init commit
This commit is contained in:
10
server/web/auth/auth.go
Normal file
10
server/web/auth/auth.go
Normal file
@@ -0,0 +1,10 @@
|
||||
package auth
|
||||
|
||||
import "github.com/gin-gonic/gin"
|
||||
|
||||
type Config struct {
|
||||
}
|
||||
|
||||
func Apply(r *gin.Engine, config *Config) {
|
||||
r.Use(middleware)
|
||||
}
|
||||
41
server/web/auth/context.go
Normal file
41
server/web/auth/context.go
Normal file
@@ -0,0 +1,41 @@
|
||||
package auth
|
||||
|
||||
type Context interface {
|
||||
Permissions() map[string]struct{}
|
||||
PermitAll(permissions ...string) bool
|
||||
PermitAny(permissions ...string) bool
|
||||
}
|
||||
|
||||
// region DeviceContext
|
||||
|
||||
type DeviceContext struct {
|
||||
ID uint
|
||||
IpAddress string
|
||||
Permissions map[string]struct{}
|
||||
}
|
||||
|
||||
func (c DeviceContext) PermitAny(permissions ...string) bool {
|
||||
if _, exist := c.Permissions["*"]; exist {
|
||||
return true
|
||||
}
|
||||
for _, permission := range permissions {
|
||||
if _, ok := c.Permissions[permission]; ok {
|
||||
return true
|
||||
}
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func (c DeviceContext) PermitAll(permissions ...string) bool {
|
||||
if _, exist := c.Permissions["*"]; exist {
|
||||
return true
|
||||
}
|
||||
for _, permission := range permissions {
|
||||
if _, ok := c.Permissions[permission]; !ok {
|
||||
return false
|
||||
}
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
// endregion
|
||||
97
server/web/auth/middleware.go
Normal file
97
server/web/auth/middleware.go
Normal file
@@ -0,0 +1,97 @@
|
||||
package auth
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"github.com/gin-gonic/gin"
|
||||
"github.com/pkg/errors"
|
||||
"log/slog"
|
||||
"net/http"
|
||||
"os"
|
||||
"proxy-server/pkg/resp"
|
||||
"slices"
|
||||
"strings"
|
||||
)
|
||||
|
||||
func middleware(c *gin.Context) {
|
||||
|
||||
auth := check(c)
|
||||
if auth {
|
||||
secret, err := getSecret(c)
|
||||
if err != nil {
|
||||
slog.Error("认证失败", err)
|
||||
fail400(c, err)
|
||||
return
|
||||
}
|
||||
err = authenticate(c, secret)
|
||||
if err != nil {
|
||||
slog.Error("认证失败", err)
|
||||
fail401(c, err)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
c.Next()
|
||||
}
|
||||
|
||||
var (
|
||||
securedPaths = []string{
|
||||
"/connect",
|
||||
}
|
||||
)
|
||||
|
||||
func check(c *gin.Context) bool {
|
||||
path := c.Request.URL.Path
|
||||
if slices.Contains(securedPaths, path) {
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func getSecret(c *gin.Context) (string, error) {
|
||||
|
||||
// 获取认证信息
|
||||
header := strings.Split(c.GetHeader("Authorization"), " ")
|
||||
if len(header) != 2 {
|
||||
return "", errors.New("无认证信息")
|
||||
}
|
||||
|
||||
// 检查认证类型
|
||||
schema := header[0]
|
||||
if schema != "Secret" {
|
||||
return "", errors.New("不支持的认证类型 " + schema)
|
||||
}
|
||||
|
||||
// 解码密钥
|
||||
parameters := header[1]
|
||||
result, err := base64.URLEncoding.DecodeString(parameters)
|
||||
if err != nil {
|
||||
return "", errors.Wrap(err, "密钥解析失败")
|
||||
}
|
||||
|
||||
return string(result), nil
|
||||
}
|
||||
|
||||
func authenticate(_ *gin.Context, secret string) error {
|
||||
if secret != os.Getenv("SECRET") {
|
||||
return errors.New("认证失败")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func fail400(c *gin.Context, err error) {
|
||||
_ = c.Error(err)
|
||||
c.Abort()
|
||||
c.JSON(
|
||||
http.StatusBadRequest,
|
||||
resp.Fail(err.Error()),
|
||||
)
|
||||
}
|
||||
|
||||
func fail401(c *gin.Context, err error) {
|
||||
_ = c.Error(err)
|
||||
c.Abort()
|
||||
c.JSON(
|
||||
http.StatusUnauthorized,
|
||||
resp.Fail(err.Error()),
|
||||
)
|
||||
}
|
||||
Reference in New Issue
Block a user