106 lines
2.1 KiB
Go
106 lines
2.1 KiB
Go
package middleware
|
||
|
||
import (
|
||
"github.com/HFO4/cloudreve/models"
|
||
"github.com/HFO4/cloudreve/pkg/auth"
|
||
"github.com/HFO4/cloudreve/pkg/serializer"
|
||
"github.com/gin-contrib/sessions"
|
||
"github.com/gin-gonic/gin"
|
||
"net/http"
|
||
)
|
||
|
||
// SignRequired 验证请求签名
|
||
func SignRequired() gin.HandlerFunc {
|
||
return func(c *gin.Context) {
|
||
var err error
|
||
switch c.Request.Method {
|
||
case "PUT", "POST":
|
||
err = auth.CheckRequest(c.Request)
|
||
// TODO 生产环境去掉下一行
|
||
err = nil
|
||
default:
|
||
err = auth.CheckURI(c.Request.URL)
|
||
}
|
||
|
||
if err != nil {
|
||
c.JSON(200, serializer.Err(serializer.CodeCheckLogin, err.Error(), err))
|
||
c.Abort()
|
||
}
|
||
c.Next()
|
||
}
|
||
}
|
||
|
||
// CurrentUser 获取登录用户
|
||
func CurrentUser() gin.HandlerFunc {
|
||
return func(c *gin.Context) {
|
||
session := sessions.Default(c)
|
||
uid := session.Get("user_id")
|
||
if uid != nil {
|
||
user, err := model.GetUserByID(uid)
|
||
if err == nil {
|
||
c.Set("user", &user)
|
||
}
|
||
}
|
||
c.Next()
|
||
}
|
||
}
|
||
|
||
// AuthRequired 需要登录
|
||
func AuthRequired() gin.HandlerFunc {
|
||
return func(c *gin.Context) {
|
||
if user, _ := c.Get("user"); user != nil {
|
||
if _, ok := user.(*model.User); ok {
|
||
c.Next()
|
||
return
|
||
}
|
||
}
|
||
|
||
c.JSON(200, serializer.CheckLogin())
|
||
c.Abort()
|
||
}
|
||
}
|
||
|
||
// WebDAVAuth 验证WebDAV登录及权限
|
||
// TODO 测试
|
||
func WebDAVAuth() gin.HandlerFunc {
|
||
return func(c *gin.Context) {
|
||
// OPTIONS 请求不需要鉴权,否则Windows10下无法保存文档
|
||
if c.Request.Method == "OPTIONS" {
|
||
c.Next()
|
||
return
|
||
}
|
||
|
||
username, password, ok := c.Request.BasicAuth()
|
||
if !ok {
|
||
c.Writer.Header()["WWW-Authenticate"] = []string{`Basic realm="cloudreve"`}
|
||
c.Status(http.StatusUnauthorized)
|
||
c.Abort()
|
||
return
|
||
}
|
||
|
||
expectedUser, err := model.GetUserByEmail(username)
|
||
if err != nil {
|
||
c.Status(http.StatusUnauthorized)
|
||
c.Abort()
|
||
return
|
||
}
|
||
|
||
// 密码正确?
|
||
ok, _ = expectedUser.CheckPassword(password)
|
||
if !ok {
|
||
c.Status(http.StatusUnauthorized)
|
||
c.Abort()
|
||
return
|
||
}
|
||
|
||
// 用户组已启用WebDAV?
|
||
if !expectedUser.Group.WebDAVEnabled {
|
||
c.Status(http.StatusForbidden)
|
||
c.Abort()
|
||
return
|
||
}
|
||
|
||
c.Set("user", &expectedUser)
|
||
c.Next()
|
||
}
|
||
}
|