c57ec3aa82
## 后端架构 (Go + Gin + GORM) - ✅ 完整的分层架构 (API/Service/Repository) - ✅ PostgreSQL数据库设计和迁移脚本 - ✅ JWT认证系统和权限控制 - ✅ 用户、照片、分类、标签等核心模型 - ✅ 中间件系统 (认证、CORS、日志) - ✅ 配置管理和环境变量支持 - ✅ 结构化日志和错误处理 - ✅ Makefile构建和部署脚本 ## 管理后台架构 (React + TypeScript) - ✅ Vite + React 18 + TypeScript现代化架构 - ✅ 路由系统和状态管理 (Zustand + TanStack Query) - ✅ 基于Radix UI的组件库基础 - ✅ 认证流程和权限控制 - ✅ 响应式设计和主题系统 ## 数据库设计 - ✅ 用户表 (角色权限、认证信息) - ✅ 照片表 (元数据、EXIF、状态管理) - ✅ 分类表 (层级结构、封面图片) - ✅ 标签表 (使用统计、标签云) - ✅ 关联表 (照片-标签多对多) ## 技术特点 - 🚀 高性能: Gin框架 + GORM ORM - 🔐 安全: JWT认证 + 密码加密 + 权限控制 - 📊 监控: 结构化日志 + 健康检查 - 🎨 现代化: React 18 + TypeScript + Vite - 📱 响应式: Tailwind CSS + Radix UI 参考文档: docs/development/saved-docs/
217 lines
4.6 KiB
Go
217 lines
4.6 KiB
Go
package middleware
|
|
|
|
import (
|
|
"net/http"
|
|
"strings"
|
|
"github.com/gin-gonic/gin"
|
|
"photography-backend/internal/service/auth"
|
|
"photography-backend/internal/models"
|
|
)
|
|
|
|
// AuthMiddleware 认证中间件
|
|
type AuthMiddleware struct {
|
|
jwtService *auth.JWTService
|
|
}
|
|
|
|
// NewAuthMiddleware 创建认证中间件
|
|
func NewAuthMiddleware(jwtService *auth.JWTService) *AuthMiddleware {
|
|
return &AuthMiddleware{
|
|
jwtService: jwtService,
|
|
}
|
|
}
|
|
|
|
// RequireAuth 需要认证的中间件
|
|
func (m *AuthMiddleware) RequireAuth() gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
// 从Header中获取Authorization
|
|
authHeader := c.GetHeader("Authorization")
|
|
if authHeader == "" {
|
|
c.JSON(http.StatusUnauthorized, gin.H{
|
|
"error": "Authorization header is required",
|
|
})
|
|
c.Abort()
|
|
return
|
|
}
|
|
|
|
// 检查Bearer前缀
|
|
if !strings.HasPrefix(authHeader, "Bearer ") {
|
|
c.JSON(http.StatusUnauthorized, gin.H{
|
|
"error": "Invalid authorization header format",
|
|
})
|
|
c.Abort()
|
|
return
|
|
}
|
|
|
|
// 提取token
|
|
token := strings.TrimPrefix(authHeader, "Bearer ")
|
|
|
|
// 验证token
|
|
claims, err := m.jwtService.ValidateToken(token)
|
|
if err != nil {
|
|
c.JSON(http.StatusUnauthorized, gin.H{
|
|
"error": "Invalid or expired token",
|
|
})
|
|
c.Abort()
|
|
return
|
|
}
|
|
|
|
// 将用户信息存入上下文
|
|
c.Set("user_id", claims.UserID)
|
|
c.Set("username", claims.Username)
|
|
c.Set("user_role", claims.Role)
|
|
|
|
c.Next()
|
|
}
|
|
}
|
|
|
|
// RequireRole 需要特定角色的中间件
|
|
func (m *AuthMiddleware) RequireRole(requiredRole string) gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
userRole, exists := c.Get("user_role")
|
|
if !exists {
|
|
c.JSON(http.StatusUnauthorized, gin.H{
|
|
"error": "User role not found in context",
|
|
})
|
|
c.Abort()
|
|
return
|
|
}
|
|
|
|
roleStr, ok := userRole.(string)
|
|
if !ok {
|
|
c.JSON(http.StatusUnauthorized, gin.H{
|
|
"error": "Invalid user role",
|
|
})
|
|
c.Abort()
|
|
return
|
|
}
|
|
|
|
// 检查角色权限
|
|
if !m.hasPermission(roleStr, requiredRole) {
|
|
c.JSON(http.StatusForbidden, gin.H{
