diff --git a/api/core/app_server.go b/api/core/app_server.go index 8818d8ab..3f9f33d0 100644 --- a/api/core/app_server.go +++ b/api/core/app_server.go @@ -8,29 +8,20 @@ package core // * +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ import ( - "bytes" - "context" "fmt" + "geekai/core/middleware" "geekai/core/types" "geekai/store/model" "geekai/utils" - "geekai/utils/resp" - "image" - "image/jpeg" "io" "net/http" - "os" "runtime/debug" - "strings" "time" "github.com/gin-gonic/gin" "github.com/go-redis/redis/v8" - "github.com/golang-jwt/jwt/v5" "github.com/imroc/req/v3" - "github.com/nfnt/resize" "github.com/shirou/gopsutil/host" - "golang.org/x/image/webp" "gorm.io/gorm" ) @@ -42,34 +33,39 @@ type AuthConfig struct { var authConfig = &AuthConfig{ ExactPaths: map[string]bool{ - "/api/user/login": false, - "/api/user/logout": false, - "/api/user/resetPass": false, - "/api/user/register": false, - "/api/admin/login": false, - "/api/admin/logout": false, - "/api/admin/login/captcha": false, - "/api/app/list": false, - "/api/app/type/list": false, - "/api/app/list/user": false, - "/api/model/list": false, - "/api/mj/imgWall": false, - "/api/mj/notify": false, - "/api/invite/hits": false, - "/api/sd/imgWall": false, - "/api/dall/imgWall": false, - "/api/product/list": false, - "/api/menu/list": false, - "/api/markMap/client": false, - "/api/payment/doPay": false, - "/api/payment/payWays": false, - "/api/download": false, - "/api/dall/models": false, + "/api/user/login": false, + "/api/user/logout": false, + "/api/user/resetPass": false, + "/api/user/register": false, + "/api/user/clogin": false, + "/api/user/clogin/callback": false, + "/api/user/signin": false, + "/api/admin/login": false, + "/api/admin/logout": false, + "/api/admin/login/captcha": false, + "/api/app/list": false, + "/api/app/type/list": false, + "/api/app/list/user": false, + "/api/model/list": false, + "/api/mj/imgWall": false, + "/api/mj/notify": false, + "/api/invite/hits": false, + "/api/sd/imgWall": false, + "/api/dall/imgWall": false, + "/api/product/list": false, + "/api/menu/list": false, + "/api/markMap/client": false, + "/api/payment/doPay": false, + "/api/payment/payWays": false, + "/api/download": false, + "/api/dall/models": false, + "/api/chat/message": false, // 聊天接口需要特殊处理 + "/api/realtime": false, // 实时通信接口需要特殊处理 + "/api/realtime/voice": false, // 语音聊天接口需要特殊处理 }, PrefixPaths: map[string]bool{ "/api/test/": false, "/api/payment/notify/": false, - "/api/user/clogin": false, "/api/config/": false, "/api/function/": false, "/api/sms/": false, @@ -97,10 +93,8 @@ func NewServer(appConfig *types.AppConfig, redis *redis.Client, sysConfig *types } func (s *AppServer) Init(client *redis.Client) { - s.Engine.Use(corsMiddleware()) - s.Engine.Use(staticResourceMiddleware()) - s.Engine.Use(authorizeMiddleware(s, client)) - s.Engine.Use(parameterHandlerMiddleware()) + s.Engine.Use(middleware.ParameterHandlerMiddleware()) + s.Engine.Use(middleware.StaticMiddleware()) s.Engine.Use(errorHandler) // 添加静态资源访问 s.Engine.Static("/static", s.Config.StaticDir) @@ -150,283 +144,3 @@ func errorHandler(c *gin.Context) { //加载完 defer recover,继续后续接口调用 c.Next() } - -// 跨域中间件设置 -func corsMiddleware() gin.HandlerFunc { - return func(c *gin.Context) { - method := c.Request.Method - origin := c.Request.Header.Get("Origin") - - // 设置允许的请求源 - if origin != "" { - c.Header("Access-Control-Allow-Origin", origin) - } else { - c.Header("Access-Control-Allow-Origin", "*") - } - - c.Header("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, UPDATE") - //允许跨域设置可以返回其他子段,可以自定义字段 - c.Header("Access-Control-Allow-Headers", "Authorization, Body-Length, Body-Type, Admin-Authorization,content-type") - // 允许浏览器(客户端)可以解析的头部 (重要) - c.Header("Access-Control-Expose-Headers", "Body-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers") - //设置缓存时间 - c.Header("Access-Control-Max-Age", "172800") - //允许客户端传递校验信息比如 cookie (重要) - c.Header("Access-Control-Allow-Credentials", "true") - - if method == http.MethodOptions { - c.JSON(http.StatusOK, "ok!") - } - - defer func() { - if err := recover(); err != nil { - logger.Info("Panic info is: %v", err) - } - }() - - c.Next() - } -} - -// 用户授权验证 -func authorizeMiddleware(s *AppServer, client *redis.Client) gin.HandlerFunc { - return func(c *gin.Context) { - if !needLogin(c) { - c.Next() - return - } - - clientProtocols := c.GetHeader("Sec-WebSocket-Protocol") - var tokenString string - isAdminApi := strings.Contains(c.Request.URL.Path, "/api/admin/") - if isAdminApi { // 后台管理 API - tokenString = c.GetHeader(types.AdminAuthHeader) - } else if clientProtocols != "" { // Websocket 连接 - // 解析子协议内容 - protocols := strings.Split(clientProtocols, ",") - if protocols[0] == "realtime" { - tokenString = strings.TrimSpace(protocols[1][25:]) - } else if protocols[0] == "token" { - tokenString = strings.TrimSpace(protocols[1]) - } - } else { - tokenString = c.GetHeader(types.UserAuthHeader) - } - - if tokenString == "" { - resp.NotAuth(c, "You should put Authorization in request headers") - c.Abort() - return - } - - token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) { - if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok { - return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"]) - } - if isAdminApi { - return []byte(s.Config.AdminSession.SecretKey), nil - } else { - return []byte(s.Config.Session.SecretKey), nil - } - - }) - - if err != nil { - resp.NotAuth(c, fmt.Sprintf("Error with parse auth token: %v", err)) - c.Abort() - return - } - - claims, ok := token.Claims.