91 lines
2.1 KiB
Go
91 lines
2.1 KiB
Go
package middlewares
|
|
|
|
import (
|
|
"quyun/v2/app/errorx"
|
|
"quyun/v2/app/services"
|
|
"quyun/v2/pkg/consts"
|
|
"quyun/v2/providers/jwt"
|
|
|
|
"github.com/gofiber/fiber/v3"
|
|
log "github.com/sirupsen/logrus"
|
|
"go.ipao.vip/gen/types"
|
|
)
|
|
|
|
// Middlewares provides reusable Fiber middlewares shared across modules.
|
|
//
|
|
// @provider
|
|
type Middlewares struct {
|
|
// log is the module logger injected by the framework.
|
|
log *log.Entry `inject:"false"`
|
|
// jwt is the JWT provider used by auth-related middlewares.
|
|
jwt *jwt.JWT
|
|
}
|
|
|
|
func (f *Middlewares) Prepare() error {
|
|
f.log = log.WithField("module", "middleware")
|
|
return nil
|
|
}
|
|
|
|
func (m *Middlewares) Auth(ctx fiber.Ctx) error {
|
|
authHeader := ctx.Get("Authorization")
|
|
if authHeader == "" {
|
|
return ctx.Next()
|
|
}
|
|
|
|
claims, err := m.jwt.Parse(authHeader)
|
|
if err != nil {
|
|
return errorx.ErrUnauthorized.WithCause(err).WithMsg("Invalid token")
|
|
}
|
|
|
|
// get user model
|
|
user, err := services.User.GetModelByID(ctx, claims.UserID)
|
|
if err != nil {
|
|
return errorx.ErrUnauthorized.WithCause(err).WithMsg("UserNotFound")
|
|
}
|
|
|
|
// Set Context
|
|
ctx.Locals("__ctx_user", user)
|
|
if claims.TenantID > 0 {
|
|
tenant, err := services.Tenant.GetModelByID(ctx, claims.TenantID)
|
|
if err != nil {
|
|
return errorx.ErrUnauthorized.WithCause(err).WithMsg("TenantNotFound")
|
|
}
|
|
ctx.Locals("__ctx_tenant", tenant)
|
|
}
|
|
|
|
return ctx.Next()
|
|
}
|
|
|
|
func (m *Middlewares) SuperAuth(ctx fiber.Ctx) error {
|
|
authHeader := ctx.Get("Authorization")
|
|
if authHeader == "" {
|
|
return errorx.ErrUnauthorized.WithMsg("Missing token")
|
|
}
|
|
|
|
claims, err := m.jwt.Parse(authHeader)
|
|
if err != nil {
|
|
return errorx.ErrUnauthorized.WithCause(err).WithMsg("Invalid token")
|
|
}
|
|
|
|
user, err := services.User.GetModelByID(ctx, claims.UserID)
|
|
if err != nil {
|
|
return errorx.ErrUnauthorized.WithCause(err).WithMsg("UserNotFound")
|
|
}
|
|
|
|
if !hasRole(user.Roles, consts.RoleSuperAdmin) {
|
|
return errorx.ErrForbidden.WithMsg("无权限访问")
|
|
}
|
|
|
|
ctx.Locals("__ctx_user", user)
|
|
return ctx.Next()
|
|
}
|
|
|
|
func hasRole(roles types.Array[consts.Role], role consts.Role) bool {
|
|
for _, r := range roles {
|
|
if r == role {
|
|
return true
|
|
}
|
|
}
|
|
return false
|
|
}
|