fix: 优化路由路径获取方式

2026-02-04 03:07:20 +08:00 · 2025-07-07 02:47:59 +08:00
parent 5a9ccddabd
commit ed5c74c753
4 changed files with 22 additions and 14 deletions
--- a/internal/http/middleware/entrance.go
+++ b/internal/http/middleware/entrance.go
@@ -29,6 +29,8 @@ func Entrance(t *gotext.Locale, conf *koanf.Koanf, session *sessions.Manager) fu
 				entrance = "/" + entrance
 			}

+			routePath := chi.RouteContext(r.Context()).RoutePath
+
 			// 情况一：设置了绑定域名、IP、UA，且请求不符合要求，返回错误
 			host, _, err := net.SplitHostPort(r.Host)
 			if err != nil {
@@ -78,7 +80,7 @@ func Entrance(t *gotext.Locale, conf *koanf.Koanf, session *sessions.Manager) fu
 			}

 			// 情况二：请求路径与入口路径相同或者未设置访问入口，标记通过验证并重定向到登录页面
-			if (strings.TrimSuffix(r.URL.Path, "/") == entrance || entrance == "/") &&
+			if (strings.TrimSuffix(routePath, "/") == entrance || entrance == "/") &&
 				r.Header.Get("Authorization") == "" {
 				sess.Put("verify_entrance", true)
 				render := chix.NewRender(w, r)
@@ -88,12 +90,12 @@ func Entrance(t *gotext.Locale, conf *koanf.Koanf, session *sessions.Manager) fu
 			}

 			// 情况三：通过APIKey+入口路径访问，重写请求路径并跳过验证
-			if strings.HasPrefix(r.URL.Path, entrance) && r.Header.Get("Authorization") != "" {
+			if strings.HasPrefix(routePath, entrance) && r.Header.Get("Authorization") != "" {
 				// 只在设置了入口路径的情况下，才进行重写
 				if entrance != "/" {
 					if rctx := chi.RouteContext(r.Context()); rctx != nil {
-						rctx.RoutePath = strings.TrimPrefix(rctx.RoutePath, entrance)
-						r.URL.Path = strings.TrimPrefix(r.URL.Path, entrance)
+						rctx.RoutePath = strings.TrimPrefix(routePath, entrance)
+						r.URL.Path = strings.TrimPrefix(routePath, entrance)
 					}
 				}
 				next.ServeHTTP(w, r)
@@ -103,7 +105,7 @@ func Entrance(t *gotext.Locale, conf *koanf.Koanf, session *sessions.Manager) fu
 			// 情况四：非调试模式且未通过验证的请求，返回错误
 			if !conf.Bool("app.debug") &&
 				sess.Missing("verify_entrance") &&
-				r.URL.Path != "/robots.txt" {
+				routePath != "/robots.txt" {
 				Abort(w, http.StatusTeapot, t.Get("invalid access entrance"))
 				return
 			}
--- a/internal/http/middleware/middleware.go
+++ b/internal/http/middleware/middleware.go
@@ -39,16 +39,16 @@ func NewMiddlewares(conf *koanf.Koanf, log *slog.Logger, session *sessions.Manag
 // Globals is a collection of global middleware that will be applied to every request.
 func (r *Middlewares) Globals(t *gotext.Locale, mux *chi.Mux) []func(http.Handler) http.Handler {
 	return []func(http.Handler) http.Handler{
-		sessionmiddleware.StartSession(r.session),
+		middleware.Recoverer,
 		//middleware.SupressNotFound(mux),// bug https://github.com/go-chi/chi/pull/940
 		middleware.CleanPath,
 		middleware.StripSlashes,
-		middleware.Compress(5),
 		httplog.RequestLogger(r.log, &httplog.Options{
 			Level:             slog.LevelInfo,
 			LogRequestHeaders: []string{"User-Agent"},
 		}),
-		middleware.Recoverer,
+		middleware.Compress(5),
+		sessionmiddleware.StartSession(r.session),
 		Status(t),
 		Entrance(t, r.conf, r.session),
 		MustLogin(t, r.session, r.userToken),
--- a/internal/http/middleware/must_install.go
+++ b/internal/http/middleware/must_install.go
@@ -4,6 +4,7 @@ import (
 	"net/http"
 	"strings"

+	"github.com/go-chi/chi/v5"
 	"github.com/leonelquinteros/gotext"

 	"github.com/tnb-labs/panel/internal/biz"
@@ -13,13 +14,15 @@ import (
 func MustInstall(t *gotext.Locale, app biz.AppRepo) func(next http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			routePath := chi.RouteContext(r.Context()).RoutePath
+
 			var slugs []string
-			if strings.HasPrefix(r.URL.Path, "/api/website") {
+			if strings.HasPrefix(routePath, "/api/website") {
 				slugs = append(slugs, "nginx")
-			} else if strings.HasPrefix(r.URL.Path, "/api/container") {
+			} else if strings.HasPrefix(routePath, "/api/container") {
 				slugs = append(slugs, "podman", "docker")
-			} else if strings.HasPrefix(r.URL.Path, "/api/apps/") {
-				pathArr := strings.Split(r.URL.Path, "/")
+			} else if strings.HasPrefix(routePath, "/api/apps/") {
+				pathArr := strings.Split(routePath, "/")
 				if len(pathArr) < 4 {
 					Abort(w, http.StatusForbidden, t.Get("app not found"))
 					return
--- a/internal/http/middleware/must_login.go
+++ b/internal/http/middleware/must_login.go
@@ -9,6 +9,7 @@ import (
 	"slices"
 	"strings"

+	"github.com/go-chi/chi/v5"
 	"github.com/go-rat/sessions"
 	"github.com/leonelquinteros/gotext"
 	"github.com/spf13/cast"
@@ -35,8 +36,10 @@ func MustLogin(t *gotext.Locale, session *sessions.Manager, userToken biz.UserTo
 				return
 			}

+			routePath := chi.RouteContext(r.Context()).RoutePath
+
 			// 对白名单和非 API 请求放行
-			if slices.Contains(whiteList, r.URL.Path) || !strings.HasPrefix(r.URL.Path, "/api") {
+			if slices.Contains(whiteList, routePath) || !strings.HasPrefix(routePath, "/api") {
 				next.ServeHTTP(w, r)
 				return
 			}
@@ -44,7 +47,7 @@ func MustLogin(t *gotext.Locale, session *sessions.Manager, userToken biz.UserTo
 			userID := uint(0)
 			if r.Header.Get("Authorization") != "" {
 				// 禁止访问 ws 相关的接口
-				if strings.HasPrefix(r.URL.Path, "/api/ws") {
+				if strings.HasPrefix(routePath, "/api/ws") {
 					Abort(w, http.StatusForbidden, t.Get("ws not allowed"))
 					return
 				}