fe3294ed60
- 新增UserAuth中间件用于验证用户登录状态和权限 - 移除Linux.do登录中的redirectUri和minimumTrustLevel配置项 - 修改Linux.do登录流程以支持动态构建回调URL - 将API v1接口组迁移至需要用户认证的路由 - 在远程AI服务调用中添加用户令牌认证 - 修复被封禁用户的认证检查逻辑 - 更新登录重定向函数以处理请求来源 - 添加RequestOrigin函数解析转发的主机和协议头
53 lines
1.3 KiB
Go
53 lines
1.3 KiB
Go
package middleware
|
|
|
|
import (
|
|
"net/http"
|
|
"strings"
|
|
|
|
"github.com/basketikun/infinite-canvas/handler"
|
|
"github.com/basketikun/infinite-canvas/model"
|
|
"github.com/basketikun/infinite-canvas/service"
|
|
"github.com/gin-gonic/gin"
|
|
)
|
|
|
|
func AdminAuth(c *gin.Context) {
|
|
user, ok := authUser(c)
|
|
if !ok || user.Role != model.UserRoleAdmin {
|
|
handler.Fail(c.Writer, "未登录或权限不足")
|
|
c.Abort()
|
|
return
|
|
}
|
|
c.Request = c.Request.WithContext(service.WithUser(c.Request.Context(), user))
|
|
c.Next()
|
|
}
|
|
|
|
func UserAuth(c *gin.Context) {
|
|
user, ok := authUser(c)
|
|
if !ok || user.Role == model.UserRoleGuest {
|
|
handler.Fail(c.Writer, "未登录或权限不足")
|
|
c.Abort()
|
|
return
|
|
}
|
|
c.Request = c.Request.WithContext(service.WithUser(c.Request.Context(), user))
|
|
c.Next()
|
|
}
|
|
|
|
func OptionalAuth(c *gin.Context) {
|
|
if user, ok := authUser(c); ok {
|
|
c.Request = c.Request.WithContext(service.WithUser(c.Request.Context(), user))
|
|
}
|
|
c.Next()
|
|
}
|
|
|
|
func NotFoundJSON(c *gin.Context) {
|
|
c.JSON(http.StatusNotFound, gin.H{"code": 1, "data": nil, "msg": "接口不存在"})
|
|
}
|
|
|
|
func authUser(c *gin.Context) (model.AuthUser, bool) {
|
|
token := strings.TrimPrefix(c.GetHeader("Authorization"), "Bearer ")
|
|
if strings.TrimSpace(token) == "" {
|
|
return model.AuthUser{}, false
|
|
}
|
|
return service.CurrentAuthUser(token)
|
|
}
|