From e5f26d2f23a47de4e3972c7f5d2bffee1cae77b8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=80=97=E5=AD=90?= <haozi@loli.email>
Date: Sat, 17 May 2025 16:53:10 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E7=A6=81=E6=AD=A2=E9=80=9A=E8=BF=87api?=
 =?UTF-8?q?=E8=AE=BF=E9=97=AEws=E6=8E=A5=E5=8F=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 internal/http/middleware/must_login.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/internal/http/middleware/must_login.go b/internal/http/middleware/must_login.go
index 0cf92626..a6d25201 100644
--- a/internal/http/middleware/must_login.go
+++ b/internal/http/middleware/must_login.go
@@ -49,6 +49,16 @@ func MustLogin(t *gotext.Locale, session *sessions.Manager, userToken biz.UserTo
 
 			userID := uint(0)
 			if r.Header.Get("Authorization") != "" {
+				// 禁止访问 ws 相关的接口
+				if strings.HasPrefix(r.URL.Path, "/api/ws") {
+					render := chix.NewRender(w)
+					defer render.Release()
+					render.Status(http.StatusForbidden)
+					render.JSON(chix.M{
+						"msg": t.Get("ws not allowed"),
+					})
+					return
+				}
 				// API 请求验证
 				if userID, err = userToken.ValidateReq(r); err != nil {
 					render := chix.NewRender(w)