新增代理服务的离线接口,优化认证逻辑,代理服务表添加状态字段
This commit is contained in:
@@ -43,11 +43,13 @@ func Protect(c *fiber.Ctx, types []PayloadType, permissions []string) (*Context,
|
||||
var header = c.Get("Authorization")
|
||||
var split = strings.Split(header, " ")
|
||||
if len(split) != 2 {
|
||||
slog.Debug("Authorization 头格式不正确")
|
||||
return nil, fiber.NewError(fiber.StatusUnauthorized, "无效的令牌")
|
||||
}
|
||||
|
||||
var token = split[1]
|
||||
var token = strings.TrimSpace(split[1])
|
||||
if token == "" {
|
||||
slog.Debug("提供的令牌为空")
|
||||
return nil, fiber.NewError(fiber.StatusUnauthorized, "无效的令牌")
|
||||
}
|
||||
|
||||
@@ -63,7 +65,7 @@ func Protect(c *fiber.Ctx, types []PayloadType, permissions []string) (*Context,
|
||||
}
|
||||
|
||||
case "Basic":
|
||||
if !slices.Contains(types, PayloadSecuredServer) {
|
||||
if !slices.Contains(types, PayloadInternalServer) {
|
||||
slog.Debug("禁止使用 Basic 认证方式")
|
||||
return nil, fiber.NewError(fiber.StatusUnauthorized, "无效的令牌")
|
||||
}
|
||||
@@ -74,18 +76,18 @@ func Protect(c *fiber.Ctx, types []PayloadType, permissions []string) (*Context,
|
||||
}
|
||||
|
||||
default:
|
||||
slog.Debug("无效的认证方式")
|
||||
slog.Debug("无效的认证方式", "method", split[0])
|
||||
return nil, fiber.NewError(fiber.StatusUnauthorized, "无效的令牌")
|
||||
}
|
||||
|
||||
// 检查权限
|
||||
if !slices.Contains(types, auth.Payload.Type) {
|
||||
slog.Debug("无效的认证主体")
|
||||
slog.Debug("无效的负载类型", "except", types, "actual", auth.Payload.Type)
|
||||
return nil, fiber.NewError(fiber.StatusForbidden, "没有权限")
|
||||
}
|
||||
|
||||
if len(permissions) > 0 && !auth.AnyPermission(permissions...) {
|
||||
slog.Debug("无效的认证权限")
|
||||
slog.Debug("无效的认证权限", "except", permissions, "actual", auth.Permissions)
|
||||
return nil, fiber.NewError(fiber.StatusForbidden, "没有权限")
|
||||
}
|
||||
|
||||
@@ -114,15 +116,12 @@ func authBasic(_ context.Context, token string) (*Context, error) {
|
||||
// 解析 Basic 认证信息
|
||||
var base, err = base64.RawURLEncoding.DecodeString(token)
|
||||
if err != nil {
|
||||
slog.Debug(err.Error())
|
||||
return nil, err
|
||||
return nil, errors.New("令牌格式错误,无法解析令牌")
|
||||
}
|
||||
|
||||
var split = strings.Split(string(base), ":")
|
||||
if len(split) != 2 {
|
||||
msg := "无法解析 Basic 认证信息"
|
||||
slog.Debug(msg)
|
||||
return nil, errors.New(msg)
|
||||
return nil, errors.New("令牌格式错误,必须是 <client_id>:<client_secret> 格式")
|
||||
}
|
||||
|
||||
var clientID = split[0]
|
||||
@@ -151,7 +150,7 @@ func authBasic(_ context.Context, token string) (*Context, error) {
|
||||
return &Context{
|
||||
Payload: Payload{
|
||||
Id: client.ID,
|
||||
Type: PayloadSecuredServer,
|
||||
Type: PayloadTypeFromClientSpec(client2.Spec(client.Spec)),
|
||||
Name: client.Name,
|
||||
Avatar: client.Icon,
|
||||
},
|
||||
|
||||
@@ -65,6 +65,8 @@ func (t PayloadType) ToStr() string {
|
||||
return "cpub"
|
||||
case PayloadSecuredServer:
|
||||
return "ccnf"
|
||||
case PayloadInternalServer:
|
||||
return "inte"
|
||||
default:
|
||||
return "none"
|
||||
}
|
||||
@@ -80,6 +82,8 @@ func PayloadTypeFromStr(name string) PayloadType {
|
||||
return PayloadPublicServer
|
||||
case "ccnf":
|
||||
return PayloadSecuredServer
|
||||
case "inte":
|
||||
return PayloadInternalServer
|
||||
default:
|
||||
return PayloadNone
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user