🎨 Authentication supports query parameters token (#9069)

2023-08-29 16:16:33 +08:00 · 2023-08-29 16:16:33 +08:00 · 2bfefbe885
commit 2bfefbe885
parent 2349b080db
1 changed files with 13 additions and 1 deletions
--- a/kernel/model/session.go
+++ b/kernel/model/session.go
@ -195,7 +195,7 @@ func CheckAuth(c *gin.Context) {
 		return
 	}

-	// 通过 API token
+	// 通过 API token (header: Authorization)
 	if authHeader := c.GetHeader("Authorization"); "" != authHeader {
 		if strings.HasPrefix(authHeader, "Token ") {
 			token := strings.TrimPrefix(authHeader, "Token ")
@ -210,6 +210,18 @@ func CheckAuth(c *gin.Context) {
 		}
 	}

+	// 通过 API token (query-params: token)
+	if token := c.Query("token"); "" != token {
+		if Conf.Api.Token == token {
+			c.Next()
+			return
+		}
+
+		c.JSON(401, map[string]interface{}{"code": -1, "msg": "Auth failed"})
+		c.Abort()
+		return
+	}
+
 	if "/check-auth" == c.Request.URL.Path { // 跳过访问授权页
 		c.Next()
 		return