更新

soul-api/internal/auth/adminjwt.go

@@ -1,71 +0,0 @@
-// Package auth 管理端 JWT：签发与校验，使用 Authorization: Bearer <token>
-package auth
-
-import (
-	"net/http"
-	"strings"
-	"time"
-
-	"github.com/golang-jwt/jwt/v5"
-)
-
-const adminJWTExpire = 7 * 24 * time.Hour // 7 天
-
-// AdminClaims 管理端 JWT 载荷
-type AdminClaims struct {
-	jwt.RegisteredClaims
-	Username string `json:"username"`
-	Role     string `json:"role"`
-}
-
-// IssueAdminJWT 签发管理端 JWT，使用 ADMIN_SESSION_SECRET 签名（role 为空时默认 admin）
-func IssueAdminJWT(secret, username, role string) (string, error) {
-	if role == "" {
-		role = "admin"
-	}
-	now := time.Now()
-	claims := AdminClaims{
-		RegisteredClaims: jwt.RegisteredClaims{
-			ExpiresAt: jwt.NewNumericDate(now.Add(adminJWTExpire)),
-			IssuedAt:  jwt.NewNumericDate(now),
-			Subject:   "admin",
-		},
-		Username: username,
-		Role:     role,
-	}
-	tok := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
-	return tok.SignedString([]byte(secret))
-}
-
-// ParseAdminJWT 校验并解析 JWT，返回 claims；无效或过期返回 nil, false
-func ParseAdminJWT(tokenString, secret string) (*AdminClaims, bool) {
-	if tokenString == "" || secret == "" {
-		return nil, false
-	}
-	tok, err := jwt.ParseWithClaims(tokenString, &AdminClaims{}, func(t *jwt.Token) (interface{}, error) {
-		return []byte(secret), nil
-	}, jwt.WithValidMethods([]string{"HS256"}))
-	if err != nil || !tok.Valid {
-		return nil, false
-	}
-	claims, ok := tok.Claims.(*AdminClaims)
-	if !ok || claims.Username == "" {
-		return nil, false
-	}
-	return claims, true
-}
-
-// GetAdminJWTFromRequest 从请求中读取 JWT：优先 Authorization: Bearer <token>，其次 Cookie admin_session（兼容旧端）
-func GetAdminJWTFromRequest(r *http.Request) string {
-	// 1. Authorization: Bearer <token>
-	ah := r.Header.Get("Authorization")
-	if strings.HasPrefix(ah, "Bearer ") {
-		return strings.TrimSpace(ah[7:])
-	}
-	// 2. Cookie（兼容：若值为 JWT 格式则可用）
-	c, err := r.Cookie(adminCookieName)
-	if err != nil || c == nil {
-		return ""
-	}
-	return strings.TrimSpace(c.Value)
-}