♻️ refactored login-related code

app/core/api/internal/middleware/authorization_middleware.go

@@ -0,0 +1,31 @@
+package middleware
+
+import (
+	"github.com/redis/go-redis/v9"
+	"github.com/zeromicro/go-zero/rest/httpx"
+	"net/http"
+	"schisandra-album-cloud-microservices/app/core/api/common/constant"
+	"schisandra-album-cloud-microservices/app/core/api/common/response"
+)
+
+type AuthorizationMiddleware struct {
+	Redis *redis.Client
+}
+
+func NewAuthorizationMiddleware(redis *redis.Client) *AuthorizationMiddleware {
+	return &AuthorizationMiddleware{
+		Redis: redis,
+	}
+}
+
+func (m *AuthorizationMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
+	return func(w http.ResponseWriter, r *http.Request) {
+		userId := r.Context().Value("user_id").(string)
+		redisToken := m.Redis.Get(r.Context(), constant.UserTokenPrefix+userId).Val()
+		if redisToken == "" {
+			httpx.OkJson(w, response.ErrorWithCodeMessage(403, "unauthorized"))
+			return
+		}
+		next(w, r)
+	}
+}

app/core/api/internal/middleware/casbinverify_middleware.go

@@ -1,37 +1,24 @@
 package middleware
 
 import (
+	"github.com/casbin/casbin/v2"
 	"net/http"
 	"schisandra-album-cloud-microservices/app/core/api/common/constant"
-
-	"github.com/casbin/casbin/v2"
-	"github.com/rbcervilla/redisstore/v9"
 )
 
 type CasbinVerifyMiddleware struct {
-	casbin  *casbin.SyncedCachedEnforcer
-	session *redisstore.RedisStore
+	casbin *casbin.SyncedCachedEnforcer
 }
 
-func NewCasbinVerifyMiddleware(casbin *casbin.SyncedCachedEnforcer, session *redisstore.RedisStore) *CasbinVerifyMiddleware {
+func NewCasbinVerifyMiddleware(casbin *casbin.SyncedCachedEnforcer) *CasbinVerifyMiddleware {
 	return &CasbinVerifyMiddleware{
-		casbin:  casbin,
-		session: session,
+		casbin: casbin,
 	}
 }
 
 func (m *CasbinVerifyMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
-		session, err := m.session.Get(r, constant.SESSION_KEY)
-		if err != nil {
-			http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
-			return
-		}
-		userId, ok := session.Values["user_id"].(string)
-		if !ok {
-			http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)
-			return
-		}
+		userId := r.Header.Get(constant.UID_HEADER_KEY)
 		correct, err := m.casbin.Enforce(userId, r.URL.Path, r.Method)
 		if err != nil || !correct {
 			http.Error(w, http.StatusText(http.StatusForbidden), http.StatusForbidden)