feat: done

backend/app/middlewares/tenant.go

@@ -0,0 +1,79 @@
+package middlewares
+
+import (
+	"quyun/v2/app/errorx"
+	"quyun/v2/app/services"
+	"quyun/v2/database/models"
+	"quyun/v2/pkg/consts"
+	"quyun/v2/providers/jwt"
+
+	"github.com/gofiber/fiber/v3"
+	"github.com/sirupsen/logrus"
+)
+
+func (f *Middlewares) TenantResolve(c fiber.Ctx) error {
+	tenantCode := c.Params("tenant_code")
+	if tenantCode == "" {
+		return errorx.ErrMissingParameter.WithMsg("缺少 tenant_code")
+	}
+
+	tenantModel, err := services.Tenant.FindByCode(c, tenantCode)
+	if err != nil {
+		return err
+	}
+
+	c.Locals(consts.CtxKeyTenant, tenantModel)
+	return c.Next()
+}
+
+func (f *Middlewares) TenantAuth(c fiber.Ctx) error {
+	authHeader := c.Get(jwt.HttpHeader)
+	if authHeader == "" {
+		return errorx.ErrTokenMissing
+	}
+	logrus.Infof("Token: %s", authHeader)
+
+	claims, err := f.jwt.Parse(authHeader)
+	if err != nil {
+		switch err {
+		case jwt.TokenExpired:
+			return errorx.ErrTokenExpired
+		case jwt.TokenMalformed, jwt.TokenNotValidYet, jwt.TokenInvalid:
+			return errorx.ErrTokenInvalid
+		default:
+			return errorx.ErrTokenInvalid
+		}
+	}
+	if claims.UserID == 0 {
+		return errorx.ErrTokenInvalid
+	}
+
+	c.Locals(consts.CtxKeyClaims, claims)
+	return c.Next()
+}
+
+func (f *Middlewares) TenantRequireMember(c fiber.Ctx) error {
+	tenantModel, ok := c.Locals(consts.CtxKeyTenant).(*models.Tenant)
+	if !ok || tenantModel == nil {
+		return errorx.ErrInternalError.WithMsg("tenant context missing")
+	}
+
+	claims, ok := c.Locals(consts.CtxKeyClaims).(*jwt.Claims)
+	if !ok || claims == nil {
+		return errorx.ErrInternalError.WithMsg("claims context missing")
+	}
+
+	tenantUser, err := services.Tenant.FindTenantUser(c, tenantModel.ID, claims.UserID)
+	if err != nil {
+		return errorx.ErrPermissionDenied.WithMsg("不属于该租户")
+	}
+
+	userModel, err := services.User.FindByID(c, claims.UserID)
+	if err != nil {
+		return err
+	}
+
+	c.Locals(consts.CtxKeyTenantUser, tenantUser)
+	c.Locals(consts.CtxKeyUser, userModel)
+	return c.Next()
+}