MCPcopy Index your code
hub / github.com/53AI/53AIHub / BatchUploadAuth

Function BatchUploadAuth

api/middleware/batch_upload_auth.go:14–102  ·  view source on GitHub ↗

BatchUploadAuth 仅用于批量上传相关接口。 它同时接受普通登录 JWT、channel token(如 SSO 登录发放的 token)和 MCP 换发的短期委派 token。

(role int64)

Source from the content-addressed store, hash-verified

12// BatchUploadAuth 仅用于批量上传相关接口。
13// 它同时接受普通登录 JWT、channel token(如 SSO 登录发放的 token)和 MCP 换发的短期委派 token。
14func BatchUploadAuth(role int64) gin.HandlerFunc {
15 return func(c *gin.Context) {
16 token := tokenFromAuthorization(c.GetHeader("Authorization"))
17 if token == "" {
18 c.JSON(http.StatusUnauthorized, model.UnauthorizedError.ToResponse(nil))
19 c.Abort()
20 return
21 }
22
23 if user, tokenEid, err := HandleTokenAuth(token, role); err == nil {
24 setUserSession(c, user, tokenEid)
25 c.Next()
26 return
27 }
28
29 // 也支持 channel token(如 SSO 登录发放的 token)
30 if channelUser, _, _, channelErr := model.ValidateUserChannelToken(token); channelErr == nil {
31 if channelUser == nil || channelUser.Status == model.UserStatusDisabled {
32 c.JSON(http.StatusUnauthorized, model.ForbiddenError.ToResponse(nil))
33 c.Abort()
34 return
35 }
36 if role > 0 && channelUser.Role < role {
37 c.JSON(http.StatusUnauthorized, model.ForbiddenError.ToResponse(nil))
38 c.Abort()
39 return
40 }
41 setUserSession(c, channelUser, channelUser.Eid)
42 c.Next()
43 return
44 }
45
46 claims, err := jwt.ParseUploadDelegateJWT(token)
47 if err != nil {
48 if strings.Contains(err.Error(), "token is expired") {
49 c.JSON(http.StatusUnauthorized, model.TokenExpiredError.ToResponse(nil))
50 } else if strings.Contains(err.Error(), "token has invalid claims") || strings.Contains(err.Error(), "signature") {
51 c.JSON(http.StatusUnauthorized, model.ForbiddenError.ToResponse(nil))
52 } else {
53 c.JSON(http.StatusUnauthorized, model.UnauthorizedError.ToResponse(nil))
54 }
55 c.Abort()
56 return
57 }
58
59 if claims.Scope != jwt.UploadDelegateScopeBatch {
60 c.JSON(http.StatusUnauthorized, model.ForbiddenError.ToResponse(nil))
61 c.Abort()
62 return
63 }
64
65 user, err := model.GetUserByID(claims.UserID)
66 if err != nil || user == nil {
67 c.JSON(http.StatusUnauthorized, model.ForbiddenError.ToResponse(nil))
68 c.Abort()
69 return
70 }
71 if user.Status == model.UserStatusDisabled {

Callers

nothing calls this directly

Calls 5

tokenFromAuthorizationFunction · 0.85
HandleTokenAuthFunction · 0.85
setUserSessionFunction · 0.85
ToResponseMethod · 0.80
ErrorMethod · 0.45

Tested by

no test coverage detected