0ct0pu5/siyuan
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
siyuan/kernel/model/session.go

149 lines
3.8 KiB
Go
Raw Permalink Blame History

// SiYuan - Build Your Eternal Digital Garden
// Copyright (c) 2020-present, b3log.org
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package model
import (
"net/http"
"strings"
"github.com/88250/gulu"
ginSessions "github.com/gin-contrib/sessions"
"github.com/gin-gonic/gin"
"github.com/siyuan-note/siyuan/kernel/util"
)
func LogoutAuth(c *gin.Context) {
ret := gulu.Ret.NewResult()
defer c.JSON(http.StatusOK, ret)
if "" == Conf.AccessAuthCode {
ret.Code = -1
ret.Msg = Conf.Language(86)
ret.Data = map[string]interface{}{"closeTimeout": 5000}
return
}
session := ginSessions.Default(c)
session.Options(ginSessions.Options{
Path: "/",
MaxAge: -1,
})
session.Clear()
if err := session.Save(); nil != err {
util.LogErrorf("saves session failed: " + err.Error())
ret.Code = -1
ret.Msg = "save session failed"
}
}
func LoginAuth(c *gin.Context) {
ret := gulu.Ret.NewResult()
defer c.JSON(http.StatusOK, ret)
arg, ok := util.JsonArg(c, ret)
if !ok {
return
}
authCode := arg["authCode"].(string)
if Conf.AccessAuthCode != authCode {
ret.Code = -1
ret.Msg = Conf.Language(83)
return
}
session := &util.SessionData{ID: gulu.Rand.Int(0, 1024), AccessAuthCode: authCode}
if err := session.Save(c); nil != err {
util.LogErrorf("saves session failed: " + err.Error())
ret.Code = -1
ret.Msg = "save session failed"
return
}
}
func CheckReadonly(c *gin.Context) {
if util.ReadOnly {
result := util.NewResult()
result.Code = -1
result.Msg = Conf.Language(34)
result.Data = map[string]interface{}{"closeTimeout": 5000}
c.JSON(200, result)
c.Abort()
return
}
}
func CheckAuth(c *gin.Context) {
//util.LogInfof("check auth for [%s]", c.Request.RequestURI)
// 放过 /appearance/
if strings.HasPrefix(c.Request.RequestURI, "/appearance/") ||
strings.HasPrefix(c.Request.RequestURI, "/stage/build/export/") ||
strings.HasPrefix(c.Request.RequestURI, "/stage/build/fonts/") ||
strings.HasPrefix(c.Request.RequestURI, "/stage/protyle/") {
c.Next()
return
}
// 放过来自本机的资源文件请求
if strings.HasPrefix(c.Request.RemoteAddr, "127.0.0.1") &&
(strings.HasPrefix(c.Request.RequestURI, "/assets/") || strings.HasPrefix(c.Request.RequestURI, "/history/assets/")) {
c.Next()
return
}
// 通过 Cookie
session := util.GetSession(c)
if session.AccessAuthCode == Conf.AccessAuthCode {
c.Next()
return
}
// 通过 API token
if authHeader := c.GetHeader("Authorization"); "" != authHeader {
if strings.HasPrefix(authHeader, "Token ") {
token := strings.TrimPrefix(authHeader, "Token ")
if Conf.Api.Token == token {
c.Next()
return
}
c.JSON(401, map[string]interface{}{"code": -1, "msg": "Auth failed"})
c.Abort()
return
}
}
if strings.HasSuffix(c.Request.RequestURI, "/check-auth") {
c.Next()
return
}
if session.AccessAuthCode != Conf.AccessAuthCode {
userAgentHeader := c.GetHeader("User-Agent")
if strings.HasPrefix(userAgentHeader, "SiYuan/") || strings.HasPrefix(userAgentHeader, "Mozilla/") {
c.Redirect(302, "/check-auth")
c.Abort()
return
}
c.JSON(401, map[string]interface{}{"code": -1, "msg": "Auth failed"})
c.Abort()
return
}
c.Next()
}
Reference in a new issue View git blame Copy permalink