✨ add session check

core/session.go

@@ -21,10 +21,11 @@ func InitSession(client *redis.Client) {
 	store.Options(sessions.Options{
 		Path: "/",
 		//Domain: global.CONFIG.System.Web,
-		MaxAge:   86400 * 7,
+		MaxAge:      86400 * 7,
-		HttpOnly: true,
+		HttpOnly:    true,
-		Secure:   true,
+		Secure:      true,
-		SameSite: http.SameSiteLaxMode,
+		Partitioned: true,
+		SameSite:    http.SameSiteLaxMode,
 	})
 	global.Session = store
 }

global/global.go

@@ -11,7 +11,7 @@ import (
 	"github.com/wenlng/go-captcha/v2/click"
 	"github.com/wenlng/go-captcha/v2/rotate"
 	"github.com/wenlng/go-captcha/v2/slide"
-	go_sensitive_word "github.com/zmexing/go-sensitive-word"
+	"github.com/zmexing/go-sensitive-word"
 	"go.mongodb.org/mongo-driver/mongo"
 	"gorm.io/gorm"
 	"schisandra-cloud-album/config"

middleware/session_check.go

@@ -0,0 +1,40 @@
+package middleware
+
+import (
+	ginI18n "github.com/gin-contrib/i18n"
+	"github.com/gin-gonic/gin"
+	"schisandra-cloud-album/common/constant"
+	"schisandra-cloud-album/common/result"
+	"schisandra-cloud-album/utils"
+)
+
+// SessionCheckMiddleware session检查中间件
+func SessionCheckMiddleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		session := utils.GetSession(c, constant.SessionKey)
+		if session == nil {
+			result.FailWithCodeAndMessage(403, ginI18n.MustGetMessage(c, "AuthVerifyExpired"), c)
+			c.Abort()
+			return
+		}
+
+		userIdAny, exists := c.Get("userId")
+		if !exists {
+			result.FailWithCodeAndMessage(403, ginI18n.MustGetMessage(c, "AuthVerifyExpired"), c)
+			c.Abort()
+			return
+		}
+		userId, ok := userIdAny.(*string)
+		if !ok {
+			result.FailWithCodeAndMessage(403, ginI18n.MustGetMessage(c, "AuthVerifyExpired"), c)
+			c.Abort()
+			return
+		}
+		if *userId != *session.UID {
+			result.FailWithCodeAndMessage(403, ginI18n.MustGetMessage(c, "AuthVerifyExpired"), c)
+			c.Abort()
+			return
+		}
+		c.Next()
+	}
+}

router/router.go

@@ -50,6 +50,7 @@ func InitRouter() *gin.Engine {
 		middleware.SecurityHeaders(),
 		middleware.JWTAuthMiddleware(),
 		middleware.CasbinMiddleware(),
+		middleware.SessionCheckMiddleware(),
 		middleware.VerifySignature(),
 	)
 	{

utils/session.go

@@ -4,8 +4,28 @@ import (
 	"encoding/json"
 	"github.com/gin-gonic/gin"
 	"schisandra-cloud-album/global"
+	"time"
 )
 
+// ResponseData 返回数据
+type ResponseData struct {
+	AccessToken  string   `json:"access_token"`
+	RefreshToken string   `json:"refresh_token"`
+	ExpiresAt    int64    `json:"expires_at"`
+	UID          *string  `json:"uid"`
+	UserInfo     UserInfo `json:"user_info"`
+}
+type UserInfo struct {
+	Username string    `json:"username,omitempty"`
+	Nickname string    `json:"nickname"`
+	Avatar   string    `json:"avatar"`
+	Phone    string    `json:"phone,omitempty"`
+	Email    string    `json:"email,omitempty"`
+	Gender   string    `json:"gender"`
+	Status   int64     `json:"status"`
+	CreateAt time.Time `json:"create_at"`
+}
+
 // SetSession sets session data with key and data
 func SetSession(c *gin.Context, key string, data interface{}) error {
 	session, err := global.Session.Get(c.Request, key)
@@ -28,7 +48,7 @@ func SetSession(c *gin.Context, key string, data interface{}) error {
 }
 
 // GetSession gets session data with key
-func GetSession(c *gin.Context, key string) interface{} {
+func GetSession(c *gin.Context, key string) *ResponseData {
 	session, err := global.Session.Get(c.Request, key)
 	if err != nil {
 		global.LOG.Error("GetSession failed: ", err)
@@ -39,13 +59,13 @@ func GetSession(c *gin.Context, key string) interface{} {
 		global.LOG.Error("GetSession failed: ", "key not found")
 		return nil
 	}
-	var data interface{}
+	data := ResponseData{}
 	err = json.Unmarshal(jsonData.([]byte), &data)
 	if err != nil {
 		global.LOG.Error("GetSession failed: ", err)
 		return nil
 	}
-	return data
+	return &data
 }
 
 // DelSession deletes session data with key