hxuanyu/FileRelay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
FileRelay/internal/api/middleware/auth.go

108 lines
2.6 KiB
Go
Raw Permalink Blame History

package middleware
import (
"FileRelay/internal/auth"
"FileRelay/internal/config"
"FileRelay/internal/model"
"FileRelay/internal/service"
"net/http"
"strings"
"github.com/gin-gonic/gin"
)
func AdminAuth() gin.HandlerFunc {
tokenService := service.NewTokenService()
return func(c *gin.Context) {
authHeader := c.GetHeader("Authorization")
if authHeader == "" {
c.JSON(http.StatusUnauthorized, model.ErrorResponse(model.CodeUnauthorized, "Authorization header required"))
c.Abort()
return
}
parts := strings.SplitN(authHeader, " ", 2)
if !(len(parts) == 2 && parts[0] == "Bearer") {
c.JSON(http.StatusUnauthorized, model.ErrorResponse(model.CodeUnauthorized, "Invalid authorization format"))
c.Abort()
return
}
tokenStr := parts[1]
// 1. 尝试解析为管理员 JWT
claims, err := auth.ParseToken(tokenStr)
if err == nil {
c.Set("admin_id", claims.AdminID)
c.Next()
return
}
// 2. 尝试解析为 API Token (如果配置允许)
if config.GlobalConfig.APIToken.Enabled && config.GlobalConfig.APIToken.AllowAdminAPI {
token, err := tokenService.ValidateToken(tokenStr, model.ScopeAdmin)
if err == nil {
c.Set("token_id", token.ID)
c.Set("token_scope", token.Scope)
c.Next()
return
}
}
c.JSON(http.StatusUnauthorized, model.ErrorResponse(model.CodeUnauthorized, "Invalid or expired token"))
c.Abort()
}
}
func APITokenAuth(requiredScope string, optional bool) gin.HandlerFunc {
tokenService := service.NewTokenService()
return func(c *gin.Context) {
authHeader := c.GetHeader("Authorization")
if authHeader == "" {
if optional {
c.Next()
return
}
c.JSON(http.StatusUnauthorized, model.ErrorResponse(model.CodeUnauthorized, "Authorization header required"))
c.Abort()
return
}
parts := strings.SplitN(authHeader, " ", 2)
if !(len(parts) == 2 && parts[0] == "Bearer") {
if optional {
c.Next()
return
}
c.JSON(http.StatusUnauthorized, model.ErrorResponse(model.CodeUnauthorized, "Invalid authorization format"))
c.Abort()
return
}
if !config.GlobalConfig.APIToken.Enabled {
if optional {
c.Next()
return
}
c.JSON(http.StatusForbidden, model.ErrorResponse(model.CodeForbidden, "API Token is disabled"))
c.Abort()
return
}
token, err := tokenService.ValidateToken(parts[1], requiredScope)
if err != nil {
if optional {
c.Next()
return
}
c.JSON(http.StatusUnauthorized, model.ErrorResponse(model.CodeUnauthorized, err.Error()))
c.Abort()
return
}
c.Set("token_id", token.ID)
c.Set("token_scope", token.Scope)
c.Next()
}
}
Reference in New Issue View Git Blame Copy Permalink