(jwt.MapClaims) - if !ok || !token.Valid { - resp.NotAuth(c, "Token is invalid") - c.Abort() - return - } - - expr := utils.IntValue(utils.InterfaceToString(claims["expired"]), 0) - if expr > 0 && int64(expr) < time.Now().Unix() { - resp.NotAuth(c, "Token is expired") - c.Abort() - return - } - - key := fmt.Sprintf("users/%v", claims["user_id"]) - if isAdminApi { - key = fmt.Sprintf("admin/%v", claims["user_id"]) - } - if _, err := client.Get(context.Background(), key).Result(); err != nil { - resp.NotAuth(c, "Token is not found in redis") - c.Abort() - return - } - c.Set(types.LoginUserID, claims["user_id"]) - c.Next() - } -} - -func needLogin(c *gin.Context) bool { - path := c.Request.URL.Path - - // 如果不是 API 路径,不需要登录 - if !strings.HasPrefix(path, "/api") { - return false - } - - // 检查精确匹配的路径 - if skip, exists := authConfig.ExactPaths[path]; exists { - return skip - } - - // 检查前缀匹配的路径 - for prefix, skip := range authConfig.PrefixPaths { - if strings.HasPrefix(path, prefix) { - return skip - } - } - - return true -} - -// 跳过授权 -func (s *AppServer) SkipAuth(url string) { - authConfig.ExactPaths[url] = false -} - -func (s *AppServer) SkipAuthPrefix(url string) { - authConfig.PrefixPaths[url] = false -} - -// 统一参数处理 -func parameterHandlerMiddleware() gin.HandlerFunc { - return func(c *gin.Context) { - // GET 参数处理 - params := c.Request.URL.Query() - for key, values := range params { - for i, value := range values { - params[key][i] = strings.TrimSpace(value) - } - } - // update get parameters - c.Request.URL.RawQuery = params.Encode() - // skip file upload requests - contentType := c.Request.Header.Get("Content-Type") - if strings.Contains(contentType, "multipart/form-data") { - c.Next() - return - } - - if strings.Contains(contentType, "application/json") { - // process POST JSON request body - bodyBytes, err := io.ReadAll(c.Request.Body) - if err != nil { - c.Next() - return - } - - // 还原请求体 - c.Request.Body = io.NopCloser(bytes.NewBuffer(bodyBytes)) - // 将请求体解析为 JSON - var jsonData map[string]interface{} - if err := c.ShouldBindJSON(&jsonData); err != nil { - c.Next() - return - } - - // 对 JSON 数据中的字符串值去除两端空格 - trimJSONStrings(jsonData) - // 更新请求体 - c.Request.Body = io.NopCloser(bytes.NewBufferString(utils.JsonEncode(jsonData))) - } - - c.Next() - } -} - -// 递归对 JSON 数据中的字符串值去除两端空格 -func trimJSONStrings(data interface{}) { - switch v := data.(type) { - case map[string]interface{}: - for key, value := range v { - switch valueType := value.(type) { - case string: - v[key] = strings.TrimSpace(valueType) - case map[string]interface{}, []interface{}: - trimJSONStrings(value) - } - } - case []interface{}: - for i, value := range v { - switch valueType := value.(type) { - case string: - v[i] = strings.TrimSpace(valueType) - case map[string]interface{}, []interface{}: - trimJSONStrings(value) - } - } - } -} - -// 静态资源中间件 -func staticResourceMiddleware() gin.HandlerFunc { - return func(c *gin.Context) { - - url := c.Request.URL.String() - // 拦截生成缩略图请求 - if strings.HasPrefix(url, "/static/") && strings.Contains(url, "?imageView2") { - r := strings.SplitAfter(url, "imageView2") - size := strings.Split(r[1], "/") - if len(size) != 8 { - c.String(http.StatusNotFound, "invalid thumb args") - return - } - with := utils.IntValue(size[3], 0) - height := utils.IntValue(size[5], 0) - quality := utils.IntValue(size[7], 75) - - // 打开图片文件 - filePath := strings.TrimLeft(c.Request.URL.Path, "/") - file, err := os.Open(filePath) - if err != nil { - c.String(http.StatusNotFound, "Image not found") - return - } - defer file.Close() - - // 解码图片 - img, _, err := image.Decode(file) - // for .webp image - if err != nil { - img, err = webp.Decode(file) - } - if err != nil { - c.String(http.StatusInternalServerError, "Error decoding image") - return - } - - var newImg image.Image - if height == 0 || with == 0 { - // 固定宽度,高度自适应 - newImg = resize.Resize(uint(with), uint(height), img, resize.Lanczos3) - } else { - // 生成缩略图 - newImg = resize.Thumbnail(uint(with), uint(height), img, resize.Lanczos3) - } - var buffer bytes.Buffer - err = jpeg.Encode(&buffer, newImg, &jpeg.Options{Quality: quality}) - if err != nil { - logger.Error(err) - c.String(http.StatusInternalServerError, err.Error()) - return - } - - // 设置图片缓存有效期为一年 (365天) - c.Header("Cache-Control", "max-age=31536000, public") - // 直接输出图像数据流 - c.Data(http.StatusOK, "image/jpeg", buffer.Bytes()) - c.Abort() // 中断请求 - - } - c.Next() - } -} diff --git a/api/core/midware/auth_midware.go b/api/core/middleware/auth.go