Etusivu Tutki Apua
Rekisteröidy Kirjaudu sisään
SD-SafeAI
/
shudao-main
3
0
Haarauta 0
Tiedostot Esitykset 0 Vetopyynnöt 0 Wiki
Puu: 62402e3664
Haarat Tunnisteet
shudao-main
/
shudao-go-backend
/
utils
/
auth_middleware.go

auth_middleware.go 1.7 KB
Historia Raaka

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788 
  1. package utils
    2. 

  2. 

  3. import (
    4. 

  4. 	"fmt"
    5. 

  5. 	"strings"
    6. 

  6. 

  7. 	"github.com/beego/beego/v2/server/web/context"
    8. 

  8. )
    9. 

  9. 

  10. // 不需要认证的路径
    11. 

  11. var skipPaths = []string{
    12. 

  12. 	"/stream-test",
    13. 

  13. 	"/simple-stream-test",
    14. 

  14. 	"/stream-chat-with-db-test",
    15. 

  15. 	"/assets/",
    16. 

  16. 	"/static/",
    17. 

  17. 	"/src/",
    18. 

  18. 	"/apiv1/oss/parse",
    19. 

  19. 	"/apiv1/auth/local_login",
    20. 

  20. 	"/apiv1/recommend_question",
    21. 

  21. }
    22. 

  22. 

  23. // AuthMiddleware Token认证中间件
    24. 

  24. func AuthMiddleware(ctx *context.Context) {
    25. 

  25. 	path := ctx.Request.URL.Path
    26. 

  26. 

  27. 	// 跳过根路径
    28. 

  28. 	if path == "/" {
    29. 

  29. 		return
    30. 

  30. 	}
    31. 

  31. 

  32. 	// 检查跳过路径
    33. 

  33. 	for _, skip := range skipPaths {
    34. 

  34. 		if path == skip || strings.HasPrefix(path, skip) {
    35. 

  35. 			return
    36. 

  36. 		}
    37. 

  37. 	}
    38. 

  38. 

  39. 	// 仅对API请求验证token
    40. 

  40. 	if !strings.HasPrefix(path, "/apiv1") {
    41. 

  41. 		return
    42. 

  42. 	}
    43. 

  43. 

  44. 	// 提取token
    45. 

  45. 	token := extractToken(ctx)
    46. 

  46. 	if token == "" {
    47. 

  47. 		ctx.Output.SetStatus(401)
    48. 

  48. 		ctx.Output.JSON(map[string]interface{}{
    49. 

  49. 			"statusCode": 401,
    50. 

  50. 			"msg":        "未提供认证token",
    51. 

  51. 		}, false, false)
    52. 

  52. 		return
    53. 

  53. 	}
    54. 

  54. 

  55. 	// 优先验证本地token
    56. 

  56. 	if localClaims, err := VerifyLocalToken(token); err == nil && localClaims != nil {
    57. 

  57. 		ctx.Input.SetData("userInfo", ConvertLocalClaimsToTokenUserInfo(localClaims))
    58. 

  58. 		return
    59. 

  59. 	}
    60. 

  60. 

  61. 	// 统一认证token验证
    62. 

  62. 	userInfo, err := VerifyToken(token)
    63. 

  63. 	if err != nil {
    64. 

  64. 		ctx.Output.SetStatus(401)
    65. 

  65. 		ctx.Output.JSON(map[string]interface{}{
    66. 

  66. 			"statusCode": 401,
    67. 

  67. 			"msg":        fmt.Sprintf("token验证失败: %v", err),
    68. 

  68. 		}, false, false)
    69. 

  69. 		return
    70. 

  70. 	}
    71. 

  71. 

  72. 	ctx.Input.SetData("userInfo", userInfo)
    73. 

  73. }
    74. 

  74. 

  75. // extractToken 从请求头提取token
    76. 

  76. func extractToken(ctx *context.Context) string {
    77. 

  77. 	token := ctx.Input.Header("token")
    78. 

  78. 	if token == "" {
    79. 

  79. 		token = ctx.Input.Header("Token")
    80. 

  80. 	}
    81. 

  81. 	if token == "" {
    82. 

  82. 		token = ctx.Input.Header("Authorization")
    83. 

  83. 		if strings.HasPrefix(token, "Bearer ") {
    84. 

  84. 			token = token[7:]
    85. 

  85. 		}
    86. 

  86. 	}
    87. 

  87. 	return token
    88. 

  88. }
    89.