git-sync/crawlab
1
0
Fork 0
mirror of https://github.com/crawlab-team/crawlab.git synced 2026-01-23 17:31:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
484a7ec17c4da9bf550e82bb958deff58e00a22a
crawlab/backend/middlewares/auth.go
yaziming 9f43e08ff9 Backend: 
improve
     - AuthMiddleware 注入当前用户的信息
     - 增加Context服务支持快捷获取当前登录者信息
     - 重构Login/GetMe接口逻辑避免重复的数据库查询
     - 规范化error信息声明(向下兼容,旧代码可逐渐迁移规范化)
     - 修正部分不符合规范的代码
2019-08-31 21:26:56 +08:00

55 lines
1.2 KiB
Go
Raw Blame History

package middlewares
import (
"crawlab/constants"
"crawlab/routes"
"crawlab/services"
"github.com/gin-gonic/gin"
"net/http"
"strings"
)
func AuthorizationMiddleware() gin.HandlerFunc {
return func(c *gin.Context) {
// 如果为登录或注册,不用校验
//if c.Request.URL.Path == "/login" ||
// (c.Request.URL.Path == "/users" && c.Request.Method == "PUT") ||
// strings.HasSuffix(c.Request.URL.Path, "download") {
// c.Next()
// return
//}
// 获取token string
tokenStr := c.GetHeader("Authorization")
// 校验token
user, err := services.CheckToken(tokenStr)
// 校验失败,返回错误响应
if err != nil {
c.AbortWithStatusJSON(http.StatusUnauthorized, routes.Response{
Status: "ok",
Message: "unauthorized",
Error: "unauthorized",
})
return
}
// 如果为普通权限,校验请求地址是否符合要求
if user.Role == constants.RoleNormal {
if strings.HasPrefix(strings.ToLower(c.Request.URL.Path), "/users") {
c.AbortWithStatusJSON(http.StatusUnauthorized, routes.Response{
Status: "ok",
Message: "unauthorized",
Error: "unauthorized",
})
return
}
}
c.Set(constants.ContextUser, &user)
// 校验成功
c.Next()
}
}
Reference in New Issue View Git Blame Copy Permalink