|
|
"error": "Insufficient permissions",
|
|
})
|
|
c.Abort()
|
|
return
|
|
}
|
|
|
|
c.Next()
|
|
}
|
|
}
|
|
|
|
// RequireAdmin 需要管理员权限的中间件
|
|
func (m *AuthMiddleware) RequireAdmin() gin.HandlerFunc {
|
|
return m.RequireRole(models.RoleAdmin)
|
|
}
|
|
|
|
// RequireEditor 需要编辑者权限的中间件
|
|
func (m *AuthMiddleware) RequireEditor() gin.HandlerFunc {
|
|
return m.RequireRole(models.RoleEditor)
|
|
}
|
|
|
|
// OptionalAuth 可选认证中间件
|
|
func (m *AuthMiddleware) OptionalAuth() gin.HandlerFunc {
|
|
return func(c *gin.Context) {
|
|
authHeader := c.GetHeader("Authorization")
|
|
if authHeader == "" {
|
|
c.Next()
|
|
return
|
|
}
|
|
|
|
if !strings.HasPrefix(authHeader, "Bearer ") {
|
|
c.Next()
|
|
return
|
|
}
|
|
|
|
token := strings.TrimPrefix(authHeader, "Bearer ")
|
|
claims, err := m.jwtService.ValidateToken(token)
|
|
if err != nil {
|
|
c.Next()
|
|
return
|
|
}
|
|
|
|
// 将用户信息存入上下文
|
|
c.Set("user_id", claims.UserID)
|
|
c.Set("username", claims.Username)
|
|
c.Set("user_role", claims.Role)
|
|
|
|
c.Next()
|
|
}
|
|
}
|
|
|
|
// GetCurrentUser 获取当前用户ID
|
|
func GetCurrentUser(c *gin.Context) (uint, bool) {
|
|
userID, exists := c.Get("user_id")
|
|
if !exists {
|
|
return 0, false
|
|
}
|
|
|
|
id, ok := userID.(uint)
|
|
return id, ok
|
|
}
|
|
|
|
// GetCurrentUserRole 获取当前用户角色
|
|
func GetCurrentUserRole(c *gin.Context) (string, bool) {
|
|
userRole, exists := c.Get("user_role")
|
|
if !exists {
|
|
return "", false
|
|
}
|
|
|
|
role, ok := userRole.(string)
|
|
return role, ok
|
|
}
|
|
|
|
// GetCurrentUsername 获取当前用户名
|
|
func GetCurrentUsername(c *gin.Context) (string, bool) {
|
|
username, exists := c.Get("username")
|
|
if !exists {
|
|
return "", false
|
|
}
|
|
|
|
name, ok := username.(string)
|
|
return name, ok
|
|
}
|
|
|
|
// IsAuthenticated 检查是否已认证
|
|
func IsAuthenticated(c *gin.Context) bool {
|
|
_, exists := c.Get("user_id")
|
|
return exists
|
|
}
|
|
|
|
// IsAdmin 检查是否为管理员
|
|
func IsAdmin(c *gin.Context) bool {
|
|
role, exists := GetCurrentUserRole(c)
|
|
if !exists {
|
|
return false
|
|
}
|
|
return role == models.RoleAdmin
|
|
}
|
|
|
|
// IsEditor 检查是否为编辑者或以上
|
|
func IsEditor(c *gin.Context) bool {
|
|
role, exists := GetCurrentUserRole(c)
|
|
if !exists {
|
|
return false
|
|
}
|
|
return role == models.RoleEditor || role == models.RoleAdmin
|
|
}
|
|
|
|
// hasPermission 检查权限
|
|
func (m *AuthMiddleware) hasPermission(userRole, requiredRole string) bool {
|
|
roleLevel := map[string]int{
|
|
models.RoleUser: 1,
|
|
models.RoleEditor: 2,
|
|
models.RoleAdmin: 3,
|
|
}
|
|
|
|
userLevel, exists := roleLevel[userRole]
|
|
if !exists {
|
|
return false
|
|
}
|
|
|
|
requiredLevel, exists := roleLevel[requiredRole]
|
|
if !exists {
|
|
return false
|
|
}
|
|
|
|
return userLevel >= requiredLevel
|
|
} |