🐛 查看密码逻辑修复

cmd/dashboard/controller/api_v1.go

@@ -33,12 +33,15 @@ func (v *apiV1) serve() {
 	mr.Use(mygin.Authorize(mygin.AuthorizeOption{
 		MemberOnly: false,
 		IsPage:     false,
-		ValidateViewPassword: true,
 		AllowAPI:   true,
 		Msg:        "访问此接口需要认证",
 		Btn:        "点此登录",
 		Redirect:   "/login",
 	}))
+	mr.Use(mygin.ValidateViewPassword(mygin.ValidateViewPasswordOption{
+		IsPage:        false,
+		AbortWhenFail: true,
+	}))
 	mr.GET("/:id", v.monitorHistoriesById)
 }
 

cmd/dashboard/controller/common_page.go

@@ -43,12 +43,14 @@ type commonPage struct {
 
 func (cp *commonPage) serve() {
 	cr := cp.r.Group("")
-	cr.Use(mygin.Authorize(mygin.AuthorizeOption{
+	cr.Use(mygin.Authorize(mygin.AuthorizeOption{}))
-		ValidateViewPassword: true,
-	}))
 	cr.Use(mygin.PreferredTheme)
-	cr.GET("/terminal/:id", cp.terminal)
 	cr.POST("/view-password", cp.issueViewPassword)
+	cr.GET("/terminal/:id", cp.terminal)
+	cr.Use(mygin.ValidateViewPassword(mygin.ValidateViewPasswordOption{
+		IsPage:        true,
+		AbortWhenFail: true,
+	}))
 	cr.GET("/", cp.home)
 	cr.GET("/service", cp.service)
 	// TODO: 界面直接跳转使用该接口
@@ -65,6 +67,7 @@ type viewPasswordForm struct {
 func (p *commonPage) issueViewPassword(c *gin.Context) {
 	var vpf viewPasswordForm
 	err := c.ShouldBind(&vpf)
+	log.Println("bingo", vpf)
 	var hash []byte
 	if err == nil && vpf.Password != singleton.Conf.Site.ViewPassword {
 		err = errors.New(singleton.Localizer.MustLocalize(&i18n.LocalizeConfig{MessageID: "WrongAccessPassword"}))

pkg/mygin/auth.go

@@ -6,8 +6,6 @@ import (
 	"time"
 
 	"github.com/gin-gonic/gin"
-	"github.com/nicksnyder/go-i18n/v2/i18n"
-	"golang.org/x/crypto/bcrypt"
 
 	"github.com/naiba/nezha/model"
 	"github.com/naiba/nezha/service/singleton"
@@ -16,7 +14,6 @@ import (
 type AuthorizeOption struct {
 	GuestOnly  bool
 	MemberOnly bool
-	ValidateViewPassword bool
 	IsPage     bool
 	AllowAPI   bool
 	Msg        string
@@ -82,20 +79,5 @@ func Authorize(opt AuthorizeOption) func(*gin.Context) {
 			ShowErrorPage(c, commonErr, opt.IsPage)
 			return
 		}
-
-		// 验证查看密码
-		if opt.ValidateViewPassword && singleton.Conf.Site.ViewPassword != "" {
-			viewPassword, _ := c.Cookie(singleton.Conf.Site.CookieName + "-vp")
-			if err := bcrypt.CompareHashAndPassword([]byte(viewPassword), []byte(singleton.Conf.Site.ViewPassword)); err != nil {
-				c.HTML(http.StatusOK, GetPreferredTheme(c, "/viewpassword"), CommonEnvironment(c, gin.H{
-					"Title":      singleton.Localizer.MustLocalize(&i18n.LocalizeConfig{MessageID: "VerifyPassword"}),
-					"CustomCode": singleton.Conf.Site.CustomCode,
-				}))
-				c.Abort()
-				return
-			}
-
-			c.Set(model.CtxKeyViewPasswordVerified, true)
-		}
 	}
 }

pkg/mygin/view_password.go

@@ -0,0 +1,52 @@
+package mygin
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+	"github.com/naiba/nezha/model"
+	"github.com/naiba/nezha/service/singleton"
+	"github.com/nicksnyder/go-i18n/v2/i18n"
+	"golang.org/x/crypto/bcrypt"
+)
+
+type ValidateViewPasswordOption struct {
+	IsPage        bool
+	AbortWhenFail bool
+}
+
+func ValidateViewPassword(opt ValidateViewPasswordOption) gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if singleton.Conf.Site.ViewPassword == "" {
+			return
+		}
+		_, authorized := c.Get(model.CtxKeyAuthorizedUser)
+		if authorized {
+			return
+		}
+		viewPassword, err := c.Cookie(singleton.Conf.Site.CookieName + "-vp")
+		if err == nil {
+			err = bcrypt.CompareHashAndPassword([]byte(viewPassword), []byte(singleton.Conf.Site.ViewPassword))
+		}
+		if err == nil {
+			c.Set(model.CtxKeyViewPasswordVerified, true)
+			return
+		}
+		if !opt.AbortWhenFail {
+			return
+		}
+		if opt.IsPage {
+			c.HTML(http.StatusOK, GetPreferredTheme(c, "/viewpassword"), CommonEnvironment(c, gin.H{
+				"Title":      singleton.Localizer.MustLocalize(&i18n.LocalizeConfig{MessageID: "VerifyPassword"}),
+				"CustomCode": singleton.Conf.Site.CustomCode,
+			}))
+
+		} else {
+			c.JSON(http.StatusOK, model.Response{
+				Code:    http.StatusForbidden,
+				Message: "访问受限",
+			})
+		}
+		c.Abort()
+	}
+}