diff --git a/assets/main.db b/assets/main.db index 88e4835..448c456 100644 Binary files a/assets/main.db and b/assets/main.db differ diff --git a/database/utils.go b/database/utils.go index de91fa8..4426077 100644 --- a/database/utils.go +++ b/database/utils.go @@ -8,11 +8,11 @@ func MatchTokenUid(token, uid string) bool { // fmt.Println(k, v) // fmt.Println() // } - res, err := LevelDb.Get([]byte(token)) + res, err := LevelDb.Get([]byte(uid)) if err != nil { fmt.Println(err) return false } - return string(res) == uid + return string(res) == token } diff --git a/handler/login.go b/handler/login.go index f49673f..cfd4f10 100644 --- a/handler/login.go +++ b/handler/login.go @@ -137,7 +137,7 @@ func LoginHandler(ctx *gin.Context) { sUserId := strconv.Itoa(userId) authorizeToken := utils.RandomBase64Token(32) - err = database.LevelDb.Put([]byte(authorizeToken), []byte(sUserId)) + err = database.LevelDb.Put([]byte(sUserId), []byte(authorizeToken)) CheckErr(err) loginResp := model.LoginResp{} diff --git a/main.go b/main.go index 3ebd096..d4cf1b4 100644 --- a/main.go +++ b/main.go @@ -46,7 +46,7 @@ func main() { // Private APIs // Server APIs - m := r.Group("main.php").Use(middleware.KlabHeader) + m := r.Group("main.php").Use(middleware.CommonMid) { m.POST("/login/authkey", handler.AuthKeyHandler) m.POST("/login/login", handler.LoginHandler) diff --git a/middleware/middleware.go b/middleware/middleware.go index bcf0199..89f469a 100644 --- a/middleware/middleware.go +++ b/middleware/middleware.go @@ -2,11 +2,25 @@ package middleware import ( "honoka-chan/config" + "honoka-chan/database" + "honoka-chan/handler" + "honoka-chan/utils" + "net/http" "github.com/gin-gonic/gin" ) -func KlabHeader(ctx *gin.Context) { +func CommonMid(ctx *gin.Context) { + authorizeStr := ctx.Request.Header["Authorize"] + userId := ctx.Request.Header[http.CanonicalHeaderKey("User-ID")] + if len(userId) > 0 { + authStr, _ := utils.GetAuthorizeToken(authorizeStr) + res, _ := database.LevelDb.Get([]byte(userId[0])) + if authStr != string(res) { + ctx.String(http.StatusForbidden, handler.ErrorMsg) + return + } + } ctx.Header("Content-Type", "application/json; charset=utf-8") ctx.Header("X-Powered-By", config.Conf.Server.PoweredBy) ctx.Header("server_version", config.Conf.Server.VersionDate)