From 91ecd04c270061429f9df5ec19cd6b96a9f595f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=80=97=E5=AD=90?= Date: Mon, 11 Nov 2024 14:28:00 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E4=BC=98=E5=8C=96=E7=99=BB=E5=BD=95?= =?UTF-8?q?=E4=B8=AD=E9=97=B4=E4=BB=B6=E4=BD=BF=E7=94=A8=E7=99=BD=E5=90=8D?= =?UTF-8?q?=E5=8D=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- internal/http/middleware/middleware.go | 3 ++- internal/http/middleware/must_login.go | 16 +++++++++++ internal/route/http.go | 37 +++++++------------------- 3 files changed, 28 insertions(+), 28 deletions(-) diff --git a/internal/http/middleware/middleware.go b/internal/http/middleware/middleware.go index a6276d66..a4242948 100644 --- a/internal/http/middleware/middleware.go +++ b/internal/http/middleware/middleware.go @@ -24,8 +24,9 @@ func GlobalMiddleware() []func(http.Handler) http.Handler { LogRequestHeaders: []string{"User-Agent"}, }), middleware.Recoverer, - Entrance, Status, + Entrance, + MustLogin, MustInstall, } } diff --git a/internal/http/middleware/must_login.go b/internal/http/middleware/must_login.go index 611db64b..f91ef4fb 100644 --- a/internal/http/middleware/must_login.go +++ b/internal/http/middleware/must_login.go @@ -3,6 +3,8 @@ package middleware import ( "context" "net/http" + "slices" + "strings" "github.com/go-rat/chix" "github.com/spf13/cast" @@ -12,6 +14,14 @@ import ( // MustLogin 确保已登录 func MustLogin(next http.Handler) http.Handler { + // 白名单 + whiteList := []string{ + "/api/user/login", + "/api/user/logout", + "/api/user/isLogin", + "/api/dashboard/panel", + } + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { sess, err := app.Session.GetSession(r) if err != nil { @@ -22,6 +32,12 @@ func MustLogin(next http.Handler) http.Handler { }) } + // 对白名单和非 API 请求放行 + if slices.Contains(whiteList, r.URL.Path) || !strings.HasPrefix(r.URL.Path, "/api") { + next.ServeHTTP(w, r) + return + } + if sess.Missing("user_id") { render := chix.NewRender(w) render.Status(http.StatusUnauthorized) diff --git a/internal/route/http.go b/internal/route/http.go index 5445e779..8d4f0205 100644 --- a/internal/route/http.go +++ b/internal/route/http.go @@ -21,25 +21,24 @@ func Http(r chi.Router) { r.With(middleware.Throttle(5, time.Minute)).Post("/login", user.Login) r.Post("/logout", user.Logout) r.Get("/isLogin", user.IsLogin) - r.With(middleware.MustLogin).Get("/info", user.Info) + r.Get("/info", user.Info) }) r.Route("/dashboard", func(r chi.Router) { dashboard := service.NewDashboardService() r.Get("/panel", dashboard.Panel) - r.With(middleware.MustLogin).Get("/homeApps", dashboard.HomeApps) - r.With(middleware.MustLogin).Post("/current", dashboard.Current) - r.With(middleware.MustLogin).Get("/systemInfo", dashboard.SystemInfo) - r.With(middleware.MustLogin).Get("/countInfo", dashboard.CountInfo) - r.With(middleware.MustLogin).Get("/installedDbAndPhp", dashboard.InstalledDbAndPhp) - r.With(middleware.MustLogin).Get("/checkUpdate", dashboard.CheckUpdate) - r.With(middleware.MustLogin).Get("/updateInfo", dashboard.UpdateInfo) - r.With(middleware.MustLogin).Post("/update", dashboard.Update) - r.With(middleware.MustLogin).Post("/restart", dashboard.Restart) + r.Get("/homeApps", dashboard.HomeApps) + r.Post("/current", dashboard.Current) + r.Get("/systemInfo", dashboard.SystemInfo) + r.Get("/countInfo", dashboard.CountInfo) + r.Get("/installedDbAndPhp", dashboard.InstalledDbAndPhp) + r.Get("/checkUpdate", dashboard.CheckUpdate) + r.Get("/updateInfo", dashboard.UpdateInfo) + r.Post("/update", dashboard.Update) + r.Post("/restart", dashboard.Restart) }) r.Route("/task", func(r