evan/next-terminal
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

优化路由权限校验

Browse Source
This commit is contained in:
dushixiang 2021-03-05 20:49:40 +08:00
parent c891f7e016
commit 67155ff5c0
1 changed files with 20 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
pkg/api/middleware.go
View File

@ -5,6 +5,7 @@ import (
"github.com/labstack/echo/v4" "github.com/labstack/echo/v4"
"next-terminal/pkg/global" "next-terminal/pkg/global"
"next-terminal/pkg/model" "next-terminal/pkg/model"
"regexp"
"strings" "strings"
"time" "time"
) )
@ -27,19 +28,32 @@ func ErrorHandler(next echo.HandlerFunc) echo.HandlerFunc {
func Auth(next echo.HandlerFunc) echo.HandlerFunc { func Auth(next echo.HandlerFunc) echo.HandlerFunc {
urls := []string{"/download", "/recording", "/login", "/static", "/favicon.ico", "/logo.svg", "/asciinema"} startWithUrls := []string{"/login", "/static", "/favicon.ico", "/logo.svg", "/asciinema"}
download := regexp.MustCompile(`/sessions/\w{8}(-\w{4}){3}-\w{12}/download`)
recording := regexp.MustCompile(`/sessions/\w{8}(-\w{4}){3}-\w{12}/recording`)
return func(c echo.Context) error { return func(c echo.Context) error {
uri := c.Request().RequestURI
if uri == "/" || strings.HasPrefix(uri, "/#") {
return next(c)
}
// 路由拦截 - 登录身份、资源权限判断等 // 路由拦截 - 登录身份、资源权限判断等
for i := range urls { for i := range startWithUrls {
if c.Request().RequestURI == "/" || strings.HasPrefix(c.Request().RequestURI, "/#") { if strings.HasPrefix(uri, startWithUrls[i]) {
return next(c)
}
if strings.HasPrefix(c.Request().RequestURI, urls[i]) {
return next(c) return next(c)
} }
} }
if download.FindString(uri) != "" {
return next(c)
}
if recording.FindString(uri) != "" {
return next(c)
}
token := GetToken(c) token := GetToken(c)
cacheKey := strings.Join([]string{Token, token}, ":") cacheKey := strings.Join([]string{Token, token}, ":")
authorization, found := global.Cache.Get(cacheKey) authorization, found := global.Cache.Get(cacheKey)