| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950 |
- package auth
-
- import (
- "context"
- "net/http"
-
- "git.x2erp.com/qdy/go-db/factory/database"
- )
-
- // AuthMiddlewareHttp 验证 Authorization 头和项目 ID 头
- func AuthMiddlewareHttp(next http.Handler, dbFactory *database.DBFactory) http.Handler {
-
- return authMiddleware(1, next, dbFactory)
- }
-
- // AuthMiddlewareMcp 验证 Authorization 头和项目 ID 头
- func AuthMiddlewareMcp(next http.Handler, dbFactory *database.DBFactory) http.Handler {
-
- return authMiddleware(2, next, dbFactory)
- }
-
- // authMiddleware 验证 Authorization 头和项目 ID 头
- func authMiddleware(ser int, next http.Handler, dbFactory *database.DBFactory) http.Handler {
-
- projectIDHeader := "X-Project-ID"
- authToken := "123"
-
- return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-
- // 验证 Authorization 头
- authHeader := r.Header.Get("Authorization")
- if authHeader == "" {
- http.Error(w, "Authorization header required", http.StatusUnauthorized)
- return
- }
- expected := "Bearer " + authToken
- if authHeader != expected {
- http.Error(w, "Invalid authorization token", http.StatusUnauthorized)
- return
- }
- // 提取项目 ID 头并存储到请求上下文中,供 extractRequestContext 使用
- projectID := r.Header.Get(projectIDHeader)
- if projectID != "" {
- // 将项目 ID 存储到上下文中
- ctx := context.WithValue(r.Context(), "projectID", projectID)
- r = r.WithContext(ctx)
- }
- next.ServeHTTP(w, r)
- })
- }
|
