From c026e3b8e77db7d62d54c71bdc0f08912ff0f25f Mon Sep 17 00:00:00 2001
From: zerosaturation <zerosaturation@163.com>
Date: Thu, 14 May 2026 17:40:36 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20JWT=20=E4=B8=AD=E9=97=B4=E4=BB=B6?=
 =?UTF-8?q?=E6=B7=BB=E5=8A=A0=20Token=20=E9=BB=91=E5=90=8D=E5=8D=95?=
 =?UTF-8?q?=E6=A3=80=E6=9F=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 backend/gateway/middleware/auth_middleware.go | 26 ++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/backend/gateway/middleware/auth_middleware.go b/backend/gateway/middleware/auth_middleware.go
index 601ff82..2324f5e 100644
--- a/backend/gateway/middleware/auth_middleware.go
+++ b/backend/gateway/middleware/auth_middleware.go
@@ -6,6 +6,7 @@ import (
 
 	"github.com/gin-gonic/gin"
 	"github.com/topfans/backend/gateway/pkg/response"
+	"github.com/topfans/backend/pkg/database"
 	"github.com/topfans/backend/pkg/jwt"
 	"github.com/topfans/backend/pkg/logger"
 	"go.uber.org/zap"
@@ -46,7 +47,30 @@ func AuthMiddleware() gin.HandlerFunc {
 			return
 		}
 
-		// 4. 将用户信息存入 gin.Context
+		// 4. 检查 Token 是否在黑名单
+	isBlacklisted, bannedUserID, banReason, err := database.IsBlacklisted(c.Request.Context(), token)
+	if err != nil {
+		// Redis 错误时 fail-closed（安全策略），拒绝请求
+		logger.Logger.Error("Failed to check blacklist, rejecting request for security",
+			zap.String("path", c.Request.URL.Path),
+			zap.Error(err),
+		)
+		response.Unauthorized(c, "认证服务异常，请稍后重试")
+		c.Abort()
+		return
+	}
+	if isBlacklisted {
+		logger.Logger.Warn("Token is blacklisted",
+			zap.Int64("banned_user_id", bannedUserID),
+			zap.String("ban_reason", banReason),
+			zap.String("path", c.Request.URL.Path),
+		)
+		response.Unauthorized(c, "账号已被封禁")
+		c.Abort()
+		return
+	}
+
+	// 5. 将用户信息存入 gin.Context
 		c.Set("user_id", claims.UserID)
 		c.Set("star_id", claims.StarID)
 		c.Set("token_updated_at", claims.UpdatedAt)