mirror of
https://github.com/OpenListTeam/OpenList.git
synced 2025-07-18 17:38:07 +08:00
0c461991f9
* chore: standardize context keys with custom ContextKey type * fix bug * 使用Request.Context
149 lines
3.4 KiB
Go
149 lines
3.4 KiB
Go
package middlewares
|
|
|
|
import (
|
|
"crypto/subtle"
|
|
|
|
"github.com/OpenListTeam/OpenList/v4/internal/conf"
|
|
"github.com/OpenListTeam/OpenList/v4/internal/model"
|
|
"github.com/OpenListTeam/OpenList/v4/internal/op"
|
|
"github.com/OpenListTeam/OpenList/v4/internal/setting"
|
|
"github.com/OpenListTeam/OpenList/v4/server/common"
|
|
"github.com/gin-gonic/gin"
|
|
log "github.com/sirupsen/logrus"
|
|
)
|
|
|
|
// Auth is a middleware that checks if the user is logged in.
|
|
// if token is empty, set user to guest
|
|
func Auth(c *gin.Context) {
|
|
token := c.GetHeader("Authorization")
|
|
if subtle.ConstantTimeCompare([]byte(token), []byte(setting.GetStr(conf.Token))) == 1 {
|
|
admin, err := op.GetAdmin()
|
|
if err != nil {
|
|
common.ErrorResp(c, err, 500)
|
|
c.Abort()
|
|
return
|
|
}
|
|
common.GinWithValue(c, conf.UserKey, admin)
|
|
log.Debugf("use admin token: %+v", admin)
|
|
c.Next()
|
|
return
|
|
}
|
|
if token == "" {
|
|
guest, err := op.GetGuest()
|
|
if err != nil {
|
|
common.ErrorResp(c, err, 500)
|
|
c.Abort()
|
|
return
|
|
}
|
|
if guest.Disabled {
|
|
common.ErrorStrResp(c, "Guest user is disabled, login please", 401)
|
|
c.Abort()
|
|
return
|
|
}
|
|
common.GinWithValue(c, conf.UserKey, guest)
|
|
log.Debugf("use empty token: %+v", guest)
|
|
c.Next()
|
|
return
|
|
}
|
|
userClaims, err := common.ParseToken(token)
|
|
if err != nil {
|
|
common.ErrorResp(c, err, 401)
|
|
c.Abort()
|
|
return
|
|
}
|
|
user, err := op.GetUserByName(userClaims.Username)
|
|
if err != nil {
|
|
common.ErrorResp(c, err, 401)
|
|
c.Abort()
|
|
return
|
|
}
|
|
// validate password timestamp
|
|
if userClaims.PwdTS != user.PwdTS {
|
|
common.ErrorStrResp(c, "Password has been changed, login please", 401)
|
|
c.Abort()
|
|
return
|
|
}
|
|
if user.Disabled {
|
|
common.ErrorStrResp(c, "Current user is disabled, replace please", 401)
|
|
c.Abort()
|
|
return
|
|
}
|
|
common.GinWithValue(c, conf.UserKey, user)
|
|
log.Debugf("use login token: %+v", user)
|
|
c.Next()
|
|
}
|
|
|
|
func Authn(c *gin.Context) {
|
|
token := c.GetHeader("Authorization")
|
|
if subtle.ConstantTimeCompare([]byte(token), []byte(setting.GetStr(conf.Token))) == 1 {
|
|
admin, err := op.GetAdmin()
|
|
if err != nil {
|
|
common.ErrorResp(c, err, 500)
|
|
c.Abort()
|
|
return
|
|
}
|
|
common.GinWithValue(c, conf.UserKey, admin)
|
|
log.Debugf("use admin token: %+v", admin)
|
|
c.Next()
|
|
return
|
|
}
|
|
if token == "" {
|
|
guest, err := op.GetGuest()
|
|
if err != nil {
|
|
common.ErrorResp(c, err, 500)
|
|
c.Abort()
|
|
return
|
|
}
|
|
common.GinWithValue(c, conf.UserKey, guest)
|
|
log.Debugf("use empty token: %+v", guest)
|
|
c.Next()
|
|
return
|
|
}
|
|
userClaims, err := common.ParseToken(token)
|
|
if err != nil {
|
|
common.ErrorResp(c, err, 401)
|
|
c.Abort()
|
|
return
|
|
}
|
|
user, err := op.GetUserByName(userClaims.Username)
|
|
if err != nil {
|
|
common.ErrorResp(c, err, 401)
|
|
c.Abort()
|
|
return
|
|
}
|
|
// validate password timestamp
|
|
if userClaims.PwdTS != user.PwdTS {
|
|
common.ErrorStrResp(c, "Password has been changed, login please", 401)
|
|
c.Abort()
|
|
return
|
|
}
|
|
if user.Disabled {
|
|
common.ErrorStrResp(c, "Current user is disabled, replace please", 401)
|
|
c.Abort()
|
|
return
|
|
}
|
|
common.GinWithValue(c, conf.UserKey, user)
|
|
log.Debugf("use login token: %+v", user)
|
|
c.Next()
|
|
}
|
|
|
|
func AuthNotGuest(c *gin.Context) {
|
|
user := c.Request.Context().Value(conf.UserKey).(*model.User)
|
|
if user.IsGuest() {
|
|
common.ErrorStrResp(c, "You are a guest", 403)
|
|
c.Abort()
|
|
} else {
|
|
c.Next()
|
|
}
|
|
}
|
|
|
|
func AuthAdmin(c *gin.Context) {
|
|
user := c.Request.Context().Value(conf.UserKey).(*model.User)
|
|
if !user.IsAdmin() {
|
|
common.ErrorStrResp(c, "You are not an admin", 403)
|
|
c.Abort()
|
|
} else {
|
|
c.Next()
|
|
}
|
|
}
|