feat: 禁止通过api访问ws接口

2026-02-04 04:22:33 +08:00 · 2025-05-17 16:53:10 +08:00
parent 855c8cfb51
commit e5f26d2f23
1 changed files with 10 additions and 0 deletions
--- a/internal/http/middleware/must_login.go
+++ b/internal/http/middleware/must_login.go
@@ -49,6 +49,16 @@ func MustLogin(t *gotext.Locale, session *sessions.Manager, userToken biz.UserTo

 			userID := uint(0)
 			if r.Header.Get("Authorization") != "" {
+				// 禁止访问 ws 相关的接口
+				if strings.HasPrefix(r.URL.Path, "/api/ws") {
+					render := chix.NewRender(w)
+					defer render.Release()
+					render.Status(http.StatusForbidden)
+					render.JSON(chix.M{
+						"msg": t.Get("ws not allowed"),
+					})
+					return
+				}
 				// API 请求验证
 				if userID, err = userToken.ValidateReq(r); err != nil {
 					render := chix.NewRender(w)