f

2026-02-02 13:15:13 +08:00
parent e30a5d3342
commit e44793c89e
15 changed files with 97 additions and 39 deletions
--- a/app/main/api/internal/middleware/userauthinterceptormiddleware.go
+++ b/app/main/api/internal/middleware/userauthinterceptormiddleware.go
@@ -1,20 +1,22 @@
 package middleware

 import (
+	"net/http"
+
 	"xingfucha-server/app/main/model"
 	"xingfucha-server/common/ctxdata"
 	"xingfucha-server/common/xerr"
-	"net/http"

 	"github.com/pkg/errors"
 	"github.com/zeromicro/go-zero/rest/httpx"
 )

 type UserAuthInterceptorMiddleware struct {
+	UserModel model.UserModel
 }

-func NewUserAuthInterceptorMiddleware() *UserAuthInterceptorMiddleware {
-	return &UserAuthInterceptorMiddleware{}
+func NewUserAuthInterceptorMiddleware(userModel model.UserModel) *UserAuthInterceptorMiddleware {
+	return &UserAuthInterceptorMiddleware{UserModel: userModel}
 }

 func (m *UserAuthInterceptorMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
@@ -28,6 +30,15 @@ func (m *UserAuthInterceptorMiddleware) Handle(next http.HandlerFunc) http.Handl
 			httpx.Error(w, errors.Wrapf(xerr.NewErrCode(xerr.USER_NEED_BIND_MOBILE), "token解析失败: %v", err))
 			return
 		}
+		user, err := m.UserModel.FindOne(r.Context(), claims.UserId)
+		if err != nil {
+			httpx.Error(w, errors.Wrapf(xerr.NewErrCode(ErrCodeUnauthorized), "用户不存在: %v", err))
+			return
+		}
+		if user.Disable == model.UserDisableBanned {
+			httpx.Error(w, xerr.NewErrCode(xerr.USER_DISABLED))
+			return
+		}
 		next(w, r)
 	}
 }