refactor: remove email from JWT Claims and auth context

1 month ago · f7ab873ca7
3 changed files with 43 additions and 4 deletions
--- a/backend/internal/middleware/authmiddleware.go
+++ b/backend/internal/middleware/authmiddleware.go
@ -40,7 +40,7 @@ func (m *AuthMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
 		// 将 userId 存入上下文，供后续 logic 使用
 		ctx := context.WithValue(r.Context(), "userId", claims.UserID)
 		ctx = context.WithValue(ctx, "username", claims.Username)
-		ctx = context.WithValue(ctx, "email", claims.Email)
+		ctx = context.WithValue(ctx, "role", claims.Role)

 		// 传递给下一个处理器
 		next(w, r.WithContext(ctx))
--- a/backend/internal/util/jwt/jwt.go
+++ b/backend/internal/util/jwt/jwt.go
@ -18,16 +18,16 @@ var (
 type Claims struct {
 	UserID   int64  `json:"userId"`
 	Username string `json:"username"`
-	Email    string `json:"email"`
+	Role     string `json:"role"`
 	jwt.RegisteredClaims
 }

 // GenerateToken 生成 JWT Token
-func GenerateToken(userId int64, username, email string) (string, error) {
+func GenerateToken(userId int64, username, role string) (string, error) {
 	claims := Claims{
 		UserID:   userId,
 		Username: username,
-		Email:    email,
+		Role:     role,
 		RegisteredClaims: jwt.RegisteredClaims{
 			ExpiresAt: jwt.NewNumericDate(time.Now().Add(TokenExpireTime)),
 			Issuer:    "base-api",
--- a/backend/internal/util/jwt/jwt_test.go
+++ b/backend/internal/util/jwt/jwt_test.go
@ -0,0 +1,39 @@
+package jwt
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestGenerateToken_ContainsRole(t *testing.T) {
+	token, err := GenerateToken(1, "testuser", "admin")
+	require.NoError(t, err)
+	require.NotEmpty(t, token)
+
+	// 解析 token 验证 role
+	claims, err := ParseToken(token)
+	require.NoError(t, err)
+	assert.Equal(t, int64(1), claims.UserID)
+	assert.Equal(t, "testuser", claims.Username)
+	assert.Equal(t, "admin", claims.Role)
+}
+
+func TestGenerateToken_SuperAdminRole(t *testing.T) {
+	token, err := GenerateToken(99, "admin", "super_admin")
+	require.NoError(t, err)
+
+	claims, err := ParseToken(token)
+	require.NoError(t, err)
+	assert.Equal(t, "super_admin", claims.Role)
+}
+
+func TestGenerateToken_EmptyRole(t *testing.T) {
+	token, err := GenerateToken(1, "user", "")
+	require.NoError(t, err)
+
+	claims, err := ParseToken(token)
+	require.NoError(t, err)
+	assert.Equal(t, "", claims.Role)
+}