starset-mirror/tss-rocks
1
0
Fork 0
Code Issues 3 Pull requests Projects Releases Packages Wiki Activity Actions

[feature/backend] implement /auth/logout handling + overall enhancement

Browse source
This commit is contained in:
CDN 2025-02-21 05:44:18 +08:00
parent d8d8e4b0d7
commit e5fc8691bf
Signed by: CDN
GPG key ID: 0C656827F9F80080
12 changed files with 420 additions and 64 deletions
Download patch file Download diff file Expand all files Collapse all files

70
backend/internal/middleware/auth.go
View file

@ -10,10 +10,11 @@ import (
"github.com/gin-gonic/gin"
"github.com/golang-jwt/jwt/v5"
"github.com/rs/zerolog/log"
"tss-rocks-be/internal/service"
)
// AuthMiddleware creates a middleware for JWT authentication
func AuthMiddleware(jwtSecret string) gin.HandlerFunc {
func AuthMiddleware(jwtSecret string, tokenBlacklist *service.TokenBlacklist) gin.HandlerFunc {
return func(c *gin.Context) {
authHeader := c.GetHeader("Authorization")
if authHeader == "" {
@ -29,8 +30,20 @@ func AuthMiddleware(jwtSecret string) gin.HandlerFunc {
return
}
token, err := jwt.Parse(parts[1], func(token *jwt.Token) (interface{}, error) {
tokenStr := parts[1]
// 检查 token 是否在黑名单中
if tokenBlacklist.IsBlacklisted(tokenStr) {
c.JSON(http.StatusUnauthorized, gin.H{"error": "Token has been revoked"})
c.Abort()
return
}
token, err := jwt.Parse(tokenStr, func(token *jwt.Token) (interface{}, error) {
// 添加调试输出
log.Debug().Str("token", tokenStr).Msg("Parsing token")
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
log.Error().Str("method", token.Method.Alg()).Msg("Invalid signing method")
return nil, jwt.ErrSignatureInvalid
}
return []byte(jwtSecret), nil
@ -62,42 +75,43 @@ func AuthMiddleware(jwtSecret string) gin.HandlerFunc {
Interface("value", sub).
Msg("User ID from token")
var userID int
// 将用户 ID 转换为字符串
var userIDStr string
switch v := sub.(type) {
case string:
var err error
userID, err = strconv.Atoi(v)
if err != nil {
log.Error().Err(err).Str("sub", v).Msg("Failed to convert string user ID to int")
c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid user ID format"})
c.Abort()
return
}
userIDStr = v
case float64:
userID = int(v)
userIDStr = strconv.FormatFloat(v, 'f', 0, 64)
case json.Number:
var err error
userID, err = strconv.Atoi(v.String())
if err != nil {
log.Error().Err(err).Str("sub", v.String()).Msg("Failed to convert json.Number user ID to int")
c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid user ID format"})
c.Abort()
return
}
userIDStr = v.String()
default:
userIDStr = fmt.Sprintf("%v", v)
}
// 验证用户 ID 是否为有效的数字字符串
_, err := strconv.Atoi(userIDStr)
if err != nil {
log.Error().
Str("type", fmt.Sprintf("%T", sub)).
Interface("value", sub).
Msg("Unexpected user ID type")
c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid user ID type"})
Err(err).
Str("user_id", userIDStr).
Msg("Invalid user ID format")
c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid user ID format"})
c.Abort()
return
}
// 将 userID 转换为 int64 以确保类型一致性
c.Set("user_id", int64(userID))
if roles, ok := claims["roles"].([]interface{}); ok {
c.Set("user_roles", roles)
// 设置用户 ID
c.Set("user_id", userIDStr)
// 设置用户角色
if role, ok := claims["role"].(string); ok {
log.Debug().Str("role", role).Msg("Found user role")
c.Set("user_role", role)
} else {
log.Error().Interface("role", claims["role"]).Msg("Invalid or missing role claim")
c.JSON(http.StatusUnauthorized, gin.H{"error": "Invalid role format"})
c.Abort()
return
}
c.Next()
} else {