case-open-api/api/middlewares/auth.go

package middlewares

import (
	"case-open-api/api/dao"
	"case-open-api/api/responses"
	"case-open-api/consts"
	"case-open-api/utils"
	"encoding/json"
	"github.com/gin-gonic/gin"
	"net/http"
)

// Auth Auth认证
func Auth() gin.HandlerFunc {
	return func(c *gin.Context) {
		platformKey := c.Request.Header.Get("platformKey")
		sign := c.Request.Header.Get("sign")
		timestamp := c.Request.Header.Get("timestamp")
		if platformKey == "" || sign == "" || timestamp == "" {
			c.JSON(http.StatusOK, gin.H{
				"message": "非法请求",
				"code":    consts.ClientHttpError,
				"data":    "",
			})
			c.Abort()
			return
		}

		// 获取平台数据
		platformDao := dao.PlatformDao{}
		maps := make(map[string]interface{})
		maps["platform_key"] = platformKey
		platform, err := platformDao.GetPlatform(maps)
		if err != nil || platform == nil {
			responses.FailWithMessage("非法请求", c)
			c.Abort()
			return
		}

		if platform.PlatformStatus != 1 {
			responses.FailWithMessage("非法请求", c)
			c.Abort()
			return
		}

		// 获取请求参数
		paramsRaw, ok := c.Get("params")
		if !ok {
			c.JSON(http.StatusOK, gin.H{
				"message": "Invalid params",
				"code":    consts.ClientHttpError,
				"data":    "",
			})
			c.Abort()
			return
		}

		paramsJsonData, err := json.Marshal(paramsRaw)
		if err != nil {
			c.JSON(http.StatusOK, gin.H{
				"message": "Invalid params",
				"code":    consts.ClientHttpError,
				"data":    "",
			})
			c.Abort()
			return
		}

		paramsMap := make(map[string]interface{})
		err = json.Unmarshal(paramsJsonData, &paramsMap)
		if err != nil {
			c.JSON(http.StatusOK, gin.H{
				"message": "Invalid params",
				"code":    consts.ClientHttpError,
				"data":    "",
			})
			c.Abort()
			return
		}

		// 验证签名
		err = utils.VerifySignature(paramsMap, timestamp, sign, platform.PlatformSecret)
		if err != nil {
			responses.FailWithMessage(err.Error(), c)
			c.Abort()
			return
		}

		c.Set("platformId", platform.PlatformId) // 平台id

		c.Next()
	}
}