udpate

backend_v1/app/middlewares/mid_auth.go

@@ -0,0 +1,73 @@
+package middlewares
+
+import (
+	"net/url"
+	"strings"
+
+	"quyun/v2/app/services"
+	"quyun/v2/pkg/utils"
+
+	"github.com/gofiber/fiber/v3"
+	log "github.com/sirupsen/logrus"
+)
+
+func (f *Middlewares) AuthFrontend(ctx fiber.Ctx) error {
+	if strings.HasPrefix(ctx.Path(), "/v1/auth/") {
+		return ctx.Next()
+	}
+
+	if f.app.IsDevMode() && true {
+		user, err := services.Users.FindByID(ctx.Context(), 1001)
+		if err != nil {
+			return ctx.Send([]byte("User not found"))
+		}
+		ctx.Locals("user", user)
+		return ctx.Next()
+	}
+
+	fullUrl := utils.FullURI(ctx)
+	u, err := url.Parse(fullUrl)
+	if err != nil {
+		return err
+	}
+	query := u.Query()
+	query.Set("redirect", fullUrl)
+	u.RawQuery = query.Encode()
+	u.Path = "/v1/auth/wechat" // TODO: use phone validation
+	fullUrl = u.String()
+
+	// check cookie exists
+	cookie := ctx.Cookies("token")
+	log.Infof("cookie: %s", cookie)
+	if cookie == "" {
+		log.Infof("auth redirect_uri: %s", fullUrl)
+		if ctx.XHR() {
+			return ctx.SendStatus(fiber.StatusUnauthorized)
+		}
+		return ctx.Redirect().To(fullUrl)
+	}
+
+	jwt, err := f.jwt.Parse(cookie)
+	if err != nil {
+		// remove cookie
+		ctx.ClearCookie("token")
+		if ctx.XHR() {
+			return ctx.SendStatus(fiber.StatusUnauthorized)
+		}
+		return ctx.Redirect().To(fullUrl)
+	}
+
+	user, err := services.Users.FindByID(ctx.Context(), jwt.UserID)
+	if err != nil {
+		// remove cookie
+		ctx.ClearCookie("token")
+		if ctx.XHR() {
+			return ctx.SendStatus(fiber.StatusUnauthorized)
+		}
+		return ctx.Redirect().To(fullUrl)
+	}
+
+	ctx.Locals("user", user)
+
+	return ctx.Next()
+}

backend_v1/app/middlewares/mid_auth_admin.go

@@ -0,0 +1,34 @@
+package middlewares
+
+import (
+	"strings"
+
+	"github.com/gofiber/fiber/v3"
+)
+
+func (f *Middlewares) AuthAdmin(ctx fiber.Ctx) error {
+	if !strings.HasPrefix(ctx.Path(), "/v1/admin") {
+		return ctx.Next()
+	}
+
+	if ctx.Path() == "/v1/admin/auth" {
+		return ctx.Next()
+	}
+
+	token := ctx.Get("Authorization")
+	if token == "" {
+		token = ctx.Query("token")
+		if token == "" {
+			return ctx.Status(fiber.StatusUnauthorized).SendString("Unauthorized")
+		}
+	}
+	jwt, err := f.jwt.Parse(token)
+	if err != nil {
+		return ctx.Status(fiber.StatusUnauthorized).SendString("Unauthorized")
+	}
+	if jwt.UserID != -20140202 {
+		return ctx.Status(fiber.StatusForbidden).SendString("Forbidden")
+	}
+
+	return ctx.Next()
+}

backend_v1/app/middlewares/mid_wechat_mp_verify.go

@@ -0,0 +1,19 @@
+package middlewares
+
+import (
+	"strings"
+
+	"github.com/gofiber/fiber/v3"
+)
+
+func (f *Middlewares) WechatMpVerify(ctx fiber.Ctx) error {
+	if !strings.HasPrefix(ctx.Path(), "/MP_verify_") {
+		return ctx.Next()
+	}
+
+	path := strings.Replace(ctx.Path(), "MP_verify_", "", 1)
+	path = strings.Replace(path, ".txt", "", 1)
+	path = strings.Trim(path, "/")
+
+	return ctx.SendString(path)
+}

backend_v1/app/middlewares/middlewares.go

@@ -1,12 +1,17 @@
 package middlewares
 
 import (
+	"quyun/v2/providers/app"
+	"quyun/v2/providers/jwt"
+
 	log "github.com/sirupsen/logrus"
 )
 
 // @provider
 type Middlewares struct {
 	log *log.Entry `inject:"false"`
+	app *app.Config
+	jwt *jwt.JWT
 }
 
 func (f *Middlewares) Prepare() error {

backend_v1/app/middlewares/provider.gen.go

@@ -1,13 +1,22 @@
 package middlewares
 
 import (
+	"quyun/v2/providers/app"
+	"quyun/v2/providers/jwt"
+
 	"go.ipao.vip/atom/container"
 	"go.ipao.vip/atom/opt"
 )
 
 func Provide(opts ...opt.Option) error {
-	if err := container.Container.Provide(func() (*Middlewares, error) {
-		obj := &Middlewares{}
+	if err := container.Container.Provide(func(
+		app *app.Config,
+		jwt *jwt.JWT,
+	) (*Middlewares, error) {
+		obj := &Middlewares{
+			app: app,
+			jwt: jwt,
+		}
 		if err := obj.Prepare(); err != nil {
 			return nil, err
 		}