Backups/OpenList
1
0
Fork 0
mirror of https://github.com/OpenListTeam/OpenList.git synced 2025-09-19 20:26:26 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
12fd52b6b74e222cee0d8ff550a1908ee1b40d1d
OpenList/server/middlewares/auth.go
Kuingsmile fdcc2f136e chore: change module name to OpenListTeam/OpenList (#2) 
* Enable blank issue

* chore(README.md): update docs (temporally)

* Update FUNDING.yml

* chore: purge README.md

* chore: change module name to OpenListTeam/OpenList

* fix: fix link errors

* chore: remove v3 in module name

* fix: resolve some conficts

* fix: resolve conficts

* docs: update with latest file

---------

Co-authored-by: ShenLin <773933146@qq.com>
Co-authored-by: Hantong Chen <cxwdyx620@gmail.com>
Co-authored-by: joshua <i@joshua.su>
Co-authored-by: Hantong Chen <70561268+cxw620@users.noreply.github.com>
2025-06-12 22:02:46 +08:00

149 lines
3.2 KiB
Go
Raw Blame History

package middlewares
import (
"crypto/subtle"
"github.com/OpenListTeam/OpenList/internal/conf"
"github.com/OpenListTeam/OpenList/internal/model"
"github.com/OpenListTeam/OpenList/internal/op"
"github.com/OpenListTeam/OpenList/internal/setting"
"github.com/OpenListTeam/OpenList/server/common"
"github.com/gin-gonic/gin"
log "github.com/sirupsen/logrus"
)
// Auth is a middleware that checks if the user is logged in.
// if token is empty, set user to guest
func Auth(c *gin.Context) {
token := c.GetHeader("Authorization")
if subtle.ConstantTimeCompare([]byte(token), []byte(setting.GetStr(conf.Token))) == 1 {
admin, err := op.GetAdmin()
if err != nil {
common.ErrorResp(c, err, 500)
c.Abort()
return
}
c.Set("user", admin)
log.Debugf("use admin token: %+v", admin)
c.Next()
return
}
if token == "" {
guest, err := op.GetGuest()
if err != nil {
common.ErrorResp(c, err, 500)
c.Abort()
return
}
if guest.Disabled {
common.ErrorStrResp(c, "Guest user is disabled, login please", 401)
c.Abort()
return
}
c.Set("user", guest)
log.Debugf("use empty token: %+v", guest)
c.Next()
return
}
userClaims, err := common.ParseToken(token)
if err != nil {
common.ErrorResp(c, err, 401)
c.Abort()
return
}
user, err := op.GetUserByName(userClaims.Username)
if err != nil {
common.ErrorResp(c, err, 401)
c.Abort()
return
}
// validate password timestamp
if userClaims.PwdTS != user.PwdTS {
common.ErrorStrResp(c, "Password has been changed, login please", 401)
c.Abort()
return
}
if user.Disabled {
common.ErrorStrResp(c, "Current user is disabled, replace please", 401)
c.Abort()
return
}
c.Set("user", user)
log.Debugf("use login token: %+v", user)
c.Next()
}
func Authn(c *gin.Context) {
token := c.GetHeader("Authorization")
if subtle.ConstantTimeCompare([]byte(token), []byte(setting.GetStr(conf.Token))) == 1 {
admin, err := op.GetAdmin()
if err != nil {
common.ErrorResp(c, err, 500)
c.Abort()
return
}
c.Set("user", admin)
log.Debugf("use admin token: %+v", admin)
c.Next()
return
}
if token == "" {
guest, err := op.GetGuest()
if err != nil {
common.ErrorResp(c, err, 500)
c.Abort()
return
}
c.Set("user", guest)
log.Debugf("use empty token: %+v", guest)
c.Next()
return
}
userClaims, err := common.ParseToken(token)
if err != nil {
common.ErrorResp(c, err, 401)
c.Abort()
return
}
user, err := op.GetUserByName(userClaims.Username)
if err != nil {
common.ErrorResp(c, err, 401)
c.Abort()
return
}
// validate password timestamp
if userClaims.PwdTS != user.PwdTS {
common.ErrorStrResp(c, "Password has been changed, login please", 401)
c.Abort()
return
}
if user.Disabled {
common.ErrorStrResp(c, "Current user is disabled, replace please", 401)
c.Abort()
return
}
c.Set("user", user)
log.Debugf("use login token: %+v", user)
c.Next()
}
func AuthNotGuest(c *gin.Context) {
user := c.MustGet("user").(*model.User)
if user.IsGuest() {
common.ErrorStrResp(c, "You are a guest", 403)
c.Abort()
} else {
c.Next()
}
}
func AuthAdmin(c *gin.Context) {
user := c.MustGet("user").(*model.User)
if !user.IsAdmin() {
common.ErrorStrResp(c, "You are not an admin", 403)
c.Abort()
} else {
c.Next()
}
}
Reference in New Issue View Git Blame Copy Permalink