quyun-v2/backend/app/middlewares/tenant.go

package middlewares

import (
	"quyun/v2/app/errorx"
	"quyun/v2/app/services"
	"quyun/v2/database/models"
	"quyun/v2/pkg/consts"
	"quyun/v2/providers/jwt"

	"github.com/gofiber/fiber/v3"
	"github.com/sirupsen/logrus"
)

func (f *Middlewares) TenantResolve(c fiber.Ctx) error {
	tenantCode := c.Params("tenant_code")
	if tenantCode == "" {
		return errorx.ErrMissingParameter.WithMsg("缺少 tenant_code")
	}

	tenantModel, err := services.Tenant.FindByCode(c, tenantCode)
	if err != nil {
		return err
	}

	c.Locals(consts.CtxKeyTenant, tenantModel)
	return c.Next()
}

func (f *Middlewares) TenantAuth(c fiber.Ctx) error {
	authHeader := c.Get(jwt.HttpHeader)
	if authHeader == "" {
		return errorx.ErrTokenMissing
	}
	logrus.Infof("Token: %s", authHeader)

	claims, err := f.jwt.Parse(authHeader)
	if err != nil {
		switch err {
		case jwt.TokenExpired:
			return errorx.ErrTokenExpired
		case jwt.TokenMalformed, jwt.TokenNotValidYet, jwt.TokenInvalid:
			return errorx.ErrTokenInvalid
		default:
			return errorx.ErrTokenInvalid
		}
	}
	if claims.UserID == 0 {
		return errorx.ErrTokenInvalid
	}

	c.Locals(consts.CtxKeyClaims, claims)
	return c.Next()
}

func (f *Middlewares) TenantRequireMember(c fiber.Ctx) error {
	tenantModel, ok := c.Locals(consts.CtxKeyTenant).(*models.Tenant)
	if !ok || tenantModel == nil {
		return errorx.ErrInternalError.WithMsg("tenant context missing")
	}

	claims, ok := c.Locals(consts.CtxKeyClaims).(*jwt.Claims)
	if !ok || claims == nil {
		return errorx.ErrInternalError.WithMsg("claims context missing")
	}

	tenantUser, err := services.Tenant.FindTenantUser(c, tenantModel.ID, claims.UserID)
	if err != nil {
		return errorx.ErrPermissionDenied.WithMsg("不属于该租户")
	}

	userModel, err := services.User.FindByID(c, claims.UserID)
	if err != nil {
		return err
	}

	c.Locals(consts.CtxKeyTenantUser, tenantUser)
	c.Locals(consts.CtxKeyUser, userModel)
	return c.Next()
}