80 lines
2.5 KiB
Go
80 lines
2.5 KiB
Go
package middleware
|
|
|
|
import (
|
|
"app-cloudep-portal-api-gateway/internal/domain"
|
|
"app-cloudep-portal-api-gateway/internal/types"
|
|
"context"
|
|
"net/http"
|
|
|
|
ers "code.30cm.net/digimon/library-go/errors"
|
|
token "code.30cm.net/digimon/library-go/jwt"
|
|
permissionRpc "code.30cm.net/digimon/proto-all/pkg/permission"
|
|
"github.com/zeromicro/go-zero/rest/httpx"
|
|
)
|
|
|
|
type AuthMiddlewareParam struct {
|
|
TokenSec string
|
|
TokenClient permissionRpc.TokenServiceClient
|
|
}
|
|
|
|
type AuthMiddleware struct {
|
|
tokenSec string
|
|
tokenClient permissionRpc.TokenServiceClient
|
|
}
|
|
|
|
func NewAuthMiddleware(param AuthMiddlewareParam) *AuthMiddleware {
|
|
return &AuthMiddleware{
|
|
tokenSec: param.TokenSec,
|
|
tokenClient: param.TokenClient,
|
|
}
|
|
}
|
|
|
|
// Handle 處理 Auth Middleware
|
|
func (m *AuthMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
|
|
return func(w http.ResponseWriter, r *http.Request) {
|
|
// 解析 Header
|
|
header := types.GetMemberHeader{}
|
|
if err := httpx.ParseHeaders(r, &header); err != nil {
|
|
m.writeErrorResponse(w, r, http.StatusBadRequest, "Failed to parse headers", int64(ers.InvalidFormat().FullCode()))
|
|
return
|
|
}
|
|
|
|
// 驗證 Token
|
|
claim, err := token.ParseClaims(header.Token, m.tokenSec, true)
|
|
if err != nil {
|
|
// 是否需要紀錄錯誤,是不是只要紀錄除了驗證失敗或過期之外的真錯誤
|
|
m.writeErrorResponse(w, r, http.StatusForbidden, err.Error(), int64(ers.Forbidden().FullCode()))
|
|
return
|
|
}
|
|
|
|
// 驗證 Token 是否在黑名單中
|
|
if _, err := m.tokenClient.ValidationToken(r.Context(), &permissionRpc.ValidationTokenReq{Token: header.Token}); err != nil {
|
|
m.writeErrorResponse(w, r, http.StatusForbidden, err.Error(), int64(ers.Forbidden().FullCode()))
|
|
return
|
|
}
|
|
|
|
// 設置 context 並傳遞給下一個處理器
|
|
ctx := SetContext(r, claim)
|
|
next(w, r.WithContext(ctx))
|
|
}
|
|
}
|
|
|
|
func SetContext(r *http.Request, claim token.DataClaims) context.Context {
|
|
ctx := context.WithValue(r.Context(), domain.RoleCode, claim.Role())
|
|
ctx = context.WithValue(ctx, domain.UidCode, claim.UID())
|
|
ctx = context.WithValue(ctx, domain.DeviceIDCode, claim.DeviceID())
|
|
ctx = context.WithValue(ctx, domain.ScopeCode, claim.Get(domain.ScopeCode.ToString()))
|
|
|
|
return ctx
|
|
}
|
|
|
|
// writeErrorResponse 用於處理錯誤回應
|
|
func (m *AuthMiddleware) writeErrorResponse(w http.ResponseWriter, r *http.Request, statusCode int, message string, code int64) {
|
|
httpx.WriteJsonCtx(r.Context(), w, statusCode, types.BaseResponse{
|
|
Status: types.Status{
|
|
Code: code,
|
|
Message: message,
|
|
},
|
|
})
|
|
}
|