fix: add user to blacklist when it's banned or deleted, and make deletion soft (close #473, close #791)

middleware/auth.go

@@ -4,6 +4,7 @@ import (
 	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
 	"github.com/songquanpeng/one-api/common"
+	"github.com/songquanpeng/one-api/common/blacklist"
 	"github.com/songquanpeng/one-api/model"
 	"net/http"
 	"strings"
@@ -42,11 +43,14 @@ func authHelper(c *gin.Context, minRole int) {
 			return
 		}
 	}
-	if status.(int) == common.UserStatusDisabled {
+	if status.(int) == common.UserStatusDisabled || blacklist.IsUserBanned(id.(int)) {
 		c.JSON(http.StatusOK, gin.H{
 			"success": false,
 			"message": "用户已被封禁",
 		})
+		session := sessions.Default(c)
+		session.Clear()
+		_ = session.Save()
 		c.Abort()
 		return
 	}
@@ -99,7 +103,7 @@ func TokenAuth() func(c *gin.Context) {
 			abortWithMessage(c, http.StatusInternalServerError, err.Error())
 			return
 		}
-		if !userEnabled {
+		if !userEnabled || blacklist.IsUserBanned(token.UserId) {
 			abortWithMessage(c, http.StatusForbidden, "用户已被封禁")
 			return
 		}