推进活动系统最小成品闭环与游客体验

backend/internal/httpapi/middleware/auth.go

@@ -17,6 +17,7 @@ const authKey authContextKey = "auth"
 type AuthContext struct {
 	UserID       string
 	UserPublicID string
+	RoleCode     string
 }
 
 func NewAuthMiddleware(jwtManager *jwtx.Manager) func(http.Handler) http.Handler {
@@ -34,10 +35,15 @@ func NewAuthMiddleware(jwtManager *jwtx.Manager) func(http.Handler) http.Handler
 				httpx.WriteError(w, apperr.New(http.StatusUnauthorized, "invalid_token", "invalid access token"))
 				return
 			}
+			if claims.ActorType != "" && claims.ActorType != "user" {
+				httpx.WriteError(w, apperr.New(http.StatusUnauthorized, "invalid_token", "invalid access token"))
+				return
+			}
 
 			ctx := context.WithValue(r.Context(), authKey, &AuthContext{
 				UserID:       claims.UserID,
 				UserPublicID: claims.UserPublicID,
+				RoleCode:     claims.RoleCode,
 			})
 			next.ServeHTTP(w, r.WithContext(ctx))
 		})