refact:openteam

2025-01-01 23:10:01 +08:00
parent 1f5e1c221c
commit 65d6d12972
18 changed files with 1126 additions and 106 deletions
--- a/team/middleware.go
+++ b/team/middleware.go
@@ -0,0 +1,69 @@
+package team
+
+import (
+	"log"
+	"net/http"
+	"opencatd-open/store"
+	"strings"
+
+	"github.com/gin-contrib/cors"
+	"github.com/gin-gonic/gin"
+)
+
+var (
+	rootToken string
+)
+
+func AuthMiddleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if rootToken == "" {
+			u, err := store.GetUserByID(uint(1))
+			if err != nil {
+				c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized"})
+				c.Abort()
+				return
+			}
+			rootToken = u.Token
+		}
+		token := c.GetHeader("Authorization")
+		if token == "" || token[:7] != "Bearer " {
+			c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized"})
+			c.Abort()
+			return
+		}
+		if store.IsExistAuthCache(token[7:]) {
+			if strings.HasPrefix(c.Request.URL.Path, "/1/me") {
+				c.Next()
+				return
+			}
+		}
+		if token[7:] != rootToken {
+			u, err := store.GetUserByID(uint(1))
+			if err != nil {
+				log.Println(err)
+				c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized"})
+				c.Abort()
+				return
+			}
+			if token[:7] != u.Token {
+				c.JSON(http.StatusUnauthorized, gin.H{"error": "Unauthorized"})
+				c.Abort()
+				return
+			}
+			rootToken = u.Token
+			store.LoadAuthCache()
+		}
+		// 可以在这里对 token 进行验证并检查权限
+
+		c.Next()
+	}
+}
+
+func CORS() gin.HandlerFunc {
+	config := cors.DefaultConfig()
+	config.AllowAllOrigins = true
+	config.AllowCredentials = true
+	config.AllowMethods = []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"}
+	config.AllowHeaders = []string{"*"}
+	return cors.New(config)
+}