f

app/main/api/internal/middleware/authinterceptormiddleware.go

@@ -5,6 +5,7 @@ import (
 	"net/http"
 
 	"xingfucha-server/app/main/api/internal/config"
+	"xingfucha-server/app/main/model"
 	jwtx "xingfucha-server/common/jwt"
 	"xingfucha-server/common/xerr"
 
@@ -18,12 +19,14 @@ const (
 )
 
 type AuthInterceptorMiddleware struct {
-	Config config.Config
+	Config    config.Config
+	UserModel model.UserModel
 }
 
-func NewAuthInterceptorMiddleware(c config.Config) *AuthInterceptorMiddleware {
+func NewAuthInterceptorMiddleware(c config.Config, userModel model.UserModel) *AuthInterceptorMiddleware {
 	return &AuthInterceptorMiddleware{
-		Config: c,
+		Config:    c,
+		UserModel: userModel,
 	}
 }
 
@@ -46,6 +49,15 @@ func (m *AuthInterceptorMiddleware) Handle(next http.HandlerFunc) http.HandlerFu
 			return
 		}
 
+		// 携带token的请求：校验用户是否被封禁（保证封禁即时生效）
+		if m.UserModel != nil && claims.UserId > 0 {
+			user, err := m.UserModel.FindOne(r.Context(), claims.UserId)
+			if err == nil && user.Disable == model.UserDisableBanned {
+				httpx.Error(w, xerr.NewErrCode(xerr.USER_DISABLED))
+				return
+			}
+		}
+
 		ctx := context.WithValue(r.Context(), jwtx.ExtraKey, claims)
 
 		// 使用新的上下文继续处理请求