Startsida Utforska Hjälp
Logga in
zhangyan
/
mini-prog
1
0
Fork 0
Filer Ärenden 0 Pull-förfrågningar 0 Wiki
Träd: 6cd16f08dd
Grenar Taggar
mini-prog
/
backend
/
internal
/
httpapi
/
middleware
/
ops_auth.go

ops_auth.go 2.1 KB
Historik

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677 
  1. package middleware
    2. 

  2. 

  3. import (
    4. 

  4. 	"context"
    5. 

  5. 	"net/http"
    6. 

  6. 	"strings"
    7. 

  7. 

  8. 	"cmr-backend/internal/apperr"
    9. 

  9. 	"cmr-backend/internal/httpx"
    10. 

  10. 	"cmr-backend/internal/platform/jwtx"
    11. 

  11. )
    12. 

  12. 

  13. type opsAuthContextKey string
    14. 

  14. 

  15. const opsAuthKey opsAuthContextKey = "ops-auth"
    16. 

  16. 

  17. type OpsAuthContext struct {
    18. 

  18. 	OpsUserID       string
    19. 

  19. 	OpsUserPublicID string
    20. 

  20. 	RoleCode        string
    21. 

  21. }
    22. 

  22. 

  23. func NewOpsAuthMiddleware(jwtManager *jwtx.Manager, appEnv string) func(http.Handler) http.Handler {
    24. 

  24. 	devContext := func(r *http.Request) *http.Request {
    25. 

  25. 		ctx := context.WithValue(r.Context(), opsAuthKey, &OpsAuthContext{
    26. 

  26. 			OpsUserID:       "dev-ops-user",
    27. 

  27. 			OpsUserPublicID: "ops_dev_console",
    28. 

  28. 			RoleCode:        "owner",
    29. 

  29. 		})
    30. 

  30. 		return r.WithContext(ctx)
    31. 

  31. 	}
    32. 

  32. 

  33. 	return func(next http.Handler) http.Handler {
    34. 

  34. 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    35. 

  35. 			authHeader := strings.TrimSpace(r.Header.Get("Authorization"))
    36. 

  36. 			if authHeader == "" || !strings.HasPrefix(authHeader, "Bearer ") {
    37. 

  37. 				if appEnv != "production" {
    38. 

  38. 					next.ServeHTTP(w, devContext(r))
    39. 

  39. 					return
    40. 

  40. 				}
    41. 

  41. 				httpx.WriteError(w, apperr.New(http.StatusUnauthorized, "unauthorized", "missing bearer token"))
    42. 

  42. 				return
    43. 

  43. 			}
    44. 

  44. 

  45. 			token := strings.TrimSpace(strings.TrimPrefix(authHeader, "Bearer "))
    46. 

  46. 			claims, err := jwtManager.ParseAccessToken(token)
    47. 

  47. 			if err != nil {
    48. 

  48. 				if appEnv != "production" {
    49. 

  49. 					next.ServeHTTP(w, devContext(r))
    50. 

  50. 					return
    51. 

  51. 				}
    52. 

  52. 				httpx.WriteError(w, apperr.New(http.StatusUnauthorized, "invalid_token", "invalid access token"))
    53. 

  53. 				return
    54. 

  54. 			}
    55. 

  55. 			if claims.ActorType != "ops" {
    56. 

  56. 				if appEnv != "production" {
    57. 

  57. 					next.ServeHTTP(w, devContext(r))
    58. 

  58. 					return
    59. 

  59. 				}
    60. 

  60. 				httpx.WriteError(w, apperr.New(http.StatusUnauthorized, "invalid_token", "invalid ops access token"))
    61. 

  61. 				return
    62. 

  62. 			}
    63. 

  63. 

  64. 			ctx := context.WithValue(r.Context(), opsAuthKey, &OpsAuthContext{
    65. 

  65. 				OpsUserID:       claims.UserID,
    66. 

  66. 				OpsUserPublicID: claims.UserPublicID,
    67. 

  67. 				RoleCode:        claims.RoleCode,
    68. 

  68. 			})
    69. 

  69. 			next.ServeHTTP(w, r.WithContext(ctx))
    70. 

  70. 		})
    71. 

  71. 	}
    72. 

  72. }
    73. 

  73. 

  74. func GetOpsAuthContext(ctx context.Context) *OpsAuthContext {
    75. 

  75. 	auth, _ := ctx.Value(opsAuthKey).(*OpsAuthContext)
    76. 

  76. 	return auth
    77. 

  77. }
    78.