Skip to content

Commit 869b040

Browse files
LinkinStarsLinkinStars
committed
fix(auth): enhance admin user cache management and add status checks for email verification and suspension
1 parent 0db88d6 commit 869b040

File tree

2 files changed

+48
-1
lines changed

2 files changed

+48
-1
lines changed

internal/base/middleware/auth.go

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -184,7 +184,22 @@ func (am *AuthUserMiddleware) AdminAuth() gin.HandlerFunc {
184184
return
185185
}
186186
if userInfo != nil {
187+
if userInfo.EmailStatus == entity.EmailStatusToBeVerified {
188+
_ = am.authService.RemoveAdminUserCacheInfo(ctx, token)
189+
handler.HandleResponse(ctx, errors.Forbidden(reason.EmailNeedToBeVerified),
190+
&schema.ForbiddenResp{Type: schema.ForbiddenReasonTypeInactive})
191+
ctx.Abort()
192+
return
193+
}
194+
if userInfo.UserStatus == entity.UserStatusSuspended {
195+
_ = am.authService.RemoveAdminUserCacheInfo(ctx, token)
196+
handler.HandleResponse(ctx, errors.Forbidden(reason.UserSuspended),
197+
&schema.ForbiddenResp{Type: schema.ForbiddenReasonTypeUserSuspended})
198+
ctx.Abort()
199+
return
200+
}
187201
if userInfo.UserStatus == entity.UserStatusDeleted {
202+
_ = am.authService.RemoveAdminUserCacheInfo(ctx, token)
188203
handler.HandleResponse(ctx, errors.Unauthorized(reason.UnauthorizedError), nil)
189204
ctx.Abort()
190205
return

internal/service/auth/auth.go

Lines changed: 33 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -145,7 +145,39 @@ func (as *AuthService) RemoveTokensExceptCurrentUser(ctx context.Context, userID
145145
// Admin
146146

147147
func (as *AuthService) GetAdminUserCacheInfo(ctx context.Context, accessToken string) (userInfo *entity.UserCacheInfo, err error) {
148-
return as.authRepo.GetAdminUserCacheInfo(ctx, accessToken)
148+
adminCacheInfo, err := as.authRepo.GetAdminUserCacheInfo(ctx, accessToken)
149+
if err != nil {
150+
return nil, err
151+
}
152+
if adminCacheInfo == nil {
153+
return nil, nil
154+
}
155+
156+
// Keep admin authorization aligned with user-token lifecycle and status refresh.
157+
refreshedUserCacheInfo, err := as.GetUserCacheInfo(ctx, accessToken)
158+
if err != nil {
159+
return nil, err
160+
}
161+
if refreshedUserCacheInfo == nil {
162+
if err = as.authRepo.RemoveAdminUserCacheInfo(ctx, accessToken); err != nil {
163+
return nil, err
164+
}
165+
return nil, nil
166+
}
167+
168+
adminCacheInfo.UserStatus = refreshedUserCacheInfo.UserStatus
169+
adminCacheInfo.EmailStatus = refreshedUserCacheInfo.EmailStatus
170+
if refreshedUserCacheInfo.RoleID > 0 {
171+
adminCacheInfo.RoleID = refreshedUserCacheInfo.RoleID
172+
}
173+
if len(refreshedUserCacheInfo.ExternalID) > 0 {
174+
adminCacheInfo.ExternalID = refreshedUserCacheInfo.ExternalID
175+
}
176+
177+
if err = as.authRepo.SetAdminUserCacheInfo(ctx, accessToken, adminCacheInfo); err != nil {
178+
return nil, err
179+
}
180+
return adminCacheInfo, nil
149181
}
150182

151183
func (as *AuthService) SetAdminUserCacheInfo(ctx context.Context, accessToken string, userInfo *entity.UserCacheInfo) (err error) {

0 commit comments

Comments
 (0)