✨ add api signature

app/core/api/internal/handler/routes.go

@@ -12,6 +12,7 @@ import (
 	comment "schisandra-album-cloud-microservices/app/core/api/internal/handler/comment"
 	oauth "schisandra-album-cloud-microservices/app/core/api/internal/handler/oauth"
 	sms "schisandra-album-cloud-microservices/app/core/api/internal/handler/sms"
+	token "schisandra-album-cloud-microservices/app/core/api/internal/handler/token"
 	user "schisandra-album-cloud-microservices/app/core/api/internal/handler/user"
 	websocket "schisandra-album-cloud-microservices/app/core/api/internal/handler/websocket"
 	"schisandra-album-cloud-microservices/app/core/api/internal/svc"
@@ -99,7 +100,6 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
 			}...,
 		),
 		rest.WithJwt(serverCtx.Config.Auth.AccessSecret),
-		rest.WithSignature(serverCtx.Config.Signature),
 		rest.WithPrefix("/api/auth/comment"),
 		rest.WithTimeout(10000*time.Millisecond),
 		rest.WithMaxBytes(1048576),
@@ -182,6 +182,23 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
 		rest.WithMaxBytes(1048576),
 	)
 
+	server.AddRoutes(
+		rest.WithMiddlewares(
+			[]rest.Middleware{serverCtx.SecurityHeadersMiddleware, serverCtx.CasbinVerifyMiddleware},
+			[]rest.Route{
+				{
+					Method:  http.MethodPost,
+					Path:    "/token/refresh",
+					Handler: token.RefreshTokenHandler(serverCtx),
+				},
+			}...,
+		),
+		rest.WithSignature(serverCtx.Config.Signature),
+		rest.WithPrefix("/api/auth"),
+		rest.WithTimeout(10000*time.Millisecond),
+		rest.WithMaxBytes(1048576),
+	)
+
 	server.AddRoutes(
 		rest.WithMiddlewares(
 			[]rest.Middleware{serverCtx.SecurityHeadersMiddleware},
@@ -206,11 +223,6 @@ func RegisterHandlers(server *rest.Server, serverCtx *svc.ServiceContext) {
 					Path:    "/reset/password",
 					Handler: user.ResetPasswordHandler(serverCtx),
 				},
-				{
-					Method:  http.MethodPost,
-					Path:    "/token/refresh",
-					Handler: user.RefreshTokenHandler(serverCtx),
-				},
 			}...,
 		),
 		rest.WithSignature(serverCtx.Config.Signature),

app/core/api/internal/handler/token/refresh_token_handler.go

@@ -1,4 +1,4 @@
-package user
+package token
 
 import (
 	"net/http"
@@ -7,13 +7,13 @@ import (
 	"github.com/zeromicro/go-zero/rest/httpx"
 
 	"schisandra-album-cloud-microservices/app/core/api/common/response"
-	"schisandra-album-cloud-microservices/app/core/api/internal/logic/user"
+	"schisandra-album-cloud-microservices/app/core/api/internal/logic/token"
 	"schisandra-album-cloud-microservices/app/core/api/internal/svc"
 )
 
 func RefreshTokenHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		l := user.NewRefreshTokenLogic(r.Context(), svcCtx)
+		l := token.NewRefreshTokenLogic(r.Context(), svcCtx)
 		resp, err := l.RefreshToken(r)
 		if err != nil {
 			logx.Error(err)

app/core/api/internal/logic/token/refresh_token_logic.go

@@ -1,4 +1,4 @@
-package user
+package token
 
 import (
 	"context"

app/core/api/internal/middleware/casbinverify_middleware.go

@@ -4,21 +4,35 @@ import (
 	"net/http"
 
 	"github.com/casbin/casbin/v2"
+	"github.com/rbcervilla/redisstore/v9"
+
+	"schisandra-album-cloud-microservices/app/core/api/common/constant"
 )
 
 type CasbinVerifyMiddleware struct {
-	casbin *casbin.CachedEnforcer
+	casbin  *casbin.CachedEnforcer
+	session *redisstore.RedisStore
 }
 
-func NewCasbinVerifyMiddleware(casbin *casbin.CachedEnforcer) *CasbinVerifyMiddleware {
+func NewCasbinVerifyMiddleware(casbin *casbin.CachedEnforcer, session *redisstore.RedisStore) *CasbinVerifyMiddleware {
 	return &CasbinVerifyMiddleware{
-		casbin: casbin,
+		casbin:  casbin,
+		session: session,
 	}
 }
 
 func (m *CasbinVerifyMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		userId := r.Context().Value("user_id")
+		session, err := m.session.Get(r, constant.SESSION_KEY)
+		if err != nil {
+			http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
+			return
+		}
+		userId, ok := session.Values["uid"].(string)
+		if !ok {
+			http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
+			return
+		}
 		correct, err := m.casbin.Enforce(userId, r.URL.Path, r.Method)
 		if err != nil || !correct {
 			http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)

app/core/api/internal/svc/service_context.go

@@ -46,14 +46,15 @@ type ServiceContext struct {
 func NewServiceContext(c config.Config) *ServiceContext {
 	casbinEnforcer := casbinx.NewCasbin(c.Mysql.DataSource)
 	redisClient := redisx.NewRedis(c.Redis.Host, c.Redis.Pass, c.Redis.DB)
+	session := redis_session.NewRedisSession(redisClient)
 	return &ServiceContext{
 		Config:                    c,
 		SecurityHeadersMiddleware: middleware.NewSecurityHeadersMiddleware().Handle,
-		CasbinVerifyMiddleware:    middleware.NewCasbinVerifyMiddleware(casbinEnforcer).Handle,
+		CasbinVerifyMiddleware:    middleware.NewCasbinVerifyMiddleware(casbinEnforcer, session).Handle,
 		MySQLClient:               mysql.NewMySQL(c.Mysql.DataSource),
 		RedisClient:               redisClient,
 		MongoClient:               mongodb.NewMongoDB(c.Mongo.Uri, c.Mongo.Username, c.Mongo.Password, c.Mongo.AuthSource, c.Mongo.Database),
-		Session:                   redis_session.NewRedisSession(redisClient),
+		Session:                   session,
 		Ip2Region:                 ip2region.NewIP2Region(),
 		CasbinEnforcer:            casbinEnforcer,
 		WechatPublic:              wechat_public.NewWechatPublic(c.Wechat.AppID, c.Wechat.AppSecret, c.Wechat.Token, c.Wechat.AESKey, c.Redis.Host, c.Redis.Pass, c.Redis.DB),