You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
89 lines
1.9 KiB
89 lines
1.9 KiB
package jwt |
|
|
|
import ( |
|
"git.diulo.com/mogfee/kit/core/token" |
|
"git.diulo.com/mogfee/kit/errors" |
|
"git.diulo.com/mogfee/kit/rest" |
|
"git.diulo.com/mogfee/kit/rest/httpx" |
|
"net/http" |
|
"strings" |
|
) |
|
|
|
type UserInfo struct { |
|
UserId string |
|
UserName string |
|
UserType string |
|
Permissions []string |
|
UniqueId string |
|
} |
|
|
|
func Middleware() rest.Middleware { |
|
tokenServer := token.NewTokenService("sfe023f_9fd&fwfl") |
|
return func(next http.HandlerFunc) http.HandlerFunc { |
|
return func(w http.ResponseWriter, r *http.Request) { |
|
ctx := r.Context() |
|
|
|
//1. 解析token |
|
//2. 获取用户信息 |
|
//3. 校验权限 |
|
//4. 设置ctx |
|
authKey := FromAuthKeyContext(ctx) |
|
needAuth := FromNeedAuthContext(ctx) |
|
|
|
//解析token |
|
tokenStr := r.Header.Get("token") |
|
if tokenStr == "" { |
|
tokenStr = r.URL.Query().Get("token") |
|
} |
|
if tokenStr == "" && needAuth { |
|
httpx.Error(w, errors.Unauthorized("NO_TOKEN", "")) |
|
return |
|
} |
|
if tokenStr != "" { |
|
if err := func() error { |
|
res, err := tokenServer.Parse(tokenStr) |
|
if err != nil { |
|
return err |
|
} |
|
if needAuth && res == nil { |
|
return errors.Unauthorized("TOKEN_BAD", "") |
|
} |
|
if authKey != "" { |
|
if err = defaultValidate(authKey, res); err != nil { |
|
return err |
|
} |
|
} |
|
//if userInfo.UserId != "" { |
|
// ctx = SetUserContext(ctx, userInfo) |
|
//} |
|
return nil |
|
}(); err != nil { |
|
if needAuth { |
|
httpx.Error(w, err) |
|
return |
|
} |
|
} |
|
} |
|
|
|
next(w, r) |
|
} |
|
} |
|
} |
|
|
|
func defaultValidate(authKey string, res any) error { |
|
|
|
userInfo, ok := res.(*UserInfo) |
|
if !ok { |
|
return errors.Forbidden("TOKEN_PERMISSION_BAD", "权限不足") |
|
} |
|
allowMap := make(map[string]bool) |
|
for _, v := range strings.Split(authKey, "|") { |
|
allowMap[v] = true |
|
} |
|
for _, v := range userInfo.Permissions { |
|
if allowMap[v] { |
|
return nil |
|
} |
|
} |
|
return errors.Forbidden("TOKEN_PERMISSION_BAD", "权限不足") |
|
}
|
|
|