55 lines
1.2 KiB
Go
55 lines
1.2 KiB
Go
package handlers
|
|
|
|
import (
|
|
"fmt"
|
|
"licensing-cotton/internal/security"
|
|
"net/http"
|
|
"strings"
|
|
)
|
|
|
|
// 解析 Token 并获取用户角色
|
|
func getUserRoleFromRequest(r *http.Request) (string, bool) {
|
|
// 获取 Token (支持 `Authorization` 头)
|
|
token := r.Header.Get("Authorization")
|
|
if token == "" {
|
|
token = r.Header.Get("X-Session-Token") // 兼容旧方式
|
|
}
|
|
if token == "" {
|
|
token = r.URL.Query().Get("token") // 兼容 URL 方式
|
|
}
|
|
if token == "" {
|
|
return "", false
|
|
}
|
|
|
|
// 解析 Bearer Token
|
|
if strings.HasPrefix(token, "Bearer ") {
|
|
token = strings.TrimPrefix(token, "Bearer ")
|
|
}
|
|
|
|
// 解析 Token 获取用户名
|
|
username, err := security.ParseToken(token)
|
|
if err != nil {
|
|
fmt.Println("Token 解析失败:", err)
|
|
return "", false
|
|
}
|
|
|
|
// 查询数据库获取用户角色
|
|
var role string
|
|
err = dbQueryRole(username, &role)
|
|
if err != nil {
|
|
fmt.Println("数据库查询角色失败:", err)
|
|
return "", false
|
|
}
|
|
|
|
return role, true
|
|
}
|
|
|
|
func isAdminRequest(w http.ResponseWriter, r *http.Request) bool {
|
|
role, authed := getUserRoleFromRequest(r)
|
|
if !authed || role != "admin" {
|
|
http.Error(w, "需要管理员权限", http.StatusForbidden)
|
|
return false
|
|
}
|
|
return true
|
|
}
|