✨ add api signature

2024-11-19 01:39:01 +08:00
parent 35d2da35b2
commit df32353c0f
11 changed files with 120 additions and 36 deletions
--- a/app/core/api/internal/middleware/casbinverify_middleware.go
+++ b/app/core/api/internal/middleware/casbinverify_middleware.go
@@ -4,21 +4,35 @@ import (
 	"net/http"

 	"github.com/casbin/casbin/v2"
+	"github.com/rbcervilla/redisstore/v9"
+
+	"schisandra-album-cloud-microservices/app/core/api/common/constant"
 )

 type CasbinVerifyMiddleware struct {
-	casbin *casbin.CachedEnforcer
+	casbin  *casbin.CachedEnforcer
+	session *redisstore.RedisStore
 }

-func NewCasbinVerifyMiddleware(casbin *casbin.CachedEnforcer) *CasbinVerifyMiddleware {
+func NewCasbinVerifyMiddleware(casbin *casbin.CachedEnforcer, session *redisstore.RedisStore) *CasbinVerifyMiddleware {
 	return &CasbinVerifyMiddleware{
-		casbin: casbin,
+		casbin:  casbin,
+		session: session,
 	}
 }

 func (m *CasbinVerifyMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		userId := r.Context().Value("user_id")
+		session, err := m.session.Get(r, constant.SESSION_KEY)
+		if err != nil {
+			http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
+			return
+		}
+		userId, ok := session.Values["uid"].(string)
+		if !ok {
+			http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
+			return
+		}
 		correct, err := m.casbin.Enforce(userId, r.URL.Path, r.Method)
 		if err != nil || !correct {
 			http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)