leaf-library-3/internal/api/http/middleware/auth.go

package middleware

import (
	"leafdev.top/Leaf/leaf-library-3/internal/pkg/response"
	"net/http"
	"slices"
	"strings"

	"leafdev.top/Leaf/leaf-library-3/internal/constants"
	authType "leafdev.top/Leaf/leaf-library-3/internal/dto/user"
	"leafdev.top/Leaf/leaf-library-3/internal/errs"

	"github.com/gofiber/fiber/v2"
	"leafdev.top/Leaf/leaf-library-3/internal/base/conf"
	authService "leafdev.top/Leaf/leaf-library-3/internal/services/auth"
)

type Auth struct {
	config      *conf.Config
	authService *authService.Service
}

var audienceLength int

func NewAuth(config *conf.Config, authService *authService.Service) *Auth {
	audienceLength = len(config.App.AllowedAudiences)

	return &Auth{
		config,
		authService,
	}
}

func (a *Auth) Handler() fiber.Handler {
	return func(c *fiber.Ctx) error {
		var r = response.Ctx(c)
		var err error
		var token = new(authType.User)

		if a.config.Debug.Enabled {
			token, err = a.authService.AuthFromToken(constants.JwtTokenTypeAccessToken, "")
			if err != nil {
				return r.Error(err).Send()
			}

			c.Locals(constants.AuthMiddlewareKey, token)

			return c.Next()
		}

		authorization := c.Get(constants.AuthHeader)

		r.Status(http.StatusUnauthorized)

		if authorization == "" {
			return r.Error(errs.JWTFormatError).Send()
		}

		authSplit := strings.Split(authorization, " ")
		if len(authSplit) != 2 {
			return r.Error(errs.JWTFormatError).Send()
		}

		if authSplit[0] != constants.AuthPrefix {
			return r.Error(errs.NotBearerType).Send()
		}

		token, err = a.authService.AuthFromToken(constants.JwtTokenTypeIDToken, authSplit[1])

		if err != nil {
			return r.Error(err).Send()
		}

		if token == nil {
			return r.Error(err).Send()
		}

		if audienceLength > 0 {
			// 检测 aud
			if !slices.Contains(a.config.App.AllowedAudiences, token.Token.Aud) {
				return r.Error(errs.NotValidToken).Send()
			}
		}

		c.Locals(constants.AuthMiddlewareKey, token)

		return c.Next()
	}

}
init 2024-12-05 17:44:29 +00:00			`package middleware`

			`import (`
update 2024-12-10 10:22:14 +00:00			`"leafdev.top/Leaf/leaf-library-3/internal/pkg/response"`
init 2024-12-05 17:44:29 +00:00			`"net/http"`
			`"slices"`
			`"strings"`

update 2024-12-10 10:22:14 +00:00			`"leafdev.top/Leaf/leaf-library-3/internal/constants"`
			`authType "leafdev.top/Leaf/leaf-library-3/internal/dto/user"`
			`"leafdev.top/Leaf/leaf-library-3/internal/errs"`
update 2024-12-06 15:38:22 +00:00
			`"github.com/gofiber/fiber/v2"`
update 2024-12-10 10:22:14 +00:00			`"leafdev.top/Leaf/leaf-library-3/internal/base/conf"`
			`authService "leafdev.top/Leaf/leaf-library-3/internal/services/auth"`
init 2024-12-05 17:44:29 +00:00			`)`

			`type Auth struct {`
			`config *conf.Config`
update 2024-12-06 15:38:22 +00:00			`authService *authService.Service`
init 2024-12-05 17:44:29 +00:00			`}`

			`var audienceLength int`

update 2024-12-06 15:38:22 +00:00			`func NewAuth(config conf.Config, authService authService.Service) *Auth {`
init 2024-12-05 17:44:29 +00:00			`audienceLength = len(config.App.AllowedAudiences)`

			`return &Auth{`
			`config,`
			`authService,`
			`}`
			`}`

			`func (a *Auth) Handler() fiber.Handler {`
			`return func(c *fiber.Ctx) error {`
update 2024-12-10 10:22:14 +00:00			`var r = response.Ctx(c)`
init 2024-12-05 17:44:29 +00:00			`var err error`
update 2024-12-06 15:38:22 +00:00			`var token = new(authType.User)`
init 2024-12-05 17:44:29 +00:00
			`if a.config.Debug.Enabled {`
update 2024-12-06 15:38:22 +00:00			`token, err = a.authService.AuthFromToken(constants.JwtTokenTypeAccessToken, "")`
init 2024-12-05 17:44:29 +00:00			`if err != nil {`
			`return r.Error(err).Send()`
			`}`

update 2024-12-06 15:38:22 +00:00			`c.Locals(constants.AuthMiddlewareKey, token)`
init 2024-12-05 17:44:29 +00:00
			`return c.Next()`
			`}`

update 2024-12-06 15:38:22 +00:00			`authorization := c.Get(constants.AuthHeader)`
init 2024-12-05 17:44:29 +00:00
update 2024-12-10 10:45:46 +00:00			`r.Status(http.StatusUnauthorized)`

init 2024-12-05 17:44:29 +00:00			`if authorization == "" {`
update 2024-12-06 15:38:22 +00:00			`return r.Error(errs.JWTFormatError).Send()`
init 2024-12-05 17:44:29 +00:00			`}`

			`authSplit := strings.Split(authorization, " ")`
			`if len(authSplit) != 2 {`
update 2024-12-06 15:38:22 +00:00			`return r.Error(errs.JWTFormatError).Send()`
init 2024-12-05 17:44:29 +00:00			`}`

update 2024-12-06 15:38:22 +00:00			`if authSplit[0] != constants.AuthPrefix {`
			`return r.Error(errs.NotBearerType).Send()`
init 2024-12-05 17:44:29 +00:00			`}`

update 2024-12-06 15:38:22 +00:00			`token, err = a.authService.AuthFromToken(constants.JwtTokenTypeIDToken, authSplit[1])`
init 2024-12-05 17:44:29 +00:00
			`if err != nil {`
update 2024-12-10 10:45:46 +00:00			`return r.Error(err).Send()`
init 2024-12-05 17:44:29 +00:00			`}`

			`if token == nil {`
update 2024-12-10 10:45:46 +00:00			`return r.Error(err).Send()`
init 2024-12-05 17:44:29 +00:00			`}`

			`if audienceLength > 0 {`
			`// 检测 aud`
			`if !slices.Contains(a.config.App.AllowedAudiences, token.Token.Aud) {`
update 2024-12-06 15:38:22 +00:00			`return r.Error(errs.NotValidToken).Send()`
init 2024-12-05 17:44:29 +00:00			`}`
			`}`

update 2024-12-06 15:38:22 +00:00			`c.Locals(constants.AuthMiddlewareKey, token)`
init 2024-12-05 17:44:29 +00:00
			`return c.Next()`
			`}`

			`}`