🐶 重构部分用户数据库操作代码

server/api/middleware.go

@@ -0,0 +1,149 @@
+package api
+
+import (
+	"fmt"
+	"net"
+	"regexp"
+	"strings"
+	"time"
+
+	"next-terminal/server/constant"
+	"next-terminal/server/global"
+	"next-terminal/server/utils"
+
+	"github.com/labstack/echo/v4"
+)
+
+func ErrorHandler(next echo.HandlerFunc) echo.HandlerFunc {
+	return func(c echo.Context) error {
+
+		if err := next(c); err != nil {
+
+			if he, ok := err.(*echo.HTTPError); ok {
+				message := fmt.Sprintf("%v", he.Message)
+				return Fail(c, he.Code, message)
+			}
+
+			return Fail(c, 0, err.Error())
+		}
+		return nil
+	}
+}
+
+func TcpWall(next echo.HandlerFunc) echo.HandlerFunc {
+
+	return func(c echo.Context) error {
+
+		if global.Securities == nil {
+			return next(c)
+		}
+
+		ip := c.RealIP()
+		for i := 0; i < len(global.Securities); i++ {
+			security := global.Securities[i]
+
+			if strings.Contains(security.IP, "/") {
+				// CIDR
+				_, ipNet, err := net.ParseCIDR(security.IP)
+				if err != nil {
+					continue
+				}
+				if !ipNet.Contains(net.ParseIP(ip)) {
+					continue
+				}
+			} else if strings.Contains(security.IP, "-") {
+				// 范围段
+				split := strings.Split(security.IP, "-")
+				if len(split) < 2 {
+					continue
+				}
+				start := split[0]
+				end := split[1]
+				intReqIP := utils.IpToInt(ip)
+				if intReqIP < utils.IpToInt(start) || intReqIP > utils.IpToInt(end) {
+					continue
+				}
+			} else {
+				// IP
+				if security.IP != ip {
+					continue
+				}
+			}
+
+			if security.Rule == constant.AccessRuleAllow {
+				return next(c)
+			}
+			if security.Rule == constant.AccessRuleReject {
+				if c.Request().Header.Get("X-Requested-With") != "" || c.Request().Header.Get(Token) != "" {
+					return Fail(c, 0, "您的访问请求被拒绝 :(")
+				} else {
+					return c.HTML(666, "您的访问请求被拒绝 :(")
+				}
+			}
+		}
+
+		return next(c)
+	}
+}
+
+func Auth(next echo.HandlerFunc) echo.HandlerFunc {
+
+	startWithUrls := []string{"/login", "/static", "/favicon.ico", "/logo.svg", "/asciinema"}
+
+	download := regexp.MustCompile(`^/sessions/\w{8}(-\w{4}){3}-\w{12}/download`)
+	recording := regexp.MustCompile(`^/sessions/\w{8}(-\w{4}){3}-\w{12}/recording`)
+
+	return func(c echo.Context) error {
+
+		uri := c.Request().RequestURI
+		if uri == "/" || strings.HasPrefix(uri, "/#") {
+			return next(c)
+		}
+		// 路由拦截 - 登录身份、资源权限判断等
+		for i := range startWithUrls {
+			if strings.HasPrefix(uri, startWithUrls[i]) {
+				return next(c)
+			}
+		}
+
+		if download.FindString(uri) != "" {
+			return next(c)
+		}
+
+		if recording.FindString(uri) != "" {
+			return next(c)
+		}
+
+		token := GetToken(c)
+		cacheKey := BuildCacheKeyByToken(token)
+		authorization, found := global.Cache.Get(cacheKey)
+		if !found {
+			return Fail(c, 401, "您的登录信息已失效，请重新登录后再试。")
+		}
+
+		if authorization.(Authorization).Remember {
+			// 记住登录有效期两周
+			global.Cache.Set(cacheKey, authorization, time.Hour*time.Duration(24*14))
+		} else {
+			global.Cache.Set(cacheKey, authorization, time.Hour*time.Duration(2))
+		}
+
+		return next(c)
+	}
+}
+
+func Admin(next echo.HandlerFunc) echo.HandlerFunc {
+	return func(c echo.Context) error {
+
+		account, found := GetCurrentAccount(c)
+		if !found {
+			return Fail(c, 401, "您的登录信息已失效，请重新登录后再试。")
+		}
+
+		if account.Type != constant.TypeAdmin {
+			return Fail(c, 403, "permission denied")
+		}
+
+		return next(c)
+	}
+}