chi.Router) { - r.Use(middleware.MustLogin) task := service.NewTaskService() r.Get("/status", task.Status) r.Get("/", task.List) @@ -48,7 +47,6 @@ func Http(r chi.Router) { }) r.Route("/website", func(r chi.Router) { - r.Use(middleware.MustLogin) website := service.NewWebsiteService() r.Get("/defaultConfig", website.GetDefaultConfig) r.Post("/defaultConfig", website.UpdateDefaultConfig) @@ -65,7 +63,6 @@ func Http(r chi.Router) { }) r.Route("/database", func(r chi.Router) { - r.Use(middleware.MustLogin) database := service.NewDatabaseService() r.Get("/", database.List) r.Post("/", database.Create) @@ -74,7 +71,6 @@ func Http(r chi.Router) { }) r.Route("/databaseServer", func(r chi.Router) { - r.Use(middleware.MustLogin) database := service.NewDatabaseService() r.Get("/", database.List) r.Post("/", database.Create) @@ -83,7 +79,6 @@ func Http(r chi.Router) { }) r.Route("/backup", func(r chi.Router) { - r.Use(middleware.MustLogin) backup := service.NewBackupService() r.Get("/{type}", backup.List) r.Post("/{type}", backup.Create) @@ -93,7 +88,6 @@ func Http(r chi.Router) { }) r.Route("/cert", func(r chi.Router) { - r.Use(middleware.MustLogin) cert := service.NewCertService() r.Get("/caProviders", cert.CAProviders) r.Get("/dnsProviders", cert.DNSProviders) @@ -131,7 +125,6 @@ func Http(r chi.Router) { }) r.Route("/app", func(r chi.Router) { - r.Use(middleware.MustLogin) app := service.NewAppService() r.Get("/list", app.List) r.Post("/install", app.Install) @@ -143,7 +136,6 @@ func Http(r chi.Router) { }) r.Route("/cron", func(r chi.Router) { - r.Use(middleware.MustLogin) cron := service.NewCronService() r.Get("/", cron.List) r.Post("/", cron.Create) @@ -154,7 +146,6 @@ func Http(r chi.Router) { }) r.Route("/safe", func(r chi.Router) { - r.Use(middleware.MustLogin) safe := service.NewSafeService() r.Get("/ssh", safe.GetSSH) r.Post("/ssh", safe.UpdateSSH) @@ -163,7 +154,6 @@ func Http(r chi.Router) { }) r.Route("/firewall", func(r chi.Router) { - r.Use(middleware.MustLogin) firewall := service.NewFirewallService() r.Get("/status", firewall.GetStatus) r.Post("/status", firewall.UpdateStatus) @@ -179,7 +169,6 @@ func Http(r chi.Router) { }) r.Route("/ssh", func(r chi.Router) { - r.Use(middleware.MustLogin) ssh := service.NewSSHService() r.Get("/", ssh.List) r.Post("/", ssh.Create) @@ -189,7 +178,6 @@ func Http(r chi.Router) { }) r.Route("/container", func(r chi.Router) { - r.Use(middleware.MustLogin) r.Route("/container", func(r chi.Router) { container := service.NewContainerService() r.Get("/", container.List) @@ -230,7 +218,6 @@ func Http(r chi.Router) { }) r.Route("/file", func(r chi.Router) { - r.Use(middleware.MustLogin) file := service.NewFileService() r.Post("/create", file.Create) r.Get("/content", file.Content) @@ -251,7 +238,6 @@ func Http(r chi.Router) { }) r.Route("/monitor", func(r chi.Router) { - r.Use(middleware.MustLogin) monitor := service.NewMonitorService() r.Get("/setting", monitor.GetSetting) r.Post("/setting", monitor.UpdateSetting) @@ -260,14 +246,12 @@ func Http(r chi.Router) { }) r.Route("/setting", func(r chi.Router) { - r.Use(middleware.MustLogin) setting := service.NewSettingService() r.Get("/", setting.Get) r.Post("/", setting.Update) }) r.Route("/systemctl", func(r chi.Router) { - r.Use(middleware.MustLogin) systemctl := service.NewSystemctlService() r.Get("/status", systemctl.Status) r.Get("/isEnabled", systemctl.IsEnabled) @@ -280,7 +264,6 @@ func Http(r chi.Router) { }) r.Route("/apps", func(r chi.Router) { - r.Use(middleware.MustLogin) apps.Boot(r) }) })