refactor: 使用session鉴权

2026-02-06 18:47:31 +08:00 · 2024-07-11 02:51:49 +08:00
parent 7907345521
commit c4e01b37b7
11 changed files with 171 additions and 117 deletions
--- a/app/http/middleware/jwt.go
+++ b/app/http/middleware/jwt.go
@@ -1,47 +0,0 @@
-package middleware
-
-import (
-	"errors"
-
-	"github.com/goravel/framework/auth"
-	"github.com/goravel/framework/contracts/http"
-	"github.com/goravel/framework/facades"
-)
-
-// Jwt 确保通过 JWT 鉴权
-func Jwt() http.Middleware {
-	return func(ctx http.Context) {
-		translate := facades.Lang(ctx)
-		token := ctx.Request().Header("Authorization", ctx.Request().Header("Sec-WebSocket-Protocol"))
-		if len(token) == 0 {
-			ctx.Request().AbortWithStatusJson(http.StatusUnauthorized, http.Json{
-				"message": translate.Get("auth.token.missing"),
-			})
-			return
-		}
-
-		// JWT 鉴权
-		if _, err := facades.Auth(ctx).Parse(token); err != nil {
-			if errors.Is(err, auth.ErrorTokenExpired) {
-				token, err = facades.Auth(ctx).Refresh()
-				if err != nil {
-					// 到达刷新时间上限
-					ctx.Request().AbortWithStatusJson(http.StatusUnauthorized, http.Json{
-						"message": translate.Get("auth.token.expired"),
-					})
-					return
-				}
-
-				token = "Bearer " + token
-			} else {
-				ctx.Request().AbortWithStatusJson(http.StatusUnauthorized, http.Json{
-					"message": translate.Get("auth.token.expired"),
-				})
-				return
-			}
-		}
-
-		ctx.Response().Header("Authorization", token)
-		ctx.Request().Next()
-	}
-}
--- a/app/http/middleware/session.go
+++ b/app/http/middleware/session.go
@@ -0,0 +1,39 @@
+package middleware
+
+import (
+	"github.com/goravel/framework/contracts/http"
+	"github.com/goravel/framework/facades"
+	"github.com/spf13/cast"
+)
+
+// Session 确保通过 JWT 鉴权
+func Session() http.Middleware {
+	return func(ctx http.Context) {
+		translate := facades.Lang(ctx)
+
+		if !ctx.Request().HasSession() {
+			ctx.Request().AbortWithStatusJson(http.StatusUnauthorized, http.Json{
+				"message": translate.Get("auth.session.missing"),
+			})
+			return
+		}
+
+		if ctx.Request().Session().Missing("user_id") {
+			ctx.Request().AbortWithStatusJson(http.StatusUnauthorized, http.Json{
+				"message": translate.Get("auth.session.expired"),
+			})
+			return
+		}
+
+		userID := cast.ToUint(ctx.Request().Session().Get("user_id"))
+		if userID == 0 {
+			ctx.Request().AbortWithStatusJson(http.StatusUnauthorized, http.Json{
+				"message": translate.Get("auth.session.invalid"),
+			})
+			return
+		}
+
+		ctx.WithValue("user_id", userID)
+		ctx.Request().Next()
+	}
+}