diff --git a/internal/handler/login/login.go b/internal/handler/login/login.go index 55f6e18..a5a5497 100644 --- a/internal/handler/login/login.go +++ b/internal/handler/login/login.go @@ -4,6 +4,7 @@ import ( "encoding/base64" "errors" "honoka-chan/internal/middleware" + loginmodel "honoka-chan/internal/model/login" usermodel "honoka-chan/internal/model/user" "honoka-chan/internal/router" loginschema "honoka-chan/internal/schema/login" @@ -74,6 +75,15 @@ func login(ctx *gin.Context) { return } + ss.SetAuthKey(&loginmodel.AuthKey{ + AuthorizeToken: authorizeToken, + UserID: userID, + InsertDate: time.Now().Format("2006-01-02 15:04:05"), + }) + if ss.Done() { + return + } + ss.Respond(loginschema.LoginResp{ ResponseData: loginschema.LoginData{ AuthorizeToken: authorizeToken, diff --git a/internal/middleware/common.go b/internal/middleware/common.go index 048fe2c..9554d68 100644 --- a/internal/middleware/common.go +++ b/internal/middleware/common.go @@ -25,7 +25,6 @@ func Common(ctx *gin.Context) { ctx.Set("request_data", reqData) uid := ctx.GetHeader("User-ID") - ctx.Set("userid", uid) ss := session.Attach(ctx) ctx.Set("session", ss) @@ -35,13 +34,6 @@ func Common(ctx *gin.Context) { return } - if !honokautils.IsMainLoginEndpoint(ctx.Request.URL.Path) { - if ss.UserPref.ForceRelogin { - ss.AbortWithStatus(http.StatusNotFound, honokautils.NewNotFoundContent(ctx.Request.URL.Path)) - return - } - } - authorize := ctx.GetHeader("Authorize") params, err := url.ParseQuery(authorize) if err != nil { @@ -56,6 +48,34 @@ func Common(ctx *gin.Context) { token := params.Get("token") ctx.Set("token", token) + if !honokautils.IsMainLoginEndpoint(ctx.Request.URL.Path) { + userID, err := strconv.Atoi(uid) + if err != nil || userID <= 0 { + ss.AbortWithStatus(http.StatusNotFound, honokautils.NewNotFoundContent(ctx.Request.URL.Path)) + return + } + + valid, err := ss.IsAuthorizeTokenForUser(token, userID) + if ss.CheckErr(err) { + return + } + if !valid { + ss.AbortWithStatus(http.StatusNotFound, honokautils.NewNotFoundContent(ctx.Request.URL.Path)) + return + } + + ctx.Set("userid", uid) + ss.LoadUser(uid) + if ss.Done() { + return + } + + if ss.UserPref.ForceRelogin { + ss.AbortWithStatus(http.StatusNotFound, honokautils.NewNotFoundContent(ctx.Request.URL.Path)) + return + } + } + ctx.Header("user_id", uid) ctx.Header("authorize", fmt.Sprintf("consumerKey=lovelive_test&timeStamp=%d&version=1.1&token=%s&nonce=%d&user_id=%s&requestTimeStamp=%d", time.Now().Unix(), token, nonce, uid, time.Now().Unix())) diff --git a/internal/model/login/authkey.go b/internal/model/login/authkey.go index 58eb812..25e6687 100644 --- a/internal/model/login/authkey.go +++ b/internal/model/login/authkey.go @@ -3,6 +3,7 @@ package loginmodel type AuthKey struct { ID int `xorm:"id pk autoincr"` AuthorizeToken string `xorm:"authorize_token"` + UserID int `xorm:"user_id index"` ClientToken string `xorm:"client_token"` ServerToken string `xorm:"server_token"` InsertDate string `xorm:"insert_date"` diff --git a/internal/session/login.go b/internal/session/login.go index 51137d3..b143df2 100644 --- a/internal/session/login.go +++ b/internal/session/login.go @@ -19,3 +19,13 @@ func (ss *Session) SetAuthKey(authKey *loginmodel.AuthKey) { return } } + +func (ss *Session) IsAuthorizeTokenForUser(token string, userID int) (bool, error) { + if token == "" || userID <= 0 { + return false, nil + } + + return ss.UserEng.Table(new(loginmodel.AuthKey)). + Where("authorize_token = ? AND user_id = ?", token, userID). + Exist() +} diff --git a/internal/session/session.go b/internal/session/session.go index 5de739a..cf18e0f 100644 --- a/internal/session/session.go +++ b/internal/session/session.go @@ -53,15 +53,18 @@ func New(ctx *gin.Context) *Session { ss.UserEng = db.UserEng.NewSession() ss.UserEng.Begin() - userID := ctx.GetString("userid") - if userID != "" { - ss.UserPref = ss.GetUserPref(userID) - ss.UserID = ss.UserPref.UserID - } - return ss } +func (ss *Session) LoadUser(userID string) { + ss.UserPref = ss.GetUserPref(userID) + ss.UserID = ss.UserPref.UserID +} + +func (ss *Session) Done() bool { + return ss.done +} + func Get(ctx *gin.Context) *Session { return ctx.MustGet("session").(*Session) }