From 569c84175e4179d8b5ccf7ca50378818257c831b Mon Sep 17 00:00:00 2001 From: Yuan Si Date: Tue, 11 Apr 2023 19:11:33 +0800 Subject: [PATCH] Kick off old clients Signed-off-by: Yuan Si --- assets/main.db | Bin 2318336 -> 2351104 bytes database/utils.go | 4 ++-- handler/login.go | 2 +- main.go | 2 +- middleware/middleware.go | 16 +++++++++++++++- 5 files changed, 19 insertions(+), 5 deletions(-) diff --git a/assets/main.db b/assets/main.db index 88e4835f18458130c0b375d161291246234f7931..448c456f1598fa6b219656ece2c8263b1fb1f5d0 100644 GIT binary patch delta 2521 zcmeHJO>7%g5Z?DT>$M%*>-@S&Q#x^k(kc;waDcW@#Z4Au(K=1)h^A6lZ{tn6WW9FR zPGS&}L!`V*s3`Iwh*Kp5HxAT75fVZ+P6UeZ(h0*~kbakb zlTK=C=F>>EkohLm+e_gG3 zKlbek?Dgls4^=gDyZYA72F5GY;4(fu8bLFB?TdSJxR%(xC_cR3wR6fR1UMlO-V1%! zy)J$$t_kl8XYnW=`cTc_fS=l?mmt&iKjFjGVYGq|zv@9B_z55am;g_pi-17DM?fS% z@c@A!fo=jJ0$~CX0uq5JfgS?A1o{Z{6Br;cNFYYw6oDZE!vszf7$I#JA_^lTiGskHpEyx2gQ ztqxQx7hHO#RxT->u%T^fhOJs@+03bBr6p+LHl`SQ&da5xnj0>k%#H_aNDHS*Ra@mpitr2``f-DX)%Jofx6`^!_z#KwZ&A3#RCe}FPE?%b@}E-Jo543| zwfs-v_+wJI@|YCf9u#AvQ~2%kx|!9=dbVtLQax+8TjvnK7aPP~N+lPTWZFIFhiU0SofcEdT%j delta 315 zcmX|)ze@sf0L8!GuXo;^X{V;C*^gJZN)SOqEf%c_K~oT%1rfAJYYs=@qa`vNg8qQ^ z{0=S+HwCsg1VKwgOGArGOW&5>^x?e^yePhsQG6-8)m$KiS`q(|wd>k)F%XMu-?k~0 zKl+>U{*ONzODw1klq<5UJ zN9Ste%Fc$t{jT-PC8B< zIG;}0eo{+vXuNwlI4sFqciZ1)@ky5+$NcREQ~}N=y?o#4IsKfS4y1?hw>}0VCv7D*ylh diff --git a/database/utils.go b/database/utils.go index de91fa8..4426077 100644 --- a/database/utils.go +++ b/database/utils.go @@ -8,11 +8,11 @@ func MatchTokenUid(token, uid string) bool { // fmt.Println(k, v) // fmt.Println() // } - res, err := LevelDb.Get([]byte(token)) + res, err := LevelDb.Get([]byte(uid)) if err != nil { fmt.Println(err) return false } - return string(res) == uid + return string(res) == token } diff --git a/handler/login.go b/handler/login.go index f49673f..cfd4f10 100644 --- a/handler/login.go +++ b/handler/login.go @@ -137,7 +137,7 @@ func LoginHandler(ctx *gin.Context) { sUserId := strconv.Itoa(userId) authorizeToken := utils.RandomBase64Token(32) - err = database.LevelDb.Put([]byte(authorizeToken), []byte(sUserId)) + err = database.LevelDb.Put([]byte(sUserId), []byte(authorizeToken)) CheckErr(err) loginResp := model.LoginResp{} diff --git a/main.go b/main.go index 3ebd096..d4cf1b4 100644 --- a/main.go +++ b/main.go @@ -46,7 +46,7 @@ func main() { // Private APIs // Server APIs - m := r.Group("main.php").Use(middleware.KlabHeader) + m := r.Group("main.php").Use(middleware.CommonMid) { m.POST("/login/authkey", handler.AuthKeyHandler) m.POST("/login/login", handler.LoginHandler) diff --git a/middleware/middleware.go b/middleware/middleware.go index bcf0199..89f469a 100644 --- a/middleware/middleware.go +++ b/middleware/middleware.go @@ -2,11 +2,25 @@ package middleware import ( "honoka-chan/config" + "honoka-chan/database" + "honoka-chan/handler" + "honoka-chan/utils" + "net/http" "github.com/gin-gonic/gin" ) -func KlabHeader(ctx *gin.Context) { +func CommonMid(ctx *gin.Context) { + authorizeStr := ctx.Request.Header["Authorize"] + userId := ctx.Request.Header[http.CanonicalHeaderKey("User-ID")] + if len(userId) > 0 { + authStr, _ := utils.GetAuthorizeToken(authorizeStr) + res, _ := database.LevelDb.Get([]byte(userId[0])) + if authStr != string(res) { + ctx.String(http.StatusForbidden, handler.ErrorMsg) + return + } + } ctx.Header("Content-Type", "application/json; charset=utf-8") ctx.Header("X-Powered-By", config.Conf.Server.PoweredBy) ctx.Header("server_version", config.Conf.Server.VersionDate)