实现登录校验中间件

internal/app/api/api.go

@@ -15,18 +15,19 @@ import (
 	"net/http/pprof"
 	"time"
 
+	_ "git.huangwc.com/pig/pig-farm-controller/docs" // 引入 swag 生成的 docs
 	"git.huangwc.com/pig/pig-farm-controller/internal/app/controller/device"
 	"git.huangwc.com/pig/pig-farm-controller/internal/app/controller/plan"
 	"git.huangwc.com/pig/pig-farm-controller/internal/app/controller/user"
+	"git.huangwc.com/pig/pig-farm-controller/internal/app/middleware"
 	"git.huangwc.com/pig/pig-farm-controller/internal/app/service/task"
 	"git.huangwc.com/pig/pig-farm-controller/internal/app/service/token"
 	"git.huangwc.com/pig/pig-farm-controller/internal/app/service/transport"
 	"git.huangwc.com/pig/pig-farm-controller/internal/infra/config"
 	"git.huangwc.com/pig/pig-farm-controller/internal/infra/logs"
 	"git.huangwc.com/pig/pig-farm-controller/internal/infra/repository"
-	"github.com/gin-gonic/gin"
 
-	_ "git.huangwc.com/pig/pig-farm-controller/docs" // 引入 swag 生成的 docs
+	"github.com/gin-gonic/gin"
 	swaggerFiles "github.com/swaggo/files"
 	ginSwagger "github.com/swaggo/gin-swagger"
 )
@@ -91,41 +92,14 @@ func NewAPI(cfg config.ServerConfig,
 // setupRoutes 设置所有 API 路由
 // 在此方法中，使用已初始化的控制器实例将其路由注册到 Gin 引擎中。
 func (a *API) setupRoutes() {
-	// 创建 /api/v1 路由组
-	v1 := a.engine.Group("/api/v1")
-	{
-		// 用户相关路由组
-		userGroup := v1.Group("/users")
-		{
-			userGroup.POST("", a.userController.CreateUser)  // 注册创建用户接口 (POST /api/v1/users)
-			userGroup.POST("/login", a.userController.Login) // 注册用户登录接口 (POST /api/v1/users/login)
-		}
-		a.logger.Info("用户相关接口注册成功")
 
-		// 设备相关路由组
+	// --- Public Routes ---
-		deviceGroup := v1.Group("/devices")
+	// 这些路由不需要身份验证
-		{
-			deviceGroup.POST("", a.deviceController.CreateDevice)
-			deviceGroup.GET("", a.deviceController.ListDevices)
-			deviceGroup.GET("/:id", a.deviceController.GetDevice)
-			deviceGroup.PUT("/:id", a.deviceController.UpdateDevice)
-			deviceGroup.DELETE("/:id", a.deviceController.DeleteDevice)
-		}
-		a.logger.Info("设备相关接口注册成功")
 
-		// 计划相关路由组
+	// 用户注册和登录
-		planGroup := v1.Group("/plans")
+	a.engine.POST("/api/v1/users", a.userController.CreateUser)
-		{
+	a.engine.POST("/api/v1/users/login", a.userController.Login)
-			planGroup.POST("", a.planController.CreatePlan)
+	a.logger.Info("公开接口注册成功：用户注册、登录")
-			planGroup.GET("", a.planController.ListPlans)
-			planGroup.GET("/:id", a.planController.GetPlan)
-			planGroup.PUT("/:id", a.planController.UpdatePlan)
-			planGroup.DELETE("/:id", a.planController.DeletePlan)
-			planGroup.POST("/:id/start", a.planController.StartPlan)
-			planGroup.POST("/:id/stop", a.planController.StopPlan)
-		}
-		a.logger.Info("计划相关接口注册成功")
-	}
 
 	// 注册 pprof 路由
 	pprofGroup := a.engine.Group("/debug/pprof")
@@ -156,6 +130,35 @@ func (a *API) setupRoutes() {
 	a.engine.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerFiles.Handler))
 	a.logger.Info("Swagger UI 接口注册成功")
 
+	// --- Authenticated Routes ---
+	// 所有在此注册的路由都需要通过 JWT 身份验证
+	authGroup := a.engine.Group("/api/v1")
+	authGroup.Use(middleware.AuthMiddleware(a.tokenService))
+	{
+		// 设备相关路由组
+		deviceGroup := authGroup.Group("/devices")
+		{
+			deviceGroup.POST("", a.deviceController.CreateDevice)
+			deviceGroup.GET("", a.deviceController.ListDevices)
+			deviceGroup.GET("/:id", a.deviceController.GetDevice)
+			deviceGroup.PUT("/:id", a.deviceController.UpdateDevice)
+			deviceGroup.DELETE("/:id", a.deviceController.DeleteDevice)
+		}
+		a.logger.Info("设备相关接口注册成功 (需要认证)")
+
+		// 计划相关路由组
+		planGroup := authGroup.Group("/plans")
+		{
+			planGroup.POST("", a.planController.CreatePlan)
+			planGroup.GET("", a.planController.ListPlans)
+			planGroup.GET("/:id", a.planController.GetPlan)
+			planGroup.PUT("/:id", a.planController.UpdatePlan)
+			planGroup.DELETE("/:id", a.planController.DeletePlan)
+			planGroup.POST("/:id/start", a.planController.StartPlan)
+			planGroup.POST("/:id/stop", a.planController.StopPlan)
+		}
+		a.logger.Info("计划相关接口注册成功 (需要认证)")
+	}
 }
 
 // Start 启动 HTTP 服务器

internal/app/middleware/auth.go

@@ -0,0 +1,50 @@
+// Package middleware 存放 gin 中间件
+package middleware
+
+import (
+	"net/http"
+	"strings"
+
+	"git.huangwc.com/pig/pig-farm-controller/internal/app/service/token"
+	"github.com/gin-gonic/gin"
+)
+
+const (
+	// ContextUserIDKey 是存储在 gin.Context 中的用户ID的键名
+	ContextUserIDKey = "userID"
+)
+
+// AuthMiddleware 创建一个Gin中间件，用于JWT身份验证
+// 它依赖于 TokenService 来解析和验证 token
+func AuthMiddleware(tokenService token.TokenService) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		// 从 Authorization header 获取 token
+		authHeader := c.GetHeader("Authorization")
+		if authHeader == "" {
+			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "请求未包含授权标头"})
+			return
+		}
+
+		// 授权标头的格式应为 "Bearer <token>"
+		parts := strings.Split(authHeader, " ")
+		if len(parts) != 2 || parts[0] != "Bearer" {
+			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "授权标头格式不正确"})
+			return
+		}
+
+		tokenString := parts[1]
+
+		// 解析和验证 token
+		claims, err := tokenService.ParseToken(tokenString)
+		if err != nil {
+			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "无效的Token"})
+			return
+		}
+
+		// 将解析出的用户ID存储在 context 中，以便后续的处理函数使用
+		c.Set(ContextUserIDKey, claims.UserID)
+
+		// 继续处理请求链中的下一个处理程序
+		c.Next()
+	}
+}