完善登录逻辑，登录接口统一到 /token

2025-04-23 19:01:08 +08:00
parent b181864a2f
commit 1374757eab
28 changed files with 404 additions and 266 deletions
--- a/web/auth/auth.go
+++ b/web/auth/auth.go
@@ -76,7 +76,6 @@ func Permit(types []services.PayloadType, permissions ...string) fiber.Handler {

 		return c.Next()
 	}
-
 }

 func PermitAll(permissions ...string) fiber.Handler {
@@ -88,14 +87,6 @@ func PermitAll(permissions ...string) fiber.Handler {
 	}, permissions...)
 }

-// PermitUser 创建针对单个路由的鉴权中间件
-func PermitUser(permissions ...string) fiber.Handler {
-	return Permit([]services.PayloadType{
-		services.PayloadUser,
-		services.PayloadAdmin,
-	}, permissions...)
-}
-
 func PermitDevice(permissions ...string) fiber.Handler {
 	return Permit([]services.PayloadType{
 		services.PayloadClientPublic,
@@ -104,74 +95,6 @@ func PermitDevice(permissions ...string) fiber.Handler {
 	}, permissions...)
 }

-func PermitPublic(permissions ...string) fiber.Handler {
-	return Permit([]services.PayloadType{
-		services.PayloadClientPublic,
-		services.PayloadAdmin,
-	}, permissions...)
-}
-
-func PermitConfidential(permissions ...string) fiber.Handler {
-	return Permit([]services.PayloadType{
-		services.PayloadClientConfidential,
-		services.PayloadAdmin,
-	}, permissions...)
-}
-
-func authBearer(ctx context.Context, token string) (*services.AuthContext, error) {
-	auth, err := services.Session.Find(ctx, token)
-	if err != nil {
-		slog.Debug(err.Error())
-		return nil, err
-	}
-	return auth, nil
-}
-
-func authBasic(ctx context.Context, token string) (*services.AuthContext, error) {
-
-	// 解析 Basic 认证信息
-	var base, err = base64.URLEncoding.DecodeString(token)
-	if err != nil {
-		slog.Debug(err.Error())
-		return nil, err
-	}
-
-	var split = strings.Split(string(base), ":")
-	if len(split) != 2 {
-		msg := "无法解析 Basic 认证信息"
-		slog.Debug(msg)
-		return nil, errors.New(msg)
-	}
-
-	var clientID = split[0]
-
-	// 获取客户端信息
-	client, err := q.Client.
-		Where(
-			q.Client.ClientID.Eq(clientID),
-			q.Client.Spec.Eq(0),
-			q.Client.GrantClient.Is(true),
-			q.Client.Status.Eq(1)).
-		Take()
-	if err != nil {
-		return nil, err
-	}
-
-	// todo 查询客户端关联权限
-
-	// 组织授权信息（一次性请求）
-	return &services.AuthContext{
-		Payload: services.Payload{
-			Id:     client.ID,
-			Type:   services.PayloadClientConfidential,
-			Name:   client.Name,
-			Avatar: client.Icon,
-		},
-		Permissions: nil,
-		Metadata:    nil,
-	}, nil
-}
-
 func Protect(c *fiber.Ctx, types []services.PayloadType, permissions []string) (*services.AuthContext, error) {
 	// 获取令牌
 	var header = c.Get("Authorization")
@@ -216,3 +139,57 @@ func Protect(c *fiber.Ctx, types []services.PayloadType, permissions []string) (

 	return auth, nil
 }
+
+func authBearer(ctx context.Context, token string) (*services.AuthContext, error) {
+	auth, err := services.Session.Find(ctx, token)
+	if err != nil {
+		slog.Debug(err.Error())
+		return nil, err
+	}
+	return auth, nil
+}
+
+func authBasic(_ context.Context, token string) (*services.AuthContext, error) {
+
+	// 解析 Basic 认证信息
+	var base, err = base64.URLEncoding.DecodeString(token)
+	if err != nil {
+		slog.Debug(err.Error())
+		return nil, err
+	}
+
+	var split = strings.Split(string(base), ":")
+	if len(split) != 2 {
+		msg := "无法解析 Basic 认证信息"
+		slog.Debug(msg)
+		return nil, errors.New(msg)
+	}
+
+	var clientID = split[0]
+
+	// 获取客户端信息
+	client, err := q.Client.
+		Where(
+			q.Client.ClientID.Eq(clientID),
+			q.Client.Spec.Eq(0),
+			q.Client.GrantClient.Is(true),
+			q.Client.Status.Eq(1)).
+		Take()
+	if err != nil {
+		return nil, err
+	}
+
+	// todo 查询客户端关联权限
+
+	// 组织授权信息（一次性请求）
+	return &services.AuthContext{
+		Payload: services.Payload{
+			Id:     client.ID,
+			Type:   services.PayloadClientConfidential,
+			Name:   client.Name,
+			Avatar: client.Icon,
+		},
+		Permissions: nil,
+		Metadata:    nil,
+	}, nil
+}