similarity index 97% rename from api/core/midware/auth_midware.go rename to api/core/middleware/auth.go index 027ad57f..8f73d3a8 100644 --- a/api/core/midware/auth_midware.go +++ b/api/core/middleware/auth.go @@ -1,4 +1,4 @@ -package midware +package middleware import ( "context" @@ -13,7 +13,7 @@ import ( "github.com/golang-jwt/jwt" ) -// 用户授权验证 +// 前端用户授权验证 func UserAuthMiddleware(secretKey string, redis *redis.Client) gin.HandlerFunc { return func(c *gin.Context) { tokenString := c.GetHeader(types.UserAuthHeader) @@ -60,6 +60,7 @@ func UserAuthMiddleware(secretKey string, redis *redis.Client) gin.HandlerFunc { } } +// 管理后台用户授权验证 func AdminAuthMiddleware(secretKey string, redis *redis.Client) gin.HandlerFunc { return func(c *gin.Context) { tokenString := c.GetHeader(types.AdminAuthHeader) diff --git a/api/core/midware/parameter_midware.go b/api/core/middleware/parameter.go similarity index 98% rename from api/core/midware/parameter_midware.go rename to api/core/middleware/parameter.go index ae5d84d1..9b4483ed 100644 --- a/api/core/midware/parameter_midware.go +++ b/api/core/middleware/parameter.go @@ -1,4 +1,4 @@ -package midware +package middleware import ( "bytes" diff --git a/api/core/midware/rate_limit_midware.go b/api/core/middleware/rate_limit.go similarity index 98% rename from api/core/midware/rate_limit_midware.go rename to api/core/middleware/rate_limit.go index bf8a5166..903728db 100644 --- a/api/core/midware/rate_limit_midware.go +++ b/api/core/middleware/rate_limit.go @@ -1,4 +1,4 @@ -package midware +package middleware import ( "context" diff --git a/api/core/middleware/static.go b/api/core/middleware/static.go new file mode 100644 index 00000000..2e91f9c8 --- /dev/null +++ b/api/core/middleware/static.go @@ -0,0 +1,78 @@ +package middleware + +import ( + "bytes" + "geekai/utils" + "image" + "image/jpeg" + "net/http" + "os" + "strings" + + "github.com/gin-gonic/gin" + "github.com/nfnt/resize" + "golang.org/x/image/webp" +) + +// 静态资源中间件 +func StaticMiddleware() gin.HandlerFunc { + return func(c *gin.Context) { + + url := c.Request.URL.String() + // 拦截生成缩略图请求 + if strings.HasPrefix(url, "/static/") && strings.Contains(url, "?imageView2") { + r := strings.SplitAfter(url, "imageView2") + size := strings.Split(r[1], "/") + if len(size) != 8 { + c.String(http.StatusNotFound, "invalid thumb args") + return + } + with := utils.IntValue(size[3], 0) + height := utils.IntValue(size[5], 0) + quality := utils.IntValue(size[7], 75) + + // 打开图片文件 + filePath := strings.TrimLeft(c.Request.URL.Path, "/") + file, err := os.Open(filePath) + if err != nil { + c.String(http.StatusNotFound, "Image not found") + return + } + defer file.Close() + + // 解码图片 + img, _, err := image.Decode(file) + // for .webp image + if err != nil { + img, err = webp.Decode(file) + } + if err != nil { + c.String(http.StatusInternalServerError, "Error decoding image") + return + } + + var newImg image.Image + if height == 0 || with == 0 { + // 固定宽度,高度自适应 + newImg = resize.Resize(uint(with), uint(height), img, resize.Lanczos3) + } else { + // 生成缩略图 + newImg = resize.Thumbnail(uint(with), uint(height), img, resize.Lanczos3) + } + var buffer bytes.Buffer + err = jpeg.Encode(&buffer, newImg, &jpeg.Options{Quality: quality}) + if err != nil { + c.String(http.StatusInternalServerError, err.Error()) + return + } + + // 设置图片缓存有效期为一年 (365天) + c.Header("Cache-Control", "max-age=31536000, public") + // 直接输出图像数据流 + c.Data(http.StatusOK, "image/jpeg", buffer.Bytes()) + c.Abort() // 中断请求 + + } + c.Next() + } +} diff --git a/api/handler/admin/admin_handler.go b/api/handler/admin/admin_handler.go index 65922932..caf13f7e 100644 --- a/api/handler/admin/admin_handler.go +++ b/api/handler/admin/admin_handler.go @@ -11,6 +11,7 @@ import ( "context" "fmt" "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/handler" logger2 "geekai/logger" @@ -49,14 +50,21 @@ func NewAdminHandler(app *core.AppServer, db *gorm.DB, client *redis.Client, cap // RegisterRoutes 注册路由 func (h *ManagerHandler) RegisterRoutes() { group := h.App.Engine.Group("/api/admin/") + + // 公开接口,不需要授权 group.POST("login", h.Login) group.GET("logout", h.Logout) group.GET("session", h.Session) - group.GET("list", h.List) - group.POST("save", h.Save) - group.POST("enable", h.Enable) - group.GET("remove", h.Remove) - group.POST("resetPass", h.ResetPass) + + // 需要管理员授权的接口 + group.Use(middleware.AdminAuthMiddleware(h.App.Config.AdminSession.SecretKey, h.App.Redis)) + { + group.GET("list", h.List) + group.POST("save", h.Save) + group.POST("enable", h.Enable) + group.GET("remove", h.Remove) + group.POST("resetPass", h.ResetPass) + } } // Login 登录 diff --git a/api/handler/admin/api_key_handler.go b/api/handler/admin/api_key_handler.go index d43a933d..653c9a5e 100644 --- a/api/handler/admin/api_key_handler.go +++ b/api/handler/admin/api_key_handler.go @@ -10,6 +10,7 @@ package admin import ( "fmt" "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/handler" "geekai/store/model" @@ -32,11 +33,16 @@ func NewApiKeyHandler(app *core.AppServer, db *gorm.DB) *ApiKeyHandler { // RegisterRoutes 注册路由 func (h *ApiKeyHandler) RegisterRoutes() { - group := h.App.Engine.Group("/api/admin/apikey/") - group.POST("save", h.Save) - group.GET("list", h.List) - group.POST("set", h.Set) - group.GET("remove", h.Remove) + group := h.App.Engine.Group("/api/admin/apiKey/") + + // 需要管理员授权的接口 + group.Use(middleware.AdminAuthMiddleware(h.App.Config.AdminSession.SecretKey, h.App.Redis)) + { + group.GET("list", h.List) + group.POST("save", h.Save) + group.POST("set", h.Set) + group.GET("remove", h.Remove) + } } func (h *ApiKeyHandler) Save(c *gin.Context) { diff --git a/api/handler/admin/chat_app_handler.go b/api/handler/admin/chat_app_handler.go index 2d6ea8d4..941692da 100644 --- a/api/handler/admin/chat_app_handler.go +++ b/api/handler/admin/chat_app_handler.go @@ -10,6 +10,7 @@ package admin import ( "fmt" "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/handler" "geekai/store/model" @@ -32,12 +33,17 @@ func NewChatAppHandler(app *core.AppServer, db *gorm.DB) *ChatAppHandler { // RegisterRoutes 注册路由 func (h *ChatAppHandler) RegisterRoutes() { - group := h.App.Engine.Group("/api/admin/role/") - group.GET("list", h.List) - group.POST("save", h.Save) - group.POST("sort", h.Sort) - group.POST("set", h.Set) - group.GET("remove", h.Remove) + group := h.App.Engine.Group("/api/admin/app/") + + // 需要管理员授权的接口 + group.Use(middleware.AdminAuthMiddleware(h.App.Config.AdminSession.SecretKey, h.App.Redis)) + { + group.GET("list", h.List) + group.POST("save", h.Save) + group.POST("sort", h.Sort) + group.POST("set", h.Set) + group.GET("remove", h.Remove) + } } // Save 创建或者更新某个角色 @@ -184,7 +190,6 @@ func (h *ChatAppHandler) Remove(c *gin.Context) { } res := h.DB.Where("id", id).Delete(&model.ChatRole{}) if res.Error != nil { - logger.Error("error with update database:", res.Error) resp.ERROR(c, "删除失败!") return } diff --git a/api/handler/admin/chat_app_type_handler.go b/api/handler/admin/chat_app_type_handler.go index 8efd63c0..156579b4 100644 --- a/api/handler/admin/chat_app_type_handler.go +++ b/api/handler/admin/chat_app_type_handler.go @@ -2,12 +2,14 @@ package admin import ( "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/handler" "geekai/store/model" "geekai/store/vo" "geekai/utils" "geekai/utils/resp" + "github.com/gin-gonic/gin" "gorm.io/gorm" ) @@ -22,12 +24,17 @@ func NewChatAppTypeHandler(app *core.AppServer, db *gorm.DB) *ChatAppTypeHandler // RegisterRoutes 注册路由 func (h *ChatAppTypeHandler) RegisterRoutes() { - group := h.App.Engine.Group("/api/admin/app/type") - group.POST("save", h.Save) - group.GET("list", h.List) - group.GET("remove", h.Remove) - group.POST("enable", h.Enable) - group.POST("sort", h.Sort) + group := h.App.Engine.Group("/api/admin/app/type/") + + // 需要管理员授权的接口 + group.Use(middleware.AdminAuthMiddleware(h.App.Config.AdminSession.SecretKey, h.App.Redis)) + { + group.GET("list", h.List) + group.POST("save", h.Save) + group.GET("remove", h.Remove) + group.POST("enable", h.Enable) + group.POST("sort", h.Sort) + } } // Save 创建或更新App类型 diff --git a/api/handler/admin/chat_handler.go b/api/handler/admin/chat_handler.go index fcd761c2..f9e3cfa0 100644 --- a/api/handler/admin/chat_handler.go +++ b/api/handler/admin/chat_handler.go @@ -9,6 +9,7 @@ package admin import ( "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/handler" "geekai/store/model" @@ -31,11 +32,16 @@ func NewChatHandler(app *core.AppServer, db *gorm.DB) *ChatHandler { // RegisterRoutes 注册路由 func (h *ChatHandler) RegisterRoutes() { group := h.App.Engine.Group("/api/admin/chat/") - group.POST("list", h.List) - group.POST("message", h.Messages) - group.GET("history", h.History) - group.GET("remove", h.RemoveChat) - group.GET("message/remove", h.RemoveMessage) + + // 需要管理员授权的接口 + group.Use(middleware.AdminAuthMiddleware(h.App.Config.AdminSession.SecretKey, h.App.Redis)) + { + group.POST("list", h.List) + group.POST("message", h.Messages) + group.GET("history", h.History) + group.GET("remove", h.RemoveChat) + group.GET("message/remove", h.RemoveMessage) + } } type chatItemVo struct { diff --git a/api/handler/admin/chat_model_handler.go b/api/handler/admin/chat_model_handler.go index b0eba079..5782e64d 100644 --- a/api/handler/admin/chat_model_handler.go +++ b/api/handler/admin/chat_model_handler.go @@ -10,6 +10,7 @@ package admin import ( "fmt" "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/handler" "geekai/store/model" @@ -32,12 +33,17 @@ func NewChatModelHandler(app *core.AppServer, db *gorm.DB) *ChatModelHandler { // RegisterRoutes 注册路由 func (h *ChatModelHandler) RegisterRoutes() { group := h.App.Engine.Group("/api/admin/model/") - group.POST("save", h.Save) - group.GET("list", h.List) - group.POST("set", h.Set) - group.POST("sort", h.Sort) - group.GET("remove", h.Remove) - group.POST("batch-remove", h.BatchRemove) + + // 需要管理员授权的接口 + group.Use(middleware.AdminAuthMiddleware(h.App.Config.AdminSession.SecretKey, h.App.Redis)) + { + group.GET("list", h.List) + group.POST("save", h.Save) + group.POST("set", h.Set) + group.POST("sort", h.Sort) + group.GET("remove", h.Remove) + group.POST("batch-remove", h.BatchRemove) + } } func (h *ChatModelHandler) Save(c *gin.Context) { diff --git a/api/handler/admin/config_handler.go b/api/handler/admin/config_handler.go index 22afe0ae..d10587b7 100644 --- a/api/handler/admin/config_handler.go +++ b/api/handler/admin/config_handler.go @@ -11,6 +11,7 @@ import ( "encoding/json" "errors" "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/handler" "geekai/service" @@ -42,12 +43,17 @@ func NewConfigHandler(app *core.AppServer, db *gorm.DB, levelDB *store.LevelDB, // RegisterRoutes 注册路由 func (h *ConfigHandler) RegisterRoutes() { - group := h.App.Engine.Group("/api/admin/config") - group.POST("update", h.Update) - group.GET("get", h.Get) - group.POST("active", h.Active) - group.POST("test", h.Test) - group.GET("license", h.GetLicense) + group := h.App.Engine.Group("/api/admin/config/") + + // 需要管理员授权的接口 + group.Use(middleware.AdminAuthMiddleware(h.App.Config.AdminSession.SecretKey, h.App.Redis)) + { + group.POST("update", h.Update) + group.GET("get", h.Get) + group.POST("active", h.Active) + group.POST("test", h.Test) + group.GET("license", h.GetLicense) + } } func (h *ConfigHandler) Update(c *gin.Context) { diff --git a/api/handler/admin/function_handler.go b/api/handler/admin/function_handler.go index 8ff452ce..402e4c3e 100644 --- a/api/handler/admin/function_handler.go +++ b/api/handler/admin/function_handler.go @@ -9,6 +9,7 @@ package admin import ( "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/handler" "geekai/store/model" @@ -33,11 +34,16 @@ func NewFunctionHandler(app *core.AppServer, db *gorm.DB) *FunctionHandler { // RegisterRoutes 注册路由 func (h *FunctionHandler) RegisterRoutes() { group := h.App.Engine.Group("/api/admin/function/") - group.POST("save", h.Save) - group.POST("set", h.Set) - group.GET("list", h.List) - group.GET("remove", h.Remove) - group.GET("token", h.GenToken) + + // 需要管理员授权的接口 + group.Use(middleware.AdminAuthMiddleware(h.App.Config.AdminSession.SecretKey, h.App.Redis)) + { + group.GET("list", h.List) + group.POST("save", h.Save) + group.POST("set", h.Set) + group.GET("remove", h.Remove) + group.GET("token", h.GenToken) + } } func (h *FunctionHandler) Save(c *gin.Context) { @@ -129,7 +135,6 @@ func (h *FunctionHandler) GenToken(c *gin.Context) { }) tokenString, err := token.SignedString([]byte(h.App.Config.Session.SecretKey)) if err != nil { - logger.Error("error with generate token", err) resp.ERROR(c) return } diff --git a/api/handler/admin/image_handler.go b/api/handler/admin/image_handler.go index 56467bbd..045cb367 100644 --- a/api/handler/admin/image_handler.go +++ b/api/handler/admin/image_handler.go @@ -10,6 +10,7 @@ package admin import ( "fmt" "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/handler" "geekai/service" @@ -35,11 +36,16 @@ func NewImageHandler(app *core.AppServer, db *gorm.DB, userService *service.User // RegisterRoutes 注册路由 func (h *ImageHandler) RegisterRoutes() { - group := h.App.Engine.Group("/api/admin/image") - group.POST("/list/mj", h.MjList) - group.POST("/list/sd", h.SdList) - group.POST("/list/dall", h.DallList) - group.GET("/remove", h.Remove) + group := h.App.Engine.Group("/api/admin/image/") + + // 需要管理员授权的接口 + group.Use(middleware.AdminAuthMiddleware(h.App.Config.AdminSession.SecretKey, h.App.Redis)) + { + group.POST("list/mj", h.MjList) + group.POST("list/sd", h.SdList) + group.POST("list/dall", h.DallList) + group.GET("remove", h.Remove) + } } type imageQuery struct { diff --git a/api/handler/admin/media_handler.go b/api/handler/admin/media_handler.go index 0efbf711..6510b5a8 100644 --- a/api/handler/admin/media_handler.go +++ b/api/handler/admin/media_handler.go @@ -10,6 +10,7 @@ package admin import ( "fmt" "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/handler" "geekai/service" @@ -35,10 +36,15 @@ func NewMediaHandler(app *core.AppServer, db *gorm.DB, userService *service.User // RegisterRoutes 注册路由 func (h *MediaHandler) RegisterRoutes() { - group := h.App.Engine.Group("/api/admin/media") - group.POST("/suno", h.SunoList) - group.POST("/videos", h.Videos) - group.GET("/remove", h.Remove) + group := h.App.Engine.Group("/api/admin/media/") + + // 需要管理员授权的接口 + group.Use(middleware.AdminAuthMiddleware(h.App.Config.AdminSession.SecretKey, h.App.Redis)) + { + group.POST("suno", h.SunoList) + group.POST("videos", h.Videos) + group.GET("remove", h.Remove) + } } type mediaQuery struct { diff --git a/api/handler/admin/upload_handler.go b/api/handler/admin/upload_handler.go index 4d973f89..5d96335b 100644 --- a/api/handler/admin/upload_handler.go +++ b/api/handler/admin/upload_handler.go @@ -9,6 +9,7 @@ package admin import ( "geekai/core" + "geekai/core/middleware" "geekai/handler" "geekai/service/oss" "geekai/store/model" @@ -30,7 +31,13 @@ func NewUploadHandler(app *core.AppServer, db *gorm.DB, manager *oss.UploaderMan // RegisterRoutes 注册路由 func (h *UploadHandler) RegisterRoutes() { - h.App.Engine.POST("/api/admin/upload", h.Upload) + group := h.App.Engine.Group("/api/admin/upload/") + + // 需要管理员授权的接口 + group.Use(middleware.AdminAuthMiddleware(h.App.Config.AdminSession.SecretKey, h.App.Redis)) + { + group.POST("upload", h.Upload) + } } func (h *UploadHandler) Upload(c *gin.Context) { diff --git a/api/handler/admin/user_handler.go b/api/handler/admin/user_handler.go index 9e052743..fff20036 100644 --- a/api/handler/admin/user_handler.go +++ b/api/handler/admin/user_handler.go @@ -10,6 +10,7 @@ package admin import ( "fmt" "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/handler" "geekai/service" @@ -19,10 +20,9 @@ import ( "geekai/utils/resp" "time" + "github.com/gin-gonic/gin" "github.com/go-redis/redis/v8" "github.com/golang-jwt/jwt/v5" - - "github.com/gin-gonic/gin" "gorm.io/gorm" ) @@ -39,12 +39,17 @@ func NewUserHandler(app *core.AppServer, db *gorm.DB, licenseService *service.Li // RegisterRoutes 注册路由 func (h *UserHandler) RegisterRoutes() { group := h.App.Engine.Group("/api/admin/user/") - group.GET("list", h.List) - group.POST("save", h.Save) - group.GET("remove", h.Remove) - group.GET("loginLog", h.LoginLog) - group.GET("genLoginLink", h.GenLoginLink) - group.POST("resetPass", h.ResetPass) + + // 需要管理员授权的接口 + group.Use(middleware.AdminAuthMiddleware(h.App.Config.AdminSession.SecretKey, h.App.Redis)) + { + group.GET("list", h.List) + group.POST("save", h.Save) + group.GET("remove", h.Remove) + group.GET("loginLog", h.LoginLog) + group.GET("genLoginLink", h.GenLoginLink) + group.POST("resetPass", h.ResetPass) + } } // List 用户列表 diff --git a/api/handler/captcha_handler.go b/api/handler/captcha_handler.go index 0abf0cd4..545a5a71 100644 --- a/api/handler/captcha_handler.go +++ b/api/handler/captcha_handler.go @@ -9,6 +9,7 @@ package handler import ( "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/service" "geekai/utils/resp" @@ -31,10 +32,15 @@ func NewCaptchaHandler(app *core.AppServer, s *service.CaptchaService, sysConfig // RegisterRoutes 注册路由 func (h *CaptchaHandler) RegisterRoutes() { group := h.App.Engine.Group("/api/captcha/") - group.GET("get", h.Get) - group.POST("check", h.Check) - group.GET("slide/get", h.SlideGet) - group.POST("slide/check", h.SlideCheck) + + // 需要用户授权的接口 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.GET("get", h.Get) + group.POST("check", h.Check) + group.GET("slide/get", h.SlideGet) + group.POST("slide/check", h.SlideCheck) + } } func (h *CaptchaHandler) Get(c *gin.Context) { diff --git a/api/handler/chat_app_type_handler.go b/api/handler/chat_app_type_handler.go index 5793251c..dbbdd3c4 100644 --- a/api/handler/chat_app_type_handler.go +++ b/api/handler/chat_app_type_handler.go @@ -2,6 +2,7 @@ package handler import ( "geekai/core" + "geekai/core/middleware" "geekai/store/model" "geekai/store/vo" "geekai/utils" @@ -21,8 +22,13 @@ func NewChatAppTypeHandler(app *core.AppServer, db *gorm.DB) *ChatAppTypeHandler // RegisterRoutes 注册路由 func (h *ChatAppTypeHandler) RegisterRoutes() { - group := h.App.Engine.Group("/api/app/type") - group.GET("list", h.List) + group := h.App.Engine.Group("/api/app/type/") + + // 需要用户授权的接口 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.GET("list", h.List) + } } // List 获取App类型列表 diff --git a/api/handler/chat_handler.go b/api/handler/chat_handler.go index f6942502..77195d15 100644 --- a/api/handler/chat_handler.go +++ b/api/handler/chat_handler.go @@ -14,6 +14,7 @@ import ( "errors" "fmt" "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/service" "geekai/service/oss" @@ -81,16 +82,23 @@ func NewChatHandler(app *core.AppServer, db *gorm.DB, redis *redis.Client, manag // RegisterRoutes 注册路由 func (h *ChatHandler) RegisterRoutes() { group := h.App.Engine.Group("/api/chat/") + + // 聊天接口不需要授权(已在authConfig中配置) group.Any("message", h.Chat) - group.GET("list", h.List) - group.GET("detail", h.Detail) - group.POST("update", h.Update) - group.GET("remove", h.Remove) - group.GET("history", h.History) - group.GET("clear", h.Clear) - group.POST("tokens", h.Tokens) - group.GET("stop", h.StopGenerate) - group.POST("tts", h.TextToSpeech) + + // 其他接口需要用户授权 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.GET("list", h.List) + group.GET("detail", h.Detail) + group.POST("update", h.Update) + group.GET("remove", h.Remove) + group.GET("history", h.History) + group.GET("clear", h.Clear) + group.POST("tokens", h.Tokens) + group.GET("stop", h.StopGenerate) + group.POST("tts", h.TextToSpeech) + } } // Chat 处理聊天请求 diff --git a/api/handler/chat_model_handler.go b/api/handler/chat_model_handler.go index ff9ca79b..465c687e 100644 --- a/api/handler/chat_model_handler.go +++ b/api/handler/chat_model_handler.go @@ -9,6 +9,7 @@ package handler import ( "geekai/core" + "geekai/core/middleware" "geekai/store/model" "geekai/store/vo" "geekai/utils" @@ -29,7 +30,12 @@ func NewChatModelHandler(app *core.AppServer, db *gorm.DB) *ChatModelHandler { // RegisterRoutes 注册路由 func (h *ChatModelHandler) RegisterRoutes() { group := h.App.Engine.Group("/api/model/") - group.GET("list", h.List) + + // 需要用户授权的接口 