backend/internal/server/middleware/admin_only.go

package middleware

import (
	"github.com/Wei-Shaw/sub2api/internal/service"

	"github.com/gin-gonic/gin"
)

// AdminOnly 管理员权限中间件
// 必须在JWTAuth中间件之后使用
func AdminOnly() gin.HandlerFunc {
	return func(c *gin.Context) {
		role, ok := GetUserRoleFromContext(c)
		if !ok {
			AbortWithError(c, 401, "UNAUTHORIZED", "User not found in context")
			return
		}

		// 检查是否为管理员
		if role != service.RoleAdmin {
			AbortWithError(c, 403, "FORBIDDEN", "Admin access required")
			return
		}

		c.Next()
	}
}
First commit 2025-12-18 13:50:39 +08:00			`package middleware`

			`import (`
refactor: 调整项目结构为单向依赖 2025-12-26 15:40:24 +08:00			`"github.com/Wei-Shaw/sub2api/internal/service"`
First commit 2025-12-18 13:50:39 +08:00
			`"github.com/gin-gonic/gin"`
			`)`

			`// AdminOnly 管理员权限中间件`
			`// 必须在JWTAuth中间件之后使用`
			`func AdminOnly() gin.HandlerFunc {`
			`return func(c *gin.Context) {`
refactor: 调整项目结构为单向依赖 2025-12-26 15:40:24 +08:00			`role, ok := GetUserRoleFromContext(c)`
			`if !ok {`
First commit 2025-12-18 13:50:39 +08:00			`AbortWithError(c, 401, "UNAUTHORIZED", "User not found in context")`
			`return`
			`}`

			`// 检查是否为管理员`
refactor: 调整项目结构为单向依赖 2025-12-26 15:40:24 +08:00			`if role != service.RoleAdmin {`
First commit 2025-12-18 13:50:39 +08:00			`AbortWithError(c, 403, "FORBIDDEN", "Admin access required")`
			`return`
			`}`

			`c.Next()`
			`}`
			`}`