injectlib/urldb
1
0
Fork 0
mirror of https://github.com/ctwj/urldb.git synced 2025-11-25 03:15:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: 修复资源自动处理的问题

Browse Source
This commit is contained in:
Kerwin
2025-08-25 09:51:45 +08:00
parent 0d54dffa19
commit 002267e436
10 changed files with 175 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
middleware/auth.go
View File

@@ -27,8 +27,8 @@ type Claims struct {
func AuthMiddleware() gin.HandlerFunc {
return func(c *gin.Context) {
authHeader := c.GetHeader("Authorization")
utils.Info("AuthMiddleware - 收到请求: %s %s", c.Request.Method, c.Request.URL.Path)
utils.Info("AuthMiddleware - Authorization头: %s", authHeader)
// utils.Info("AuthMiddleware - 收到请求: %s %s", c.Request.Method, c.Request.URL.Path)
// utils.Info("AuthMiddleware - Authorization头: %s", authHeader)
if authHeader == "" {
utils.Error("AuthMiddleware - 未提供认证令牌")
@@ -39,24 +39,24 @@ func AuthMiddleware() gin.HandlerFunc {
// 检查Bearer前缀
if !strings.HasPrefix(authHeader, "Bearer ") {
utils.Error("AuthMiddleware - 无效的认证格式: %s", authHeader)
// utils.Error("AuthMiddleware - 无效的认证格式: %s", authHeader)
c.JSON(http.StatusUnauthorized, gin.H{"error": "无效的认证格式"})
c.Abort()
return
}
tokenString := strings.TrimPrefix(authHeader, "Bearer ")
utils.Info("AuthMiddleware - 解析令牌: %s", tokenString[:10]+"...")
// utils.Info("AuthMiddleware - 解析令牌: %s", tokenString[:10]+"...")
claims, err := parseToken(tokenString)
if err != nil {
utils.Error("AuthMiddleware - 令牌解析失败: %v", err)
// utils.Error("AuthMiddleware - 令牌解析失败: %v", err)
c.JSON(http.StatusUnauthorized, gin.H{"error": "无效的令牌"})
c.Abort()
return
}
utils.Info("AuthMiddleware - 令牌验证成功,用户: %s, 角色: %s", claims.Username, claims.Role)
// utils.Info("AuthMiddleware - 令牌验证成功,用户: %s, 角色: %s", claims.Username, claims.Role)
// 将用户信息存储到上下文中
c.Set("user_id", claims.UserID)
@@ -72,13 +72,13 @@ func AdminMiddleware() gin.HandlerFunc {
return func(c *gin.Context) {
role, exists := c.Get("role")
if !exists {
c.JSON(http.StatusUnauthorized, gin.H{"error": "未认证"})
// c.JSON(http.StatusUnauthorized, gin.H{"error": "未认证"})
c.Abort()
return
}
if role != "admin" {
c.JSON(http.StatusForbidden, gin.H{"error": "需要管理员权限"})
// c.JSON(http.StatusForbidden, gin.H{"error": "需要管理员权限"})
c.Abort()
return
}
@@ -106,23 +106,23 @@ func GenerateToken(user *entity.User) (string, error) {
// parseToken 解析JWT令牌
func parseToken(tokenString string) (*Claims, error) {
utils.Info("parseToken - 开始解析令牌")
// utils.Info("parseToken - 开始解析令牌")
token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) {
return jwtSecret, nil
})
if err != nil {
utils.Error("parseToken - JWT解析失败: %v", err)
// utils.Error("parseToken - JWT解析失败: %v", err)
return nil, err
}
if claims, ok := token.Claims.(*Claims); ok && token.Valid {
utils.Info("parseToken - 令牌解析成功用户ID: %d", claims.UserID)
// utils.Info("parseToken - 令牌解析成功用户ID: %d", claims.UserID)
return claims, nil
}
utils.Error("parseToken - 令牌无效或签名错误")
// utils.Error("parseToken - 令牌无效或签名错误")
return nil, jwt.ErrSignatureInvalid
}