diff --git a/internal/app/api/api.go b/internal/app/api/api.go index 6d2dbf9..d7a051d 100644 --- a/internal/app/api/api.go +++ b/internal/app/api/api.go @@ -15,18 +15,19 @@ import ( "net/http/pprof" "time" + _ "git.huangwc.com/pig/pig-farm-controller/docs" // 引入 swag 生成的 docs "git.huangwc.com/pig/pig-farm-controller/internal/app/controller/device" "git.huangwc.com/pig/pig-farm-controller/internal/app/controller/plan" "git.huangwc.com/pig/pig-farm-controller/internal/app/controller/user" + "git.huangwc.com/pig/pig-farm-controller/internal/app/middleware" "git.huangwc.com/pig/pig-farm-controller/internal/app/service/task" "git.huangwc.com/pig/pig-farm-controller/internal/app/service/token" "git.huangwc.com/pig/pig-farm-controller/internal/app/service/transport" "git.huangwc.com/pig/pig-farm-controller/internal/infra/config" "git.huangwc.com/pig/pig-farm-controller/internal/infra/logs" "git.huangwc.com/pig/pig-farm-controller/internal/infra/repository" - "github.com/gin-gonic/gin" - _ "git.huangwc.com/pig/pig-farm-controller/docs" // 引入 swag 生成的 docs + "github.com/gin-gonic/gin" swaggerFiles "github.com/swaggo/files" ginSwagger "github.com/swaggo/gin-swagger" ) @@ -91,41 +92,14 @@ func NewAPI(cfg config.ServerConfig, // setupRoutes 设置所有 API 路由 // 在此方法中,使用已初始化的控制器实例将其路由注册到 Gin 引擎中。 func (a *API) setupRoutes() { - // 创建 /api/v1 路由组 - v1 := a.engine.Group("/api/v1") - { - // 用户相关路由组 - userGroup := v1.Group("/users") - { - userGroup.POST("", a.userController.CreateUser) // 注册创建用户接口 (POST /api/v1/users) - userGroup.POST("/login", a.userController.Login) // 注册用户登录接口 (POST /api/v1/users/login) - } - a.logger.Info("用户相关接口注册成功") - // 设备相关路由组 - deviceGroup := v1.Group("/devices") - { - deviceGroup.POST("", a.deviceController.CreateDevice) - deviceGroup.GET("", a.deviceController.ListDevices) - deviceGroup.GET("/:id", a.deviceController.GetDevice) - deviceGroup.PUT("/:id", a.deviceController.UpdateDevice) - deviceGroup.DELETE("/:id", a.deviceController.DeleteDevice) - } - a.logger.Info("设备相关接口注册成功") + // --- Public Routes --- + // 这些路由不需要身份验证 - // 计划相关路由组 - planGroup := v1.Group("/plans") - { - planGroup.POST("", a.planController.CreatePlan) - planGroup.GET("", a.planController.ListPlans) - planGroup.GET("/:id", a.planController.GetPlan) - planGroup.PUT("/:id", a.planController.UpdatePlan) - planGroup.DELETE("/:id", a.planController.DeletePlan) - planGroup.POST("/:id/start", a.planController.StartPlan) - planGroup.POST("/:id/stop", a.planController.StopPlan) - } - a.logger.Info("计划相关接口注册成功") - } + // 用户注册和登录 + a.engine.POST("/api/v1/users", a.userController.CreateUser) + a.engine.POST("/api/v1/users/login", a.userController.Login) + a.logger.Info("公开接口注册成功:用户注册、登录") // 注册 pprof 路由 pprofGroup := a.engine.Group("/debug/pprof") @@ -156,6 +130,35 @@ func (a *API) setupRoutes() { a.engine.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerFiles.Handler)) a.logger.Info("Swagger UI 接口注册成功") + // --- Authenticated Routes --- + // 所有在此注册的路由都需要通过 JWT 身份验证 + authGroup := a.engine.Group("/api/v1") + authGroup.Use(middleware.AuthMiddleware(a.tokenService)) + { + // 设备相关路由组 + deviceGroup := authGroup.Group("/devices") + { + deviceGroup.POST("", a.deviceController.CreateDevice) + deviceGroup.GET("", a.deviceController.ListDevices) + deviceGroup.GET("/:id", a.deviceController.GetDevice) + deviceGroup.PUT("/:id", a.deviceController.UpdateDevice) + deviceGroup.DELETE("/:id", a.deviceController.DeleteDevice) + } + a.logger.Info("设备相关接口注册成功 (需要认证)") + + // 计划相关路由组 + planGroup := authGroup.Group("/plans") + { + planGroup.POST("", a.planController.CreatePlan) + planGroup.GET("", a.planController.ListPlans) + planGroup.GET("/:id", a.planController.GetPlan) + planGroup.PUT("/:id", a.planController.UpdatePlan) + planGroup.DELETE("/:id", a.planController.DeletePlan) + planGroup.POST("/:id/start", a.planController.StartPlan) + planGroup.POST("/:id/stop", a.planController.StopPlan) + } + a.logger.Info("计划相关接口注册成功 (需要认证)") + } } // Start 启动 HTTP 服务器 diff --git a/internal/app/middleware/auth.go b/internal/app/middleware/auth.go new file mode 100644 index 0000000..5d97fa1 --- /dev/null +++ b/internal/app/middleware/auth.go @@ -0,0 +1,50 @@ +// Package middleware 存放 gin 中间件 +package middleware + +import ( + "net/http" + "strings" + + "git.huangwc.com/pig/pig-farm-controller/internal/app/service/token" + "github.com/gin-gonic/gin" +) + +const ( + // ContextUserIDKey 是存储在 gin.Context 中的用户ID的键名 + ContextUserIDKey = "userID" +) + +// AuthMiddleware 创建一个Gin中间件,用于JWT身份验证 +// 它依赖于 TokenService 来解析和验证 token +func AuthMiddleware(tokenService token.TokenService) gin.HandlerFunc { + return func(c *gin.Context) { + // 从 Authorization header 获取 token + authHeader := c.GetHeader("Authorization") + if authHeader == "" { + c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "请求未包含授权标头"}) + return + } + + // 授权标头的格式应为 "Bearer " + parts := strings.Split(authHeader, " ") + if len(parts) != 2 || parts[0] != "Bearer" { + c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "授权标头格式不正确"}) + return + } + + tokenString := parts[1] + + // 解析和验证 token + claims, err := tokenService.ParseToken(tokenString) + if err != nil { + c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "无效的Token"}) + return + } + + // 将解析出的用户ID存储在 context 中,以便后续的处理函数使用 + c.Set(ContextUserIDKey, claims.UserID) + + // 继续处理请求链中的下一个处理程序 + c.Next() + } +}