147 lines
3.2 KiB
Go
147 lines
3.2 KiB
Go
package middlewares
|
|
|
|
import (
|
|
"strings"
|
|
|
|
"quyun/v2/app/errorx"
|
|
"quyun/v2/app/services"
|
|
"quyun/v2/pkg/consts"
|
|
"quyun/v2/providers/jwt"
|
|
|
|
"github.com/gofiber/fiber/v3"
|
|
log "github.com/sirupsen/logrus"
|
|
"go.ipao.vip/gen/types"
|
|
)
|
|
|
|
// Middlewares provides reusable Fiber middlewares shared across modules.
|
|
//
|
|
// @provider
|
|
type Middlewares struct {
|
|
// log is the module logger injected by the framework.
|
|
log *log.Entry `inject:"false"`
|
|
// jwt is the JWT provider used by auth-related middlewares.
|
|
jwt *jwt.JWT
|
|
}
|
|
|
|
func (f *Middlewares) Prepare() error {
|
|
f.log = log.WithField("module", "middleware")
|
|
return nil
|
|
}
|
|
|
|
func (m *Middlewares) Auth(ctx fiber.Ctx) error {
|
|
if isPublicRoute(ctx) {
|
|
return ctx.Next()
|
|
}
|
|
authHeader := ctx.Get("Authorization")
|
|
if authHeader == "" {
|
|
return errorx.ErrUnauthorized.WithMsg("Missing token")
|
|
}
|
|
|
|
claims, err := m.jwt.Parse(authHeader)
|
|
if err != nil {
|
|
return errorx.ErrUnauthorized.WithCause(err).WithMsg("Invalid token")
|
|
}
|
|
|
|
// get user model
|
|
user, err := services.User.GetModelByID(ctx, claims.UserID)
|
|
if err != nil {
|
|
return errorx.ErrUnauthorized.WithCause(err).WithMsg("UserNotFound")
|
|
}
|
|
|
|
// Set Context
|
|
ctx.Locals("__ctx_user", user)
|
|
if claims.TenantID > 0 {
|
|
tenant, err := services.Tenant.GetModelByID(ctx, claims.TenantID)
|
|
if err != nil {
|
|
return errorx.ErrUnauthorized.WithCause(err).WithMsg("TenantNotFound")
|
|
}
|
|
ctx.Locals("__ctx_tenant", tenant)
|
|
}
|
|
|
|
return ctx.Next()
|
|
}
|
|
|
|
func (m *Middlewares) SuperAuth(ctx fiber.Ctx) error {
|
|
if isSuperPublicRoute(ctx) {
|
|
return ctx.Next()
|
|
}
|
|
authHeader := ctx.Get("Authorization")
|
|
if authHeader == "" {
|
|
return errorx.ErrUnauthorized.WithMsg("Missing token")
|
|
}
|
|
|
|
claims, err := m.jwt.Parse(authHeader)
|
|
if err != nil {
|
|
return errorx.ErrUnauthorized.WithCause(err).WithMsg("Invalid token")
|
|
}
|
|
|
|
user, err := services.User.GetModelByID(ctx, claims.UserID)
|
|
if err != nil {
|
|
return errorx.ErrUnauthorized.WithCause(err).WithMsg("UserNotFound")
|
|
}
|
|
|
|
if !hasRole(user.Roles, consts.RoleSuperAdmin) {
|
|
return errorx.ErrForbidden.WithMsg("无权限访问")
|
|
}
|
|
|
|
ctx.Locals("__ctx_user", user)
|
|
return ctx.Next()
|
|
}
|
|
|
|
func hasRole(roles types.Array[consts.Role], role consts.Role) bool {
|
|
for _, r := range roles {
|
|
if r == role {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
func isPublicRoute(ctx fiber.Ctx) bool {
|
|
path := ctx.Path()
|
|
method := ctx.Method()
|
|
|
|
if method == fiber.MethodGet {
|
|
switch path {
|
|
case "/v1/common/options", "/v1/contents", "/v1/topics", "/v1/tenants":
|
|
return true
|
|
}
|
|
if strings.HasPrefix(path, "/v1/contents/") {
|
|
return true
|
|
}
|
|
if strings.HasPrefix(path, "/v1/creators/") && strings.HasSuffix(path, "/contents") {
|
|
return true
|
|
}
|
|
if strings.HasPrefix(path, "/v1/tenants/") {
|
|
return true
|
|
}
|
|
if strings.HasPrefix(path, "/v1/orders/") && strings.HasSuffix(path, "/status") {
|
|
return true
|
|
}
|
|
if strings.HasPrefix(path, "/v1/storage/") {
|
|
return true
|
|
}
|
|
}
|
|
|
|
if method == fiber.MethodPost && path == "/v1/webhook/payment/notify" {
|
|
return true
|
|
}
|
|
|
|
if method == fiber.MethodPut && strings.HasPrefix(path, "/v1/storage/") {
|
|
return true
|
|
}
|
|
|
|
return false
|
|
}
|
|
|
|
func isSuperPublicRoute(ctx fiber.Ctx) bool {
|
|
path := ctx.Path()
|
|
method := ctx.Method()
|
|
|
|
if method == fiber.MethodPost && path == "/super/v1/auth/login" {
|
|
return true
|
|
}
|
|
|
|
return false
|
|
}
|