New

2025-11-20 12:24:05 +08:00
commit f28bdc751f
164 changed files with 64248 additions and 0 deletions
--- a/internal/middleware/web.go
+++ b/internal/middleware/web.go
@@ -0,0 +1,54 @@
+// Filename: internal/middleware/web.go
+package middleware
+
+import (
+	"gemini-balancer/internal/service"
+	"log"
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+)
+
+const (
+	AdminSessionCookie = "gemini_admin_session"
+)
+
+func SetAdminSessionCookie(c *gin.Context, adminToken string) {
+	c.SetCookie(AdminSessionCookie, adminToken, 3600*24*7, "/", "", false, true)
+}
+
+func ClearAdminSessionCookie(c *gin.Context) {
+	c.SetCookie(AdminSessionCookie, "", -1, "/", "", false, true)
+}
+
+func ExtractTokenFromCookie(c *gin.Context) string {
+	cookie, err := c.Cookie(AdminSessionCookie)
+	if err != nil {
+		return ""
+	}
+	return cookie
+}
+
+func WebAdminAuthMiddleware(authService *service.SecurityService) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		cookie := ExtractTokenFromCookie(c)
+		log.Printf("[WebAuth_Guard] Intercepting request for: %s", c.Request.URL.Path)
+		log.Printf("[WebAuth_Guard] Found session cookie value: '%s'", cookie)
+		authToken, err := authService.AuthenticateToken(cookie)
+		if err != nil {
+			log.Printf("[WebAuth_Guard] FATAL: AuthenticateToken FAILED. Error: %v. Redirecting to /login.", err)
+		} else if !authToken.IsAdmin {
+			log.Printf("[WebAuth_Guard] FATAL: Token validated, but IsAdmin is FALSE. Redirecting to /login.")
+		} else {
+			log.Printf("[WebAuth_Guard] SUCCESS: Token validated and IsAdmin is TRUE. Allowing access.")
+		}
+		if err != nil || !authToken.IsAdmin {
+			ClearAdminSessionCookie(c)
+			c.Redirect(http.StatusFound, "/login")
+			c.Abort()
+			return
+		}
+		c.Set("adminUser", authToken)
+		c.Next()
+	}
+}