完善错误处理逻辑,统一使用 BizErr 包装业务错误,提供打印源码跳转并返回合适的 http 状态码
This commit is contained in:
@@ -44,13 +44,13 @@ func Protect(c *fiber.Ctx, types []PayloadType, permissions []string) (*Context,
|
||||
var split = strings.Split(header, " ")
|
||||
if len(split) != 2 {
|
||||
slog.Debug("Authorization 头格式不正确")
|
||||
return nil, fiber.NewError(fiber.StatusUnauthorized, "无效的令牌")
|
||||
return nil, ErrUnauthorize
|
||||
}
|
||||
|
||||
var token = strings.TrimSpace(split[1])
|
||||
if token == "" {
|
||||
slog.Debug("提供的令牌为空")
|
||||
return nil, fiber.NewError(fiber.StatusUnauthorized, "无效的令牌")
|
||||
return nil, ErrUnauthorize
|
||||
}
|
||||
|
||||
var auth *Context
|
||||
@@ -61,34 +61,34 @@ func Protect(c *fiber.Ctx, types []PayloadType, permissions []string) (*Context,
|
||||
auth, err = authBearer(c.Context(), token)
|
||||
if err != nil {
|
||||
slog.Debug("Bearer 认证失败", "err", err)
|
||||
return nil, fiber.NewError(fiber.StatusUnauthorized, "无效的令牌")
|
||||
return nil, ErrUnauthorize
|
||||
}
|
||||
|
||||
case "Basic":
|
||||
if !slices.Contains(types, PayloadInternalServer) {
|
||||
slog.Debug("禁止使用 Basic 认证方式")
|
||||
return nil, fiber.NewError(fiber.StatusUnauthorized, "无效的令牌")
|
||||
return nil, ErrUnauthorize
|
||||
}
|
||||
auth, err = authBasic(c.Context(), token)
|
||||
if err != nil {
|
||||
slog.Debug("Basic 认证失败", "err", err)
|
||||
return nil, fiber.NewError(fiber.StatusUnauthorized, "无效的令牌")
|
||||
return nil, ErrUnauthorize
|
||||
}
|
||||
|
||||
default:
|
||||
slog.Debug("无效的认证方式", "method", split[0])
|
||||
return nil, fiber.NewError(fiber.StatusUnauthorized, "无效的令牌")
|
||||
return nil, ErrUnauthorize
|
||||
}
|
||||
|
||||
// 检查权限
|
||||
if !slices.Contains(types, auth.Payload.Type) {
|
||||
slog.Debug("无效的负载类型", "except", types, "actual", auth.Payload.Type)
|
||||
return nil, fiber.NewError(fiber.StatusForbidden, "没有权限")
|
||||
return nil, ErrForbidden
|
||||
}
|
||||
|
||||
if len(permissions) > 0 && !auth.AnyPermission(permissions...) {
|
||||
slog.Debug("无效的认证权限", "except", permissions, "actual", auth.Permissions)
|
||||
return nil, fiber.NewError(fiber.StatusForbidden, "没有权限")
|
||||
return nil, ErrForbidden
|
||||
}
|
||||
|
||||
// 保存到上下文
|
||||
@@ -116,7 +116,10 @@ func authBasic(_ context.Context, token string) (*Context, error) {
|
||||
// 解析 Basic 认证信息
|
||||
var base, err = base64.RawURLEncoding.DecodeString(token)
|
||||
if err != nil {
|
||||
return nil, errors.New("令牌格式错误,无法解析令牌")
|
||||
base, err = base64.URLEncoding.DecodeString(token)
|
||||
if err != nil {
|
||||
return nil, errors.New("令牌格式错误,无法解析令牌")
|
||||
}
|
||||
}
|
||||
|
||||
var split = strings.Split(string(base), ":")
|
||||
@@ -158,3 +161,14 @@ func authBasic(_ context.Context, token string) (*Context, error) {
|
||||
Metadata: nil,
|
||||
}, nil
|
||||
}
|
||||
|
||||
type AuthenticationErr string
|
||||
|
||||
func (e AuthenticationErr) Error() string {
|
||||
return string(e)
|
||||
}
|
||||
|
||||
var (
|
||||
ErrUnauthorize = AuthenticationErr("令牌无效")
|
||||
ErrForbidden = AuthenticationErr("没有权限")
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user