Binary file not shown.
+2
-2
@@ -8,11 +8,11 @@ func MatchTokenUid(token, uid string) bool {
|
|||||||
// fmt.Println(k, v)
|
// fmt.Println(k, v)
|
||||||
// fmt.Println()
|
// fmt.Println()
|
||||||
// }
|
// }
|
||||||
res, err := LevelDb.Get([]byte(token))
|
res, err := LevelDb.Get([]byte(uid))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
fmt.Println(err)
|
fmt.Println(err)
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
return string(res) == uid
|
return string(res) == token
|
||||||
}
|
}
|
||||||
|
|||||||
+1
-1
@@ -137,7 +137,7 @@ func LoginHandler(ctx *gin.Context) {
|
|||||||
sUserId := strconv.Itoa(userId)
|
sUserId := strconv.Itoa(userId)
|
||||||
authorizeToken := utils.RandomBase64Token(32)
|
authorizeToken := utils.RandomBase64Token(32)
|
||||||
|
|
||||||
err = database.LevelDb.Put([]byte(authorizeToken), []byte(sUserId))
|
err = database.LevelDb.Put([]byte(sUserId), []byte(authorizeToken))
|
||||||
CheckErr(err)
|
CheckErr(err)
|
||||||
|
|
||||||
loginResp := model.LoginResp{}
|
loginResp := model.LoginResp{}
|
||||||
|
|||||||
@@ -46,7 +46,7 @@ func main() {
|
|||||||
// Private APIs
|
// Private APIs
|
||||||
|
|
||||||
// Server APIs
|
// Server APIs
|
||||||
m := r.Group("main.php").Use(middleware.KlabHeader)
|
m := r.Group("main.php").Use(middleware.CommonMid)
|
||||||
{
|
{
|
||||||
m.POST("/login/authkey", handler.AuthKeyHandler)
|
m.POST("/login/authkey", handler.AuthKeyHandler)
|
||||||
m.POST("/login/login", handler.LoginHandler)
|
m.POST("/login/login", handler.LoginHandler)
|
||||||
|
|||||||
@@ -2,11 +2,25 @@ package middleware
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"honoka-chan/config"
|
"honoka-chan/config"
|
||||||
|
"honoka-chan/database"
|
||||||
|
"honoka-chan/handler"
|
||||||
|
"honoka-chan/utils"
|
||||||
|
"net/http"
|
||||||
|
|
||||||
"github.com/gin-gonic/gin"
|
"github.com/gin-gonic/gin"
|
||||||
)
|
)
|
||||||
|
|
||||||
func KlabHeader(ctx *gin.Context) {
|
func CommonMid(ctx *gin.Context) {
|
||||||
|
authorizeStr := ctx.Request.Header["Authorize"]
|
||||||
|
userId := ctx.Request.Header[http.CanonicalHeaderKey("User-ID")]
|
||||||
|
if len(userId) > 0 {
|
||||||
|
authStr, _ := utils.GetAuthorizeToken(authorizeStr)
|
||||||
|
res, _ := database.LevelDb.Get([]byte(userId[0]))
|
||||||
|
if authStr != string(res) {
|
||||||
|
ctx.String(http.StatusForbidden, handler.ErrorMsg)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
ctx.Header("Content-Type", "application/json; charset=utf-8")
|
ctx.Header("Content-Type", "application/json; charset=utf-8")
|
||||||
ctx.Header("X-Powered-By", config.Conf.Server.PoweredBy)
|
ctx.Header("X-Powered-By", config.Conf.Server.PoweredBy)
|
||||||
ctx.Header("server_version", config.Conf.Server.VersionDate)
|
ctx.Header("server_version", config.Conf.Server.VersionDate)
|
||||||
|
|||||||
Reference in New Issue
Block a user