Losita/smartmate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b08ee1789332fda195222f3f4ca662c14fe0ea47
smartmate/backend/gateway/middleware/token_handler.go
Losita b08ee17893 Version: 0.9.66.dev.260504 
后端:
1. 阶段 2 user/auth 服务边界落地,新增 `cmd/userauth` go-zero zrpc 服务、`services/userauth` 核心实现、gateway user API/zrpc client 与 shared contracts/ports,迁移注册、登录、刷新 token、登出、JWT、黑名单和 token 额度治理
2. gateway 与启动装配切流,`cmd/all` 只保留边缘路由、鉴权和轻量组合,通过 userauth zrpc 访问核心用户能力;拆分 MySQL/Redis 初始化与 AutoMigrate 边界,`userauth` 自迁 `users` 和 token 记账幂等表,`all` 不再迁用户表
3. 清退 Gin 单体旧 user/auth DAO、model、service、router、middleware 和 JWT handler,并同步调整 agent/schedule/cache/outbox 相关调用依赖
4. 补齐 refresh token 防并发重放、MySQL 幂等 token 记账、额度 `>=` 拦截和 RPC 错误映射,避免重复记账与内部错误透出

文档:
1. 新增《学习计划论坛与Token商店PRD》
2026-05-04 15:20:47 +08:00

76 lines
2.0 KiB
Go
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
package middleware
import (
"context"
"errors"
"net/http"
"strings"
"time"
"github.com/LoveLosita/smartflow/backend/respond"
"github.com/LoveLosita/smartflow/backend/shared/ports"
"github.com/gin-gonic/gin"
)
// ExtractTokenFromAuthorization 从 Authorization 头中提取 token。
// 职责边界:
// 1. 兼容裸 token 与 Bearer token 两种传参方式;
// 2. 不做签名校验,只做字符串提取;
// 3. 返回空串表示缺少或格式非法。
func ExtractTokenFromAuthorization(header string) string {
trimmed := strings.TrimSpace(header)
if trimmed == "" {
return ""
}
parts := strings.Fields(trimmed)
if len(parts) == 2 && strings.EqualFold(parts[0], "Bearer") {
return strings.TrimSpace(parts[1])
}
if len(parts) == 1 {
return parts[0]
}
return ""
}
// JWTTokenAuth 负责 access token 的 gateway 边缘鉴权。
// 职责边界:
// 1. 只验证 token并把 user_id 写入 gin 上下文;
// 2. 不直连 Redis、JWT 或 users 表,所有核心校验都交给 userauth 服务;
// 3. 校验失败时直接中断请求,由 respond 风格统一写回前端。
func JWTTokenAuth(validator ports.AccessTokenValidator) gin.HandlerFunc {
return func(c *gin.Context) {
if validator == nil {
c.JSON(http.StatusInternalServerError, respond.InternalError(errors.New("token validator dependency not initialized")))
c.Abort()
return
}
tokenString := ExtractTokenFromAuthorization(c.GetHeader("Authorization"))
if tokenString == "" {
c.JSON(http.StatusUnauthorized, respond.MissingToken)
c.Abort()
return
}
ctx, cancel := context.WithTimeout(c.Request.Context(), 2*time.Second)
defer cancel()
resp, err := validator.ValidateAccessToken(ctx, tokenString)
if err != nil {
writeRespondError(c, err)
c.Abort()
return
}
if resp == nil || !resp.Valid || resp.UserID <= 0 {
c.JSON(http.StatusUnauthorized, respond.InvalidClaims)
c.Abort()
return
}
c.Set("user_id", resp.UserID)
c.Set("claims", resp)
c.Next()
}
}
Reference in New Issue View Git Blame Copy Permalink