feat: add auth flow and login guard for api/web

2026-02-27 11:07:25 +08:00
parent f2a1e2d6fe
commit 60ce70f532
15 changed files with 377 additions and 11 deletions
--- a/memora-api/internal/middleware/auth.go
+++ b/memora-api/internal/middleware/auth.go
@@ -0,0 +1,30 @@
+package middleware
+
+import (
+	"net/http"
+	"strings"
+
+	"memora-api/internal/service"
+
+	"github.com/gin-gonic/gin"
+)
+
+func AuthRequired() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		authHeader := c.GetHeader("Authorization")
+		if !strings.HasPrefix(authHeader, "Bearer ") {
+			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "未登录"})
+			return
+		}
+
+		token := strings.TrimPrefix(authHeader, "Bearer ")
+		uid, err := service.ParseToken(token)
+		if err != nil {
+			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "登录已失效"})
+			return
+		}
+
+		c.Set("user_id", uid)
+		c.Next()
+	}
+}