nezha/pkg/mygin/auth.go

package mygin

import (
	"net/http"
	"strings"
	"time"

	"github.com/gin-gonic/gin"
	"github.com/nicksnyder/go-i18n/v2/i18n"
	"golang.org/x/crypto/bcrypt"

	"github.com/naiba/nezha/model"
	"github.com/naiba/nezha/service/singleton"
)

type AuthorizeOption struct {
	GuestOnly            bool
	MemberOnly           bool
	ValidateViewPassword bool
	IsPage               bool
	AllowAPI             bool
	Msg                  string
	Redirect             string
	Btn                  string
}

func Authorize(opt AuthorizeOption) func(*gin.Context) {
	return func(c *gin.Context) {
		var code = http.StatusForbidden
		if opt.GuestOnly {
			code = http.StatusBadRequest
		}

		commonErr := ErrInfo{
			Title: "访问受限",
			Code:  code,
			Msg:   opt.Msg,
			Link:  opt.Redirect,
			Btn:   opt.Btn,
		}
		var isLogin bool

		// 用户鉴权
		token, _ := c.Cookie(singleton.Conf.Site.CookieName)
		token = strings.TrimSpace(token)
		if token != "" {
			var u model.User
			if err := singleton.DB.Where("token = ?", token).First(&u).Error; err == nil {
				isLogin = u.TokenExpired.After(time.Now())
			}
			if isLogin {
				c.Set(model.CtxKeyAuthorizedUser, &u)
			}
		}

		// API鉴权
		if opt.AllowAPI {
			apiToken := c.GetHeader("Authorization")
			if apiToken != "" {
				var u model.User
				singleton.ApiLock.RLock()
				if _, ok := singleton.ApiTokenList[apiToken]; ok {
					err := singleton.DB.First(&u).Where("id = ?", singleton.ApiTokenList[apiToken].UserID).Error
					isLogin = err == nil
				}
				singleton.ApiLock.RUnlock()
				if isLogin {
					c.Set(model.CtxKeyAuthorizedUser, &u)
					c.Set("isAPI", true)
				}
			}
		}

		// 已登录且只能游客访问
		if isLogin && opt.GuestOnly {
			ShowErrorPage(c, commonErr, opt.IsPage)
			return
		}

		// 未登录且需要登录
		if !isLogin && opt.MemberOnly {
			ShowErrorPage(c, commonErr, opt.IsPage)
			return
		}

		// 验证查看密码
		if opt.ValidateViewPassword && singleton.Conf.Site.ViewPassword != "" {
			viewPassword, _ := c.Cookie(singleton.Conf.Site.CookieName + "-vp")
			if err := bcrypt.CompareHashAndPassword([]byte(viewPassword), []byte(singleton.Conf.Site.ViewPassword)); err != nil {
				c.HTML(http.StatusOK, GetPreferredTheme(c, "/viewpassword"), CommonEnvironment(c, gin.H{
					"Title":      singleton.Localizer.MustLocalize(&i18n.LocalizeConfig{MessageID: "VerifyPassword"}),
					"CustomCode": singleton.Conf.Site.CustomCode,
				}))
				c.Abort()
				return
			}

			c.Set(model.CtxKeyViewPasswordVerified, true)
		}
	}
}
Web 服务 2019-12-08 03:59:58 -05:00			`package mygin`

			`import (`
			`"net/http"`
持久化Token 2019-12-20 10:58:09 -05:00			`"strings"`
Web 服务 2019-12-08 03:59:58 -05:00			`"time"`

			`"github.com/gin-gonic/gin"`
🔒️ 增强 ping 历史 API 鉴权 2024-02-24 10:21:33 -05:00			`"github.com/nicksnyder/go-i18n/v2/i18n"`
			`"golang.org/x/crypto/bcrypt"`
Web 服务 2019-12-08 03:59:58 -05:00
🚚 from p14yground to naiba 2020-11-10 21:07:45 -05:00			`"github.com/naiba/nezha/model"`
theme-mdui by @MikoyChinese 2022-01-08 22:54:14 -05:00			`"github.com/naiba/nezha/service/singleton"`
Web 服务 2019-12-08 03:59:58 -05:00			`)`

			`type AuthorizeOption struct {`
🔒️ 增强 ping 历史 API 鉴权 2024-02-24 10:21:33 -05:00			`GuestOnly bool`
			`MemberOnly bool`
			`ValidateViewPassword bool`
			`IsPage bool`
			`AllowAPI bool`
			`Msg string`
			`Redirect string`
			`Btn string`
Web 服务 2019-12-08 03:59:58 -05:00			`}`

