直播弹幕：前台注册登录与 JWT；Nginx 缓解间歇 502；site_users 集合

Made-with: Cursor

server/pkg/weblive/danmaku.go

@@ -7,6 +7,8 @@ import (
 	"time"
 	"unicode/utf8"
 
+	"yh_web/server/handlers"
+
 	"github.com/gin-gonic/gin"
 	"github.com/gorilla/websocket"
 )
@@ -18,8 +20,18 @@ var (
 	danmakuClients   = make(map[*websocket.Conn]struct{})
 )
 
-// handleDanmakuWS 弹幕：客户端发 JSON {"text":"..."}，服务端立刻向所有连接广播 {"type":"dm","text","ts"}，不落库
+func writeDanmakuJSON(ws *websocket.Conn, v any) error {
+	b, err := json.Marshal(v)
+	if err != nil {
+		return err
+	}
+	return ws.WriteMessage(websocket.TextMessage, b)
+}
+
+// handleDanmakuWS 弹幕：收 JSON {"text":"..."}；未带有效 token 仅可收广播不可发。广播 {"type":"dm","text","ts"}，不落库
 func handleDanmakuWS(c *gin.Context) {
+	canSend := handlers.SiteDanmakuTokenValid(c.Query("token"))
+
 	ws, err := upgrader.Upgrade(c.Writer, c.Request, nil)
 	if err != nil {
 		return
@@ -45,6 +57,14 @@ func handleDanmakuWS(c *gin.Context) {
 		if mt != websocket.TextMessage {
 			continue
 		}
+		if !canSend {
+			_ = writeDanmakuJSON(ws, map[string]interface{}{
+				"type":    "error",
+				"code":    "login_required",
+				"message": "请先登录或注册后再发弹幕",
+			})
+			continue
+		}
 		text := extractDanmakuText(payload)
 		if text == "" {
 			continue