2025-10-03 19:55:20 +08:00
|
|
|
|
// Package middleware 提供HTTP中间件功能
|
|
|
|
|
|
// 包括JWT认证、CORS、运行模式等中间件
|
2025-04-09 10:19:15 +08:00
|
|
|
|
package middleware
|
|
|
|
|
|
|
|
|
|
|
|
import (
|
2025-04-09 10:34:01 +08:00
|
|
|
|
"encoding/json"
|
2025-04-09 10:19:15 +08:00
|
|
|
|
"log"
|
|
|
|
|
|
"net/http"
|
|
|
|
|
|
|
2025-10-13 13:10:01 +08:00
|
|
|
|
"git.apinb.com/bsm-sdk/core/crypto/token"
|
|
|
|
|
|
"git.apinb.com/bsm-sdk/core/env"
|
2025-04-09 10:34:01 +08:00
|
|
|
|
"git.apinb.com/bsm-sdk/core/errcode"
|
|
|
|
|
|
"git.apinb.com/bsm-sdk/core/types"
|
2025-04-09 10:19:15 +08:00
|
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
|
|
)
|
|
|
|
|
|
|
2025-10-03 19:55:20 +08:00
|
|
|
|
// JwtAuth JWT认证中间件
|
|
|
|
|
|
// time_verify: 是否验证token过期时间
|
|
|
|
|
|
// 返回: Gin中间件函数
|
2025-08-23 21:17:51 +08:00
|
|
|
|
func JwtAuth(time_verify bool) gin.HandlerFunc {
|
2025-04-09 10:19:15 +08:00
|
|
|
|
return func(c *gin.Context) {
|
|
|
|
|
|
// 从请求头中获取 Authorization
|
|
|
|
|
|
authHeader := c.GetHeader("Authorization")
|
|
|
|
|
|
if authHeader == "" {
|
2025-08-23 21:17:51 +08:00
|
|
|
|
log.Printf("获取token异常:%v\n", "Authorization header is required")
|
2025-04-09 10:19:15 +08:00
|
|
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": "Authorization header is required"})
|
|
|
|
|
|
c.Abort()
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2025-08-23 21:17:51 +08:00
|
|
|
|
// 检测是否需要验证token时间
|
|
|
|
|
|
if time_verify {
|
|
|
|
|
|
// 判断时间claims.ExpiresAt
|
2025-10-13 13:10:01 +08:00
|
|
|
|
isExpire, err := token.New(env.Runtime.JwtSecretKey).IsExpired(authHeader)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
log.Println("token解析异常:", err)
|
|
|
|
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": "Token is required"})
|
|
|
|
|
|
c.Abort()
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
if isExpire {
|
2025-08-23 21:17:51 +08:00
|
|
|
|
log.Println("token过期,请重新获取:", "Token has expired")
|
|
|
|
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": "Token has expired"})
|
|
|
|
|
|
c.Abort()
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2025-04-09 10:19:15 +08:00
|
|
|
|
|
2025-10-13 13:10:01 +08:00
|
|
|
|
// 提取Token
|
|
|
|
|
|
claims, err := token.New(env.Runtime.JwtSecretKey).ParseJwt(authHeader)
|
|
|
|
|
|
if err != nil || claims == nil {
|
|
|
|
|
|
log.Printf("提取token异常:%v\n", err)
|
|
|
|
|
|
c.JSON(http.StatusUnauthorized, gin.H{"error": "Token is required"})
|
|
|
|
|
|
c.Abort()
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2025-04-09 10:19:15 +08:00
|
|
|
|
// 将解析后的 Token 存储到上下文中
|
|
|
|
|
|
c.Set("Auth", claims)
|
|
|
|
|
|
// 如果 Token 有效,继续处理请求
|
|
|
|
|
|
c.Next()
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2025-04-09 10:34:01 +08:00
|
|
|
|
|
2025-10-03 19:55:20 +08:00
|
|
|
|
// ParseAuth 获取上下文用户登录信息
|
|
|
|
|
|
// c: Gin上下文
|
|
|
|
|
|
// 返回: JWT声明信息
|
2025-04-09 10:34:01 +08:00
|
|
|
|
func ParseAuth(c *gin.Context) (*types.JwtClaims, error) {
|
|
|
|
|
|
claims, ok := c.Get("Auth")
|
|
|
|
|
|
if !ok {
|
2025-10-11 23:45:55 +08:00
|
|
|
|
log.Printf("获取登录信息异常: %v", errcode.ErrTokenAuthNotFound)
|
|
|
|
|
|
return nil, errcode.ErrTokenAuthNotFound
|
2025-04-09 10:34:01 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
json_claims, err := json.Marshal(claims)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
log.Printf("解析json异常: %v", err)
|
|
|
|
|
|
return nil, errcode.ErrJsonMarshal
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
var auth *types.JwtClaims
|
|
|
|
|
|
if err := json.Unmarshal(json_claims, &auth); err != nil {
|
|
|
|
|
|
log.Printf("解析json异常: %v", err)
|
|
|
|
|
|
return nil, errcode.ErrJsonUnmarshal
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return auth, nil
|
|
|
|
|
|
}
|