			`func Authorize(opt AuthorizeOption) func(*gin.Context) {`
			`return func(c *gin.Context) {`
🔖 [dashboard 0.9.17] 404 页面 2021-08-10 08:13:17 -04:00			`var code = http.StatusForbidden`
🔒️ 增强 ping 历史 API 鉴权 2024-02-24 10:21:33 -05:00			`if opt.GuestOnly {`
Web 服务 2019-12-08 03:59:58 -05:00			`code = http.StatusBadRequest`
			`}`
✨ 前台查看密码 close #24 close #41 2021-01-31 00:37:43 -05:00
Web 服务 2019-12-08 03:59:58 -05:00			`commonErr := ErrInfo{`
			`Title: "访问受限",`
			`Code: code,`
			`Msg: opt.Msg,`
			`Link: opt.Redirect,`
			`Btn: opt.Btn,`
持久化Token 2019-12-20 10:58:09 -05:00			`}`
Web 服务 2019-12-08 03:59:58 -05:00			`var isLogin bool`
⚡️ refactor: 小幅提升性能 2021-01-17 09:05:59 -05:00
✨ 前台查看密码 close #24 close #41 2021-01-31 00:37:43 -05:00			`// 用户鉴权`
theme-mdui by @MikoyChinese 2022-01-08 22:54:14 -05:00			`token, _ := c.Cookie(singleton.Conf.Site.CookieName)`
⚡️ refactor: 小幅提升性能 2021-01-17 09:05:59 -05:00			`token = strings.TrimSpace(token)`
			`if token != "" {`
			`var u model.User`
theme-mdui by @MikoyChinese 2022-01-08 22:54:14 -05:00			`if err := singleton.DB.Where("token = ?", token).First(&u).Error; err == nil {`
⚡️ refactor: 小幅提升性能 2021-01-17 09:05:59 -05:00			`isLogin = u.TokenExpired.After(time.Now())`
			`}`
			`if isLogin {`
			`c.Set(model.CtxKeyAuthorizedUser, &u)`
			`}`
Web 服务 2019-12-08 03:59:58 -05:00			`}`
⚡️ refactor: 小幅提升性能 2021-01-17 09:05:59 -05:00
feat: 服务器状态API 2022-05-16 23:21:27 -04:00			`// API鉴权`
feat: Token生成｜存储｜验证 2022-05-17 22:10:35 -04:00			`if opt.AllowAPI {`
			`apiToken := c.GetHeader("Authorization")`
			`if apiToken != "" {`
			`var u model.User`
update: 线程安全 2022-05-17 22:28:24 -04:00			`singleton.ApiLock.RLock()`
feat: Token生成｜存储｜验证 2022-05-17 22:10:35 -04:00			`if _, ok := singleton.ApiTokenList[apiToken]; ok {`
			`err := singleton.DB.First(&u).Where("id = ?", singleton.ApiTokenList[apiToken].UserID).Error`
			`isLogin = err == nil`
			`}`
update: 线程安全 2022-05-17 22:28:24 -04:00			`singleton.ApiLock.RUnlock()`
feat: Token生成｜存储｜验证 2022-05-17 22:10:35 -04:00			`if isLogin {`
			`c.Set(model.CtxKeyAuthorizedUser, &u)`
			`c.Set("isAPI", true)`
			`}`
feat: 服务器状态API 2022-05-16 23:21:27 -04:00			`}`
			`}`
🔒️ 增强 ping 历史 API 鉴权 2024-02-24 10:21:33 -05:00
Web 服务 2019-12-08 03:59:58 -05:00			`// 已登录且只能游客访问`
🔒️ 增强 ping 历史 API 鉴权 2024-02-24 10:21:33 -05:00			`if isLogin && opt.GuestOnly {`
Web 服务 2019-12-08 03:59:58 -05:00			`ShowErrorPage(c, commonErr, opt.IsPage)`
			`return`
			`}`
🔒️ 增强 ping 历史 API 鉴权 2024-02-24 10:21:33 -05:00
Web 服务 2019-12-08 03:59:58 -05:00			`// 未登录且需要登录`
🔒️ 增强 ping 历史 API 鉴权 2024-02-24 10:21:33 -05:00			`if !isLogin && opt.MemberOnly {`
Web 服务 2019-12-08 03:59:58 -05:00			`ShowErrorPage(c, commonErr, opt.IsPage)`
			`return`
			`}`
🔒️ 增强 ping 历史 API 鉴权 2024-02-24 10:21:33 -05:00
			`// 验证查看密码`
			`if opt.ValidateViewPassword && singleton.Conf.Site.ViewPassword != "" {`
			`viewPassword, _ := c.Cookie(singleton.Conf.Site.CookieName + "-vp")`
			`if err := bcrypt.CompareHashAndPassword([]byte(viewPassword), []byte(singleton.Conf.Site.ViewPassword)); err != nil {`
			`c.HTML(http.StatusOK, GetPreferredTheme(c, "/viewpassword"), CommonEnvironment(c, gin.H{`
			`"Title": singleton.Localizer.MustLocalize(&i18n.LocalizeConfig{MessageID: "VerifyPassword"}),`
			`"CustomCode": singleton.Conf.Site.CustomCode,`
			`}))`
			`c.Abort()`
			`return`
			`}`

			`c.Set(model.CtxKeyViewPasswordVerified, true)`
			`}`
Web 服务 2019-12-08 03:59:58 -05:00			`}`
			`}`