Skip to content

Commit

Permalink
feat: 鉴权支持服务token
Browse files Browse the repository at this point in the history
  • Loading branch information
@RockChinQ
RockChinQ committed Apr 26, 2024
1 parent 6026d01 commit 865a72f
Show file tree
Hide file tree
Showing 3 changed files with 76 additions and 2 deletions.
16 changes: 16 additions & 0 deletions backend/controller/accapi.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,14 @@ func NewAccountRouter(rg *gin.RouterGroup, as service.AccountService) *AccountRo

// 创建账户
func (ar *AccountRouter) CreateAccount(c *gin.Context) {

_, err := ar.Auth(c, ServiceOnly)

if err != nil {
ar.StatusCode(c, 401, err.Error())
return
}

// 取body的json里的uin
var body AccountCreateBody

Expand Down Expand Up @@ -105,6 +113,14 @@ func (ar *AccountRouter) LoginAccount(c *gin.Context) {

// 重置密码
func (ar *AccountRouter) ResetPassword(c *gin.Context) {

_, err := ar.Auth(c, ServiceOnly)

if err != nil {
ar.StatusCode(c, 401, err.Error())
return
}

// 取body的json里的uin
var body AccountCreateBody

Expand Down
43 changes: 43 additions & 0 deletions backend/controller/api.go
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package controller

import (
"errors"
"net/http"
"strings"
"time"
Expand All @@ -9,6 +10,7 @@ import (
"github.com/RockChinQ/Campux/backend/util"
"github.com/gin-contrib/cors"
"github.com/gin-gonic/gin"
"github.com/spf13/viper"
)

type APIController struct {
Expand Down Expand Up @@ -40,6 +42,8 @@ func NewApiController(
)
}

// 鉴权中间件

r.Use(func(c *gin.Context) {
if strings.HasPrefix(c.Request.URL.Path, "/v1") {
c.Next()
Expand Down Expand Up @@ -68,6 +72,45 @@ func NewApiController(
type APIRouter struct {
}

type AuthenticationType int

const (
UserOnly AuthenticationType = 1
ServiceOnly AuthenticationType = 2
Both AuthenticationType = 3
)

// 鉴权
// 如果是服务鉴权,则拿Authorization头对比service.token
// 其他的都是用户鉴权,直接尝试从GetUin取uin
func (ar *APIRouter) Auth(c *gin.Context, authType AuthenticationType) (int64, error) {
serviceToken := viper.GetString("service.token")

uin, err := int64(-1), errors.New("authentication failed")

if authType&ServiceOnly == ServiceOnly {
bearer := c.GetHeader("Authorization")
if bearer != "" {
bearer = bearer[7:]

if bearer == serviceToken {
uin = 0
err = nil
}
}
}

if err == nil {
return uin, err
}

if authType&UserOnly == UserOnly {
uin, err = ar.GetUin(c)
}

return uin, err
}

// 从jwt取uin
func (ar *APIRouter) GetUin(c *gin.Context) (int64, error) {

Expand Down
19 changes: 17 additions & 2 deletions backend/controller/postapi.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,8 @@ func (pr *PostRouter) PostNew(c *gin.Context) {

// 下载图片
func (pr *PostRouter) DownloadImage(c *gin.Context) {
_, err := pr.GetUin(c)

_, err := pr.Auth(c, Both)

if err != nil {
pr.StatusCode(c, 401, err.Error())
Expand Down Expand Up @@ -162,6 +163,16 @@ func (pr *PostRouter) GetSelfPosts(c *gin.Context) {

// 获取稿件列表
func (pr *PostRouter) GetPosts(c *gin.Context) {

_, err := pr.Auth(c, Both)

if err != nil {
pr.StatusCode(c, 401, err.Error())
return
}

// TODO 检查用户权限

var body GetPostsBody

if err := c.ShouldBindJSON(&body); err != nil {
Expand Down Expand Up @@ -189,13 +200,15 @@ func (pr *PostRouter) GetPosts(c *gin.Context) {
}

func (pr *PostRouter) GetPostInfo(c *gin.Context) {
_, err := pr.GetUin(c)
_, err := pr.Auth(c, Both)

if err != nil {
pr.StatusCode(c, 401, err.Error())
return
}

// TODO 检查用户权限

id := c.Param("id")

idInt, err := strconv.Atoi(id)
Expand Down Expand Up @@ -256,6 +269,8 @@ func (pr *PostRouter) ReviewPost(c *gin.Context) {
return
}

// TODO 检查用户权限

// 取body的json里的id, status, comment
var body PostReviewBody

Expand Down

0 comments on commit 865a72f

Please sign in to comment.