2025-07-10 15:07:29 +08:00
|
|
|
|
package middleware
|
|
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
|
"net/http"
|
|
|
|
|
|
"strings"
|
|
|
|
|
|
"time"
|
|
|
|
|
|
|
2025-07-18 09:42:07 +08:00
|
|
|
|
"github.com/ctwj/urldb/db/entity"
|
|
|
|
|
|
"github.com/ctwj/urldb/utils"
|
2025-07-10 15:07:29 +08:00
|
|
|
|
|
|
|
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
|
|
"github.com/golang-jwt/jwt/v5"
|
|
|
|
|
|
"golang.org/x/crypto/bcrypt"
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
var jwtSecret = []byte("your-secret-key")
|
|
|
|
|
|
|
|
|
|
|
|
// Claims JWT声明
|
|
|
|
|
|
type Claims struct {
|
|
|
|
|
|
UserID uint `json:"user_id"`
|
|
|
|
|
|
Username string `json:"username"`
|
|
|
|
|
|
Role string `json:"role"`
|
|
|
|
|
|
jwt.RegisteredClaims
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// AuthMiddleware 认证中间件
|
|
|
|
|
|
func AuthMiddleware() gin.HandlerFunc {
|
|
|
|
|
|
return func(c *gin.Context) {
|
|
|
|
|
|
authHeader := c.GetHeader("Authorization")
|
2025-07-17 18:47:58 +08:00
|
|
|
|
utils.Info("AuthMiddleware - 收到请求: %s %s", c.Request.Method, c.Request.URL.Path)
|
|
|
|
|
|
utils.Info("AuthMiddleware - Authorization头: %s", authHeader)
|
|
|
|
|
|
|
2025-07-10 15:07:29 +08:00
|
|
|
|
if authHeader == "" {
|
2025-07-17 18:47:58 +08:00
|
|
|
|
utils.Error("AuthMiddleware - 未提供认证令牌")
|
2025-07-10 15:07:29 +08:00
|
|
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": "未提供认证令牌"})
|
|
|
|
|
|
c.Abort()
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// 检查Bearer前缀
|
|
|
|
|
|
if !strings.HasPrefix(authHeader, "Bearer ") {
|
2025-07-17 18:47:58 +08:00
|
|
|
|
utils.Error("AuthMiddleware - 无效的认证格式: %s", authHeader)
|
2025-07-10 15:07:29 +08:00
|
|
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": "无效的认证格式"})
|
|
|
|
|
|
c.Abort()
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
tokenString := strings.TrimPrefix(authHeader, "Bearer ")
|
2025-07-17 18:47:58 +08:00
|
|
|
|
utils.Info("AuthMiddleware - 解析令牌: %s", tokenString[:10]+"...")
|
|
|
|
|
|
|
2025-07-10 15:07:29 +08:00
|
|
|
|
claims, err := parseToken(tokenString)
|
|
|
|
|
|
if err != nil {
|
2025-07-17 18:47:58 +08:00
|
|
|
|
utils.Error("AuthMiddleware - 令牌解析失败: %v", err)
|
2025-07-10 15:07:29 +08:00
|
|
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": "无效的令牌"})
|
|
|
|
|
|
c.Abort()
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2025-07-17 18:47:58 +08:00
|
|
|
|
utils.Info("AuthMiddleware - 令牌验证成功,用户: %s, 角色: %s", claims.Username, claims.Role)
|
|
|
|
|
|
|
2025-07-10 15:07:29 +08:00
|
|
|
|
// 将用户信息存储到上下文中
|
|
|
|
|
|
c.Set("user_id", claims.UserID)
|
|
|
|
|
|
c.Set("username", claims.Username)
|
|
|
|
|
|
c.Set("role", claims.Role)
|
|
|
|
|
|
|
|
|
|
|
|
c.Next()
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// AdminMiddleware 管理员中间件
|
|
|
|
|
|
func AdminMiddleware() gin.HandlerFunc {
|
|
|
|
|
|
return func(c *gin.Context) {
|
|
|
|
|
|
role, exists := c.Get("role")
|
|
|
|
|
|
if !exists {
|
|
|
|
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": "未认证"})
|
|
|
|
|
|
c.Abort()
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if role != "admin" {
|
|
|
|
|
|
c.JSON(http.StatusForbidden, gin.H{"error": "需要管理员权限"})
|
|
|
|
|
|
c.Abort()
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
c.Next()
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// GenerateToken 生成JWT令牌
|
|
|
|
|
|
func GenerateToken(user *entity.User) (string, error) {
|
|
|
|
|
|
claims := Claims{
|
|
|
|
|
|
UserID: user.ID,
|
|
|
|
|
|
Username: user.Username,
|
|
|
|
|
|
Role: user.Role,
|
|
|
|
|
|
RegisteredClaims: jwt.RegisteredClaims{
|
2025-07-29 14:00:01 +08:00
|
|
|
|
ExpiresAt: jwt.NewNumericDate(utils.GetCurrentTime().Add(30 * 24 * time.Hour)), // 30天有效期
|
|
|
|
|
|
IssuedAt: jwt.NewNumericDate(utils.GetCurrentTime()),
|
|
|
|
|
|
NotBefore: jwt.NewNumericDate(utils.GetCurrentTime()),
|
2025-07-10 15:07:29 +08:00
|
|
|
|
},
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
|
|
|
|
|
|
return token.SignedString(jwtSecret)
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// parseToken 解析JWT令牌
|
|
|
|
|
|
func parseToken(tokenString string) (*Claims, error) {
|
2025-07-17 18:47:58 +08:00
|
|
|
|
utils.Info("parseToken - 开始解析令牌")
|
|
|
|
|
|
|
2025-07-10 15:07:29 +08:00
|
|
|
|
token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) {
|
|
|
|
|
|
return jwtSecret, nil
|
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
|
|
if err != nil {
|
2025-07-17 18:47:58 +08:00
|
|
|
|
utils.Error("parseToken - JWT解析失败: %v", err)
|
2025-07-10 15:07:29 +08:00
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if claims, ok := token.Claims.(*Claims); ok && token.Valid {
|
2025-07-17 18:47:58 +08:00
|
|
|
|
utils.Info("parseToken - 令牌解析成功,用户ID: %d", claims.UserID)
|
2025-07-10 15:07:29 +08:00
|
|
|
|
return claims, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2025-07-17 18:47:58 +08:00
|
|
|
|
utils.Error("parseToken - 令牌无效或签名错误")
|
2025-07-10 15:07:29 +08:00
|
|
|
|
return nil, jwt.ErrSignatureInvalid
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// HashPassword 哈希密码
|
|
|
|
|
|
func HashPassword(password string) (string, error) {
|
|
|
|
|
|
bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
|
|
|
|
|
|
return string(bytes), err
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// CheckPassword 检查密码
|
|
|
|
|
|
func CheckPassword(password, hash string) bool {
|
|
|
|
|
|
err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
|
|
|
|
|
|
return err == nil
|
|
|
|
|
|
}
|
