12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697 |
- package middleware
- import (
- "fmt"
- "github.com/astaxie/beego"
- "github.com/astaxie/beego/context"
- "github.com/astaxie/beego/logs"
- "github.com/astaxie/beego/session"
- "github.com/beego/beego/v2/client/httplib"
- "net/http"
- "nginx-ui/server/config"
- "nginx-ui/server/models"
- "strings"
- )
- // 白名单,不需要登录即可访问
- var whitelist = map[string]bool{
- "/user/login": true,
- "/user/register": true,
- "/oauth2": true,
- "/oauth2/callback": true,
- }
- var UnauthorizedResp = `{"code": 401, "msg":"未登录或者登录已过期!"}`
- func init() {
- beego.BConfig.WebConfig.Session.SessionAutoSetCookie = true
- }
- func checkThirdSession(ctx *context.Context, sess session.Store) {
- cfg := config.Config
- if !cfg.ThirdSession {
- return
- }
- cookie, err := ctx.Request.Cookie(cfg.ThirdSessionName)
- if err != nil {
- logs.Warn("no cookie", err)
- return
- }
- req := httplib.Get(cfg.ThirdSessionCheckUrl)
- req.SetEnableCookie(true)
- req.SetCookie(cookie)
- user := models.User{}
- err = req.ToJSON(&user)
- if err != nil {
- logs.Warn("check third session fail ", err)
- return
- }
- err = sess.Set("user", user)
- if err != nil {
- logs.Warn("set session data fail ", err)
- return
- }
- logs.Debug("check third session ok ", user)
- }
- func AuthFilter(ctx *context.Context) {
- path := ctx.Request.URL.Path
- path = strings.TrimSuffix(path, "/")
- path = strings.TrimPrefix(path, config.Config.BaseApi)
- if whitelist[path] {
- logs.Debug("in whitelist ,skip ", ctx.Request.RequestURI, path)
- return
- }
- logs.Info(fmt.Sprintf("auth: %s,%s", ctx.Request.RequestURI, path))
- sess := ctx.Input.CruSession
- if sess == nil {
- logs.Warn("no session found in request")
- return
- }
- defer sess.SessionRelease(ctx.ResponseWriter)
- data := sess.Get("user")
- if data == nil {
- checkThirdSession(ctx, sess)
- }
- data = sess.Get("user")
- if data == nil {
- WriteForbidden(ctx.ResponseWriter)
- return
- }
- user := data.(models.User)
- if len(user.Account) == 0 {
- WriteForbidden(ctx.ResponseWriter)
- return
- }
- logs.Info(fmt.Sprintf("request uri: %s, uid: %s", ctx.Request.RequestURI, user.Account))
- }
- func WriteForbidden(w http.ResponseWriter) {
- w.WriteHeader(401)
- w.Header().Set("Content-Type", "application/json")
- _, err := w.Write([]byte(UnauthorizedResp))
- if err != nil {
- logs.Warn("writeForbidden write error", err)
- return
- }
- }
|