biz-member-gateway/internal/middleware/auth_middleware.go

package middleware

import (
	"biz-member-gateway/internal/types"
	"context"
	"net/http"

	"code.30cm.net/digimon/app-cloudep-permission-server/pkg/domain/token"
	ers "code.30cm.net/digimon/library-go/errors"
	permissionRPC "code.30cm.net/digimon/proto-all/pkg/permission"
	"github.com/zeromicro/go-zero/rest/httpx"
)

type AuthMiddlewareParam struct {
	TokenRPC permissionRPC.TokenServiceClient
}

type AuthMiddleware struct {
	TokenRPC permissionRPC.TokenServiceClient
}

func NewAuthMiddleware(param AuthMiddlewareParam) *AuthMiddleware {
	return &AuthMiddleware{TokenRPC: param.TokenRPC}
}

func (m *AuthMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		// 解析 Header
		header := types.VerifyHeader{}
		if err := httpx.ParseHeaders(r, &header); err != nil {
			m.writeErrorResponse(w, r, http.StatusBadRequest, "Failed to parse headers", int64(ers.InvalidFormat().FullCode()))

			return
		}

		// 驗證 Token
		claim, err := m.TokenRPC.GetSystemClaimByAccessToken(r.Context(), &permissionRPC.GetSystemClaimReq{
			AccessToken: header.Token,
			IsExpired:   true,
		})
		if err != nil {
			// 是否需要紀錄錯誤，是不是只要紀錄除了驗證失敗或過期之外的真錯誤
			m.writeErrorResponse(w, r,
				http.StatusUnauthorized, "failed to verify toke",
				int64(100400))

			return
		}

		// 驗證 Token 是否在黑名單中
		if _, err := m.TokenRPC.ValidationToken(r.Context(), &permissionRPC.ValidationTokenReq{Token: header.Token}); err != nil {
			m.writeErrorResponse(w, r, http.StatusForbidden,
				"failed to get toke",
				int64(100400))

			return
		}

		// 設置 context 並傳遞給下一個處理器
		ctx := SetContext(r, claim.Data)
		//nolint:contextcheck
		next(w, r.WithContext(ctx))
	}
}

func SetContext(r *http.Request, claim map[string]string) context.Context {
	ctx := context.WithValue(r.Context(), token.Role.String(), claim[token.Role.String()])
	ctx = context.WithValue(ctx, token.UID.String(), claim[token.UID.String()])
	ctx = context.WithValue(ctx, token.Account.String(), claim[token.Account.String()])
	ctx = context.WithValue(ctx, token.Scope.String(), claim[token.Scope.String()])
	ctx = context.WithValue(ctx, token.Device.String(), claim[token.Device.String()])

	return ctx
}

// writeErrorResponse 用於處理錯誤回應
func (m *AuthMiddleware) writeErrorResponse(w http.ResponseWriter, r *http.Request, statusCode int, message string, code int64) {
	httpx.WriteJsonCtx(r.Context(), w, statusCode, types.BaseResponse{
		Status: types.Status{
			Code:    code,
			Message: message,
		},
	})
}