USER_DISABLED)
+				httpx.WriteJson(w, http.StatusOK, result.Error(xerr.USER_DISABLED, msg))
 				return
 			}
 		}
@@ -64,3 +75,21 @@ func (m *AuthInterceptorMiddleware) Handle(next http.HandlerFunc) http.HandlerFu
 		next(w, r.WithContext(ctx))
 	}
 }
+
+// isUserDisabled 先查 Redis 封禁缓存，未命中再查 DB 并回写缓存
+func (m *AuthInterceptorMiddleware) isUserDisabled(ctx context.Context, w http.ResponseWriter, userID int64) (bool, error) {
+	key := fmt.Sprintf(types.UserDisableCacheKey, userID)
+	val, err := m.Redis.Get(key)
+	if err == nil {
+		return val == "1", nil
+	}
+	if err != redis.Nil {
+		// Redis 异常时降级为查库
+	}
+	user, err := m.UserModel.FindOne(ctx, userID)
+	if err != nil {
+		return false, nil // 用户不存在时放行，由业务层处理
+	}
+	_ = m.Redis.Setex(key, strconv.FormatInt(user.Disable, 10), types.UserDisableCacheTTL)
+	return user.Disable == model.UserDisableBanned, nil
+}