feat: 优化登录中间件使用白名单

internal/http/middleware/middleware.go

@@ -24,8 +24,9 @@ func GlobalMiddleware() []func(http.Handler) http.Handler {
 			LogRequestHeaders: []string{"User-Agent"},
 		}),
 		middleware.Recoverer,
-		Entrance,
 		Status,
+		Entrance,
+		MustLogin,
 		MustInstall,
 	}
 }

internal/http/middleware/must_login.go

@@ -3,6 +3,8 @@ package middleware
 import (
 	"context"
 	"net/http"
+	"slices"
+	"strings"
 
 	"github.com/go-rat/chix"
 	"github.com/spf13/cast"
@@ -12,6 +14,14 @@ import (
 
 // MustLogin 确保已登录
 func MustLogin(next http.Handler) http.Handler {
+	// 白名单
+	whiteList := []string{
+		"/api/user/login",
+		"/api/user/logout",
+		"/api/user/isLogin",
+		"/api/dashboard/panel",
+	}
+
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		sess, err := app.Session.GetSession(r)
 		if err != nil {
@@ -22,6 +32,12 @@ func MustLogin(next http.Handler) http.Handler {
 			})
 		}
 
+		// 对白名单和非 API 请求放行
+		if slices.Contains(whiteList, r.URL.Path) || !strings.HasPrefix(r.URL.Path, "/api") {
+			next.ServeHTTP(w, r)
+			return
+		}
+
 		if sess.Missing("user_id") {
 			render := chix.NewRender(w)
 			render.Status(http.StatusUnauthorized)