sar
42c423bd32
- 添加用户认证模块 (JWT + 密码管理) - 添加 ChatGPT 账户管理功能 - 添加卡密管理功能 (创建、批量生成、查询) - 添加邀请功能 - 配置数据库迁移和路由系统
66 lines
1.7 KiB
Go
66 lines
1.7 KiB
Go
package middleware
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
"strings"
|
|
|
|
"gpt-manager-go/internal/auth"
|
|
)
|
|
|
|
// 上下文键类型
|
|
type contextKey string
|
|
|
|
const UserContextKey contextKey = "user"
|
|
|
|
// AuthMiddleware JWT 认证中间件
|
|
func AuthMiddleware(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
authHeader := r.Header.Get("Authorization")
|
|
if authHeader == "" {
|
|
http.Error(w, `{"success":false,"message":"Authorization header required"}`, http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
// 检查 Bearer 前缀
|
|
parts := strings.SplitN(authHeader, " ", 2)
|
|
if len(parts) != 2 || parts[0] != "Bearer" {
|
|
http.Error(w, `{"success":false,"message":"Invalid authorization header format"}`, http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
tokenString := parts[1]
|
|
|
|
// 解析 Token
|
|
claims, err := auth.ParseToken(tokenString)
|
|
if err != nil {
|
|
http.Error(w, `{"success":false,"message":"Invalid or expired token"}`, http.StatusUnauthorized)
|
|
return
|
|
}
|
|
|
|
// 将用户信息存入上下文
|
|
ctx := context.WithValue(r.Context(), UserContextKey, claims)
|
|
next.ServeHTTP(w, r.WithContext(ctx))
|
|
})
|
|
}
|
|
|
|
// GetUserFromContext 从上下文获取用户信息
|
|
func GetUserFromContext(ctx context.Context) *auth.Claims {
|
|
if claims, ok := ctx.Value(UserContextKey).(*auth.Claims); ok {
|
|
return claims
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// RequireSuperAdmin 要求超级管理员权限
|
|
func RequireSuperAdmin(next http.Handler) http.Handler {
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
claims := GetUserFromContext(r.Context())
|
|
if claims == nil || !claims.IsSuperAdmin {
|
|
http.Error(w, `{"success":false,"message":"Super admin required"}`, http.StatusForbidden)
|
|
return
|
|
}
|
|
next.ServeHTTP(w, r)
|
|
})
|
|
}
|