git-sync/crawlab
1
0
Fork 0
mirror of https://github.com/crawlab-team/crawlab.git synced 2026-01-27 17:50:53 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e027aeb71fe7efd8aa94bf0228df067a904ec93e
crawlab/backend/middlewares/auth.go
yaziming d8acab7753 Backend: 
1.[improve]
       使用gin提供的RouteGroup功能简化中间件逻辑
    2.[break change]
       移除Authorization Middleware中对登录注册下载特殊处理逻辑
    3.[unsafe problem]
       下载任务csv增加登录验证
Frontend:
    1. 更改csv下载方式
    2. task list页面table section 移除固定width设置,采用自适应,防止大屏空白断裂问题
2019-08-31 15:00:38 +08:00

54 lines
1.2 KiB
Go
Raw Blame History

package middlewares
import (
"crawlab/constants"
"crawlab/routes"
"crawlab/services"
"github.com/gin-gonic/gin"
"net/http"
"strings"
)
func AuthorizationMiddleware() gin.HandlerFunc {
return func(c *gin.Context) {
// 如果为登录或注册,不用校验
//if c.Request.URL.Path == "/login" ||
// (c.Request.URL.Path == "/users" && c.Request.Method == "PUT") ||
// strings.HasSuffix(c.Request.URL.Path, "download") {
// c.Next()
// return
//}
// 获取token string
tokenStr := c.GetHeader("Authorization")
// 校验token
user, err := services.CheckToken(tokenStr)
// 校验失败,返回错误响应
if err != nil {
c.AbortWithStatusJSON(http.StatusUnauthorized, routes.Response{
Status: "ok",
Message: "unauthorized",
Error: "unauthorized",
})
return
}
// 如果为普通权限,校验请求地址是否符合要求
if user.Role == constants.RoleNormal {
if strings.HasPrefix(strings.ToLower(c.Request.URL.Path), "/users") {
c.AbortWithStatusJSON(http.StatusUnauthorized, routes.Response{
Status: "ok",
Message: "unauthorized",
Error: "unauthorized",
})
return
}
}
// 校验成功
c.Next()
}
}
Reference in New Issue View Git Blame Copy Permalink