diff --git a/middleware/jwt.go b/middleware/jwt.go new file mode 100644 index 0000000..9d2867d --- /dev/null +++ b/middleware/jwt.go @@ -0,0 +1,43 @@ +package middleware + +import ( + "log" + "net/http" + + "git.apinb.com/bsm-sdk/core/crypto/encipher" + "github.com/gin-gonic/gin" +) + +func JwtAuth(redisToken string) gin.HandlerFunc { + return func(c *gin.Context) { + // 从请求头中获取 Authorization + authHeader := c.GetHeader("Authorization") + if authHeader == "" { + log.Println("获取token异常:", "Authorization header is required") + c.JSON(http.StatusUnauthorized, gin.H{"error": "Authorization header is required"}) + c.Abort() + return + } + // 提取Token + claims, err := encipher.ParseTokenAes(authHeader) + if err != nil || claims == nil { + log.Println("提取token异常:", "Token is required") + c.JSON(http.StatusUnauthorized, gin.H{"error": "Token is required"}) + c.Abort() + return + } + + // 从redis 获取token,判断当前redis 是否为空 + if redisToken == "" { + log.Println("redis异常", "Token status unauthorized") + c.JSON(http.StatusUnauthorized, gin.H{"error": "Token status unauthorized"}) + c.Abort() + return + } + + // 将解析后的 Token 存储到上下文中 + c.Set("Auth", claims) + // 如果 Token 有效,继续处理请求 + c.Next() + } +} diff --git a/service/meta.go b/service/meta.go index e1779b1..3a3abca 100644 --- a/service/meta.go +++ b/service/meta.go @@ -5,25 +5,18 @@ import ( "git.apinb.com/bsm-sdk/core/crypto/encipher" "git.apinb.com/bsm-sdk/core/errcode" + "git.apinb.com/bsm-sdk/core/types" "git.apinb.com/bsm-sdk/core/utils" "google.golang.org/grpc/metadata" ) -type Meta struct { - ID uint `json:"id"` - IDENTITY string `json:"identity"` - EXTEND map[string]string `json:"extend"` - CLIENT string `json:"client"` - ROLE string `json:"role"` -} - // 解析Context中MetaData的数据 type ParseOptions struct { RoleValue string // 判断角色的值 MustPrivateAllow bool // 是否只允许私有IP访问 } -func ParseMetaCtx(ctx context.Context, opts *ParseOptions) (*Meta, error) { +func ParseMetaCtx(ctx context.Context, opts *ParseOptions) (*types.JwtClaims, error) { // 解析metada中的信息并验证 md, ok := metadata.FromIncomingContext(ctx) if !ok { @@ -40,34 +33,26 @@ func ParseMetaCtx(ctx context.Context, opts *ParseOptions) (*Meta, error) { return nil, err } - meta := &Meta{ - ID: claims.ID, - IDENTITY: claims.Identity, - CLIENT: claims.Client, - EXTEND: claims.Extend, - ROLE: claims.Role, - } - if opts != nil { - if !meta.CheckRole("role", opts.RoleValue) { + if !checkRole(claims, "role", opts.RoleValue) { return nil, errcode.ErrPermissionDenied } if opts.MustPrivateAllow { - if utils.IsPublicIP(meta.CLIENT) { + if utils.IsPublicIP(claims.Client) { return nil, errcode.ErrPermissionDenied } } } - return meta, nil + return claims, nil } -func (m *Meta) CheckRole(roleKey, roleValue string) bool { +func checkRole(claims *types.JwtClaims, roleKey, roleValue string) bool { if roleValue == "" { return true } - if role, exists := m.EXTEND[roleKey]; !exists || role != roleValue { + if role, exists := claims.Extend[roleKey]; !exists || role != roleValue { return false } else { return true diff --git a/types/db.go b/types/db.go index 4032f44..591e96b 100644 --- a/types/db.go +++ b/types/db.go @@ -31,7 +31,7 @@ type ( CreatedAt time.Time `json:"created_at"` UpdatedAt time.Time `json:"updated_at"` DeletedAt gorm.DeletedAt `gorm:"index;" json:"deleted_at"` - Status int64 `gorm:"default:0;index;" json:"status"` // 状态:默认为0,-1禁止,1为正常 + Status int8 `gorm:"default:0;index;" json:"status"` // 状态:默认为0,-1禁止,1为正常 } // standard ID,Identity,Created,Updated,Deleted,Status definition.