refactor: introduce DTOs for claims, session, and request handling
feat: add token validation service method refactor: update middleware to use structured DTOs feat: implement session info propagation through context refactor: replace ad-hoc structs with DTOs in middleware chore: organize auth-related data structures
This commit is contained in:
@@ -21,6 +21,7 @@ import (
|
||||
"context"
|
||||
"easywish/config"
|
||||
"easywish/internal/database"
|
||||
"easywish/internal/dto"
|
||||
"easywish/internal/utils/enums"
|
||||
"errors"
|
||||
"fmt"
|
||||
@@ -34,14 +35,6 @@ import (
|
||||
"go.uber.org/zap"
|
||||
)
|
||||
|
||||
type Claims struct {
|
||||
Username string `json:"username"`
|
||||
Role enums.Role `json:"role"`
|
||||
Type enums.JwtTokenType `json:"type"`
|
||||
Session string `json:"session"`
|
||||
jwt.RegisteredClaims
|
||||
}
|
||||
|
||||
// XXX: cluttered; move cache & database check to auth service
|
||||
func AuthMiddleware(log *zap.Logger, dbctx database.DbContext, redisClient *redis.Client) gin.HandlerFunc {
|
||||
return func(c *gin.Context) {
|
||||
@@ -49,8 +42,12 @@ func AuthMiddleware(log *zap.Logger, dbctx database.DbContext, redisClient *redi
|
||||
authHeader := c.GetHeader("Authorization")
|
||||
|
||||
if authHeader == "" {
|
||||
c.Set("username", nil)
|
||||
c.Set("role", enums.GuestRole)
|
||||
|
||||
c.Set("session_info", dto.SessionInfo{
|
||||
Username: "",
|
||||
Session: "",
|
||||
Role: enums.GuestRole},
|
||||
)
|
||||
c.Next()
|
||||
return
|
||||
}
|
||||
@@ -59,7 +56,7 @@ func AuthMiddleware(log *zap.Logger, dbctx database.DbContext, redisClient *redi
|
||||
|
||||
token, err := jwt.ParseWithClaims(
|
||||
tokenString,
|
||||
&Claims{},
|
||||
&dto.UserClaims{},
|
||||
func(token *jwt.Token) (any, error) {
|
||||
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
|
||||
return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
|
||||
@@ -77,7 +74,7 @@ func AuthMiddleware(log *zap.Logger, dbctx database.DbContext, redisClient *redi
|
||||
return
|
||||
}
|
||||
|
||||
if claims, ok := token.Claims.(*Claims); ok && token.Valid {
|
||||
if claims, ok := token.Claims.(*dto.UserClaims); ok && token.Valid {
|
||||
|
||||
if claims.Type != enums.JwtAccessTokenType {
|
||||
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Not an access token"})
|
||||
@@ -142,8 +139,12 @@ func AuthMiddleware(log *zap.Logger, dbctx database.DbContext, redisClient *redi
|
||||
return
|
||||
}
|
||||
|
||||
c.Set("username", claims.Username)
|
||||
c.Set("role", claims.Role)
|
||||
c.Set("session_info", dto.SessionInfo{
|
||||
Username: claims.Username,
|
||||
Session: claims.Session,
|
||||
Role: claims.Role,
|
||||
})
|
||||
|
||||
c.Next()
|
||||
} else {
|
||||
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid claims"})
|
||||
|
||||
@@ -18,6 +18,7 @@
|
||||
package middleware
|
||||
|
||||
import (
|
||||
"easywish/internal/dto"
|
||||
"easywish/internal/utils/enums"
|
||||
"easywish/internal/validation"
|
||||
"fmt"
|
||||
@@ -27,58 +28,51 @@ import (
|
||||
"github.com/go-playground/validator/v10"
|
||||
)
|
||||
|
||||
type UserInfo struct {
|
||||
Username string
|
||||
Role enums.Role
|
||||
}
|
||||
|
||||
type Request[T any] struct {
|
||||
User UserInfo
|
||||
Body T
|
||||
}
|
||||
|
||||
const requestKey = "request"
|
||||
|
||||
func UserInfoFromContext(c *gin.Context) (*UserInfo, bool) {
|
||||
func ClientInfoFromContext(c *gin.Context) (*dto.ClientInfo, bool) {
|
||||
|
||||
var username any
|
||||
var role any
|
||||
var ok bool
|
||||
|
||||
username, ok = c.Get("username") ; if !ok {
|
||||
return &UserInfo{Username: "", Role: enums.GuestRole}, true
|
||||
}
|
||||
ip := c.ClientIP()
|
||||
userAgent := c.Request.UserAgent()
|
||||
|
||||
role, ok = c.Get("role"); if !ok {
|
||||
sessionInfoFromCtx, ok := c.Get("session_info"); if !ok {
|
||||
return nil, false
|
||||
}
|
||||
|
||||
if username == nil {
|
||||
return &UserInfo{Username: "", Role: enums.GuestRole}, true
|
||||
sessionInfo := sessionInfoFromCtx.(dto.SessionInfo)
|
||||
|
||||
if sessionInfo.Username == "" {
|
||||
return &dto.ClientInfo{
|
||||
SessionInfo: sessionInfo,
|
||||
IP: ip,
|
||||
UserAgent: userAgent,
|
||||
}, true
|
||||
}
|
||||
|
||||
if role == nil {
|
||||
return nil, false
|
||||
}
|
||||
|
||||
return &UserInfo{Username: username.(string), Role: role.(enums.Role)}, true
|
||||
return &dto.ClientInfo{
|
||||
SessionInfo: sessionInfo,
|
||||
IP: ip,
|
||||
UserAgent: userAgent,
|
||||
}, true
|
||||
}
|
||||
|
||||
func RequestFromContext[T any](c *gin.Context) Request[T] {
|
||||
return c.Value(requestKey).(Request[T])
|
||||
func RequestFromContext[T any](c *gin.Context) dto.Request[T] {
|
||||
return c.Value(requestKey).(dto.Request[T])
|
||||
}
|
||||
|
||||
func RequestMiddleware[T any](role enums.Role) gin.HandlerFunc {
|
||||
return gin.HandlerFunc(func(c *gin.Context) {
|
||||
|
||||
userInfo, ok := UserInfoFromContext(c)
|
||||
clientInfo, ok := ClientInfoFromContext(c)
|
||||
|
||||
if !ok {
|
||||
c.Status(http.StatusUnauthorized)
|
||||
return
|
||||
}
|
||||
|
||||
if userInfo.Role < role {
|
||||
if clientInfo.Role < role {
|
||||
c.Status(http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
@@ -99,8 +93,8 @@ func RequestMiddleware[T any](role enums.Role) gin.HandlerFunc {
|
||||
return
|
||||
}
|
||||
|
||||
request := Request[T]{
|
||||
User: *userInfo,
|
||||
request := dto.Request[T]{
|
||||
User: *clientInfo,
|
||||
Body: body,
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user