mengyastore/mengyastore-backend-go/internal/handlers/admin.go

package handlers

import (
	"net/http"

	"github.com/gin-gonic/gin"

	"mengyastore-backend/internal/config"
	"mengyastore-backend/internal/storage"
)

// AdminHandler 持有所有管理员路由所需的依赖。
type AdminHandler struct {
	store      *storage.ProductStore
	cfg        *config.Config
	siteStore  *storage.SiteStore
	orderStore *storage.OrderStore
	chatStore  *storage.ChatStore
}

func NewAdminHandler(store *storage.ProductStore, cfg *config.Config, siteStore *storage.SiteStore, orderStore *storage.OrderStore, chatStore *storage.ChatStore) *AdminHandler {
	return &AdminHandler{store: store, cfg: cfg, siteStore: siteStore, orderStore: orderStore, chatStore: chatStore}
}

// requireAdmin 校验管理员令牌。
// 优先级：X-Admin-Token 请求头 > Authorization 请求头 > ?token 查询参数（旧版兼容）。
func (h *AdminHandler) requireAdmin(c *gin.Context) bool {
	token := c.GetHeader("X-Admin-Token")
	if token == "" {
		token = c.GetHeader("Authorization")
	}
	if token == "" {
		// 兼容旧版客户端的 URL 查询参数回退
		token = c.Query("token")
	}
	if token != "" && token == h.cfg.AdminToken {
		return true
	}
	c.JSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"})
	return false
}