internal/middleware/admin_middleware.go

package middleware

import (
	"accounting-app/internal/config"
	"accounting-app/pkg/api"

	"github.com/gin-gonic/gin"
)

// AdminMiddleware provides admin authentication middleware
type AdminMiddleware struct {
	cfg *config.Config
}

// NewAdminMiddleware creates a new AdminMiddleware
func NewAdminMiddleware(cfg *config.Config) *AdminMiddleware {
	return &AdminMiddleware{
		cfg: cfg,
	}
}

// RequireAdminKey checks for the Admin-Secret-Key header
func (m *AdminMiddleware) RequireAdminKey() gin.HandlerFunc {
	return func(c *gin.Context) {
		key := c.GetHeader("X-Admin-Secret-Key")
		if key == "" {
			// Fallback to query param for easier testing
			key = c.Query("admin_secret")
		}

		if key != m.cfg.AdminSecretKey {
			api.Unauthorized(c, "Invalid or missing admin secret key")
			return
		}

		c.Next()
	}
}
feat: 新增通知系统，支持通知列表、未读计数、标记已读、删除、创建和广播功能，并引入管理员中间件和用户仓库。 2026-01-29 13:41:53 +08:00			`package middleware`

			`import (`
			`"accounting-app/internal/config"`
			`"accounting-app/pkg/api"`

			`"github.com/gin-gonic/gin"`
			`)`

			`// AdminMiddleware provides admin authentication middleware`
			`type AdminMiddleware struct {`
			`cfg *config.Config`
			`}`

			`// NewAdminMiddleware creates a new AdminMiddleware`
			`func NewAdminMiddleware(cfg config.Config) AdminMiddleware {`
			`return &AdminMiddleware{`
			`cfg: cfg,`
			`}`
			`}`

			`// RequireAdminKey checks for the Admin-Secret-Key header`
			`func (m *AdminMiddleware) RequireAdminKey() gin.HandlerFunc {`
			`return func(c *gin.Context) {`
			`key := c.GetHeader("X-Admin-Secret-Key")`
			`if key == "" {`
			`// Fallback to query param for easier testing`
			`key = c.Query("admin_secret")`
			`}`

			`if key != m.cfg.AdminSecretKey {`
			`api.Unauthorized(c, "Invalid or missing admin secret key")`
			`return`
			`}`

			`c.Next()`
			`}`
			`}`