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.GET("list", h.List) + } } // List 模型列表 diff --git a/api/handler/chat_role_handler.go b/api/handler/chat_role_handler.go index e6b3cdd3..59b1b2b0 100644 --- a/api/handler/chat_role_handler.go +++ b/api/handler/chat_role_handler.go @@ -9,6 +9,7 @@ package handler import ( "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/store/model" "geekai/store/vo" @@ -29,10 +30,15 @@ func NewChatRoleHandler(app *core.AppServer, db *gorm.DB) *ChatRoleHandler { // RegisterRoutes 注册路由 func (h *ChatRoleHandler) RegisterRoutes() { - group := h.App.Engine.Group("/api/app/") - group.GET("list", h.List) - group.GET("list/user", h.ListByUser) - group.POST("update", h.UpdateRole) + group := h.App.Engine.Group("/api/role/") + + // 需要用户授权的接口 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.GET("list", h.List) + group.GET("list/user", h.ListByUser) + group.POST("update", h.UpdateRole) + } } // List 获取用户聊天应用列表 diff --git a/api/handler/config_handler.go b/api/handler/config_handler.go index 3e4ad8b3..1c92a002 100644 --- a/api/handler/config_handler.go +++ b/api/handler/config_handler.go @@ -9,6 +9,7 @@ package handler import ( "geekai/core" + "geekai/core/middleware" "geekai/service" "geekai/store/model" "geekai/utils" @@ -30,8 +31,13 @@ func NewConfigHandler(app *core.AppServer, db *gorm.DB, licenseService *service. // RegisterRoutes 注册路由 func (h *ConfigHandler) RegisterRoutes() { group := h.App.Engine.Group("/api/config/") - group.GET("get", h.Get) - group.GET("license", h.License) + + // 需要用户授权的接口 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.GET("get", h.Get) + group.GET("license", h.License) + } } // Get 获取指定的系统配置 diff --git a/api/handler/dalle_handler.go b/api/handler/dalle_handler.go index 4026db76..5d955c96 100644 --- a/api/handler/dalle_handler.go +++ b/api/handler/dalle_handler.go @@ -10,6 +10,7 @@ package handler import ( "fmt" "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/service" "geekai/service/dalle" @@ -44,13 +45,20 @@ func NewDallJobHandler(app *core.AppServer, db *gorm.DB, service *dalle.Service, // RegisterRoutes 注册路由 func (h *DallJobHandler) RegisterRoutes() { - group := h.App.Engine.Group("/api/dall") - group.POST("image", h.Image) - group.GET("jobs", h.JobList) + group := h.App.Engine.Group("/api/dall/") + + // 公开接口,不需要授权 group.GET("imgWall", h.ImgWall) - group.GET("remove", h.Remove) - group.GET("publish", h.Publish) group.GET("models", h.GetModels) + + // 需要用户授权的接口 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.POST("image", h.Image) + group.GET("jobs", h.JobList) + group.GET("remove", h.Remove) + group.GET("publish", h.Publish) + } } // Image 创建一个绘画任务 diff --git a/api/handler/function_handler.go b/api/handler/function_handler.go index ac2a624f..6e70f1bd 100644 --- a/api/handler/function_handler.go +++ b/api/handler/function_handler.go @@ -11,6 +11,7 @@ import ( "errors" "fmt" "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/service" "geekai/service/crawler" @@ -57,11 +58,16 @@ func NewFunctionHandler( // RegisterRoutes 注册路由 func (h *FunctionHandler) RegisterRoutes() { group := h.App.Engine.Group("/api/function/") - group.POST("weibo", h.WeiBo) - group.POST("zaobao", h.ZaoBao) - group.POST("dalle3", h.Dall3) - group.POST("websearch", h.WebSearch) - group.GET("list", h.List) + + // 需要用户授权的接口 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.POST("weibo", h.WeiBo) + group.POST("zaobao", h.ZaoBao) + group.POST("dalle3", h.Dall3) + group.POST("websearch", h.WebSearch) + group.GET("list", h.List) + } } type resVo struct { diff --git a/api/handler/invite_handler.go b/api/handler/invite_handler.go index 14c51c5c..861856d3 100644 --- a/api/handler/invite_handler.go +++ b/api/handler/invite_handler.go @@ -10,6 +10,7 @@ package handler import ( "fmt" "geekai/core" + "geekai/core/middleware" "geekai/store/model" "geekai/store/vo" "geekai/utils" @@ -33,11 +34,18 @@ func NewInviteHandler(app *core.AppServer, db *gorm.DB) *InviteHandler { // RegisterRoutes 注册路由 func (h *InviteHandler) RegisterRoutes() { group := h.App.Engine.Group("/api/invite/") - group.GET("code", h.Code) - group.GET("list", h.List) + + // 公开接口,不需要授权 group.GET("hits", h.Hits) - group.GET("stats", h.Stats) - group.GET("rules", h.Rules) + + // 需要用户授权的接口 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.GET("code", h.Code) + group.GET("list", h.List) + group.GET("stats", h.Stats) + group.GET("rules", h.Rules) + } } // Code 获取当前用户邀请码 diff --git a/api/handler/jimeng_handler.go b/api/handler/jimeng_handler.go index a7680e87..22787f12 100644 --- a/api/handler/jimeng_handler.go +++ b/api/handler/jimeng_handler.go @@ -2,8 +2,8 @@ package handler import ( "fmt" - "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/service" "geekai/service/jimeng" @@ -34,12 +34,17 @@ func NewJimengHandler(app *core.AppServer, jimengService *jimeng.Service, db *go // RegisterRoutes 注册路由,新增统一任务接口 func (h *JimengHandler) RegisterRoutes() { - rg := h.App.Engine.Group("/api/jimeng") - rg.POST("task", h.CreateTask) // 只保留统一任务接口 - rg.GET("power-config", h.GetPowerConfig) // 新增算力配置接口 - rg.POST("jobs", h.Jobs) - rg.GET("remove", h.Remove) - rg.GET("retry", h.Retry) + group := h.App.Engine.Group("/api/jimeng/") + + // 需要用户授权的接口 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.POST("task", h.CreateTask) + group.GET("power-config", h.GetPowerConfig) + group.POST("jobs", h.Jobs) + group.GET("remove", h.Remove) + group.GET("retry", h.Retry) + } } // JimengTaskRequest 统一任务请求结构体 diff --git a/api/handler/markmap_handler.go b/api/handler/markmap_handler.go index f7f0a61d..0195a9f8 100644 --- a/api/handler/markmap_handler.go +++ b/api/handler/markmap_handler.go @@ -10,6 +10,7 @@ package handler import ( "fmt" "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/service" "geekai/store/model" @@ -37,7 +38,13 @@ func NewMarkMapHandler(app *core.AppServer, db *gorm.DB, userService *service.Us // RegisterRoutes 注册路由 func (h *MarkMapHandler) RegisterRoutes() { - h.App.Engine.POST("/api/markMap/gen", h.Generate) + group := h.App.Engine.Group("/api/markMap/") + + // 需要用户授权的接口 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.POST("gen", h.Generate) + } } // Generate 生成思维导图 diff --git a/api/handler/menu_handler.go b/api/handler/menu_handler.go index 9e1df9ea..eef28784 100644 --- a/api/handler/menu_handler.go +++ b/api/handler/menu_handler.go @@ -9,10 +9,12 @@ package handler import ( "geekai/core" + "geekai/core/middleware" "geekai/store/model" "geekai/store/vo" "geekai/utils" "geekai/utils/resp" + "github.com/gin-gonic/gin" "gorm.io/gorm" ) @@ -28,7 +30,12 @@ func NewMenuHandler(app *core.AppServer, db *gorm.DB) *MenuHandler { // RegisterRoutes 注册路由 func (h *MenuHandler) RegisterRoutes() { group := h.App.Engine.Group("/api/menu/") - group.GET("list", h.List) + + // 需要用户授权的接口 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.GET("list", h.List) + } } // List 数据列表 diff --git a/api/handler/mj_handler.go b/api/handler/mj_handler.go index 91269aeb..c2075a20 100644 --- a/api/handler/mj_handler.go +++ b/api/handler/mj_handler.go @@ -10,6 +10,7 @@ package handler import ( "fmt" "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/service" "geekai/service/mj" @@ -49,13 +50,20 @@ func NewMidJourneyHandler(app *core.AppServer, db *gorm.DB, snowflake *service.S // RegisterRoutes 注册路由 func (h *MidJourneyHandler) RegisterRoutes() { group := h.App.Engine.Group("/api/mj/") - group.POST("image", h.Image) - group.POST("upscale", h.Upscale) - group.POST("variation", h.Variation) - group.GET("jobs", h.JobList) + + // 公开接口,不需要授权 group.GET("imgWall", h.ImgWall) - group.GET("remove", h.Remove) - group.GET("publish", h.Publish) + + // 需要用户授权的接口 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.POST("image", h.Image) + group.POST("upscale", h.Upscale) + group.POST("variation", h.Variation) + group.GET("jobs", h.JobList) + group.GET("remove", h.Remove) + group.GET("publish", h.Publish) + } } func (h *MidJourneyHandler) preCheck(c *gin.Context) bool { diff --git a/api/handler/net_handler.go b/api/handler/net_handler.go index b50a0844..4dd0192d 100644 --- a/api/handler/net_handler.go +++ b/api/handler/net_handler.go @@ -9,6 +9,7 @@ package handler import ( "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/service/oss" "geekai/store/model" @@ -34,9 +35,17 @@ func NewNetHandler(app *core.AppServer, db *gorm.DB, manager *oss.UploaderManage // RegisterRoutes 注册路由 func (h *NetHandler) RegisterRoutes() { - h.App.Engine.POST("/api/upload", h.Upload) - h.App.Engine.POST("/api/upload/list", h.List) - h.App.Engine.GET("/api/upload/remove", h.Remove) + group := h.App.Engine.Group("/api/upload/") + + // 需要用户授权的接口 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.POST("upload", h.Upload) + group.POST("list", h.List) + group.GET("remove", h.Remove) + } + + // 公开接口,不需要授权 h.App.Engine.GET("/api/download", h.Download) } diff --git a/api/handler/order_handler.go b/api/handler/order_handler.go index feb9d925..1dc8d08e 100644 --- a/api/handler/order_handler.go +++ b/api/handler/order_handler.go @@ -9,6 +9,7 @@ package handler import ( "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/store/model" "geekai/store/vo" @@ -31,8 +32,13 @@ func NewOrderHandler(app *core.AppServer, db *gorm.DB) *OrderHandler { // RegisterRoutes 注册路由 func (h *OrderHandler) RegisterRoutes() { group := h.App.Engine.Group("/api/order/") - group.GET("list", h.List) - group.GET("query", h.Query) + + // 需要用户授权的接口 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.GET("list", h.List) + group.GET("query", h.Query) + } } // List 订单列表 diff --git a/api/handler/power_log_handler.go b/api/handler/power_log_handler.go index a74389fd..4954fa30 100644 --- a/api/handler/power_log_handler.go +++ b/api/handler/power_log_handler.go @@ -9,6 +9,7 @@ package handler import ( "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/store/model" "geekai/store/vo" @@ -31,8 +32,13 @@ func NewPowerLogHandler(app *core.AppServer, db *gorm.DB) *PowerLogHandler { // RegisterRoutes 注册路由 func (h *PowerLogHandler) RegisterRoutes() { group := h.App.Engine.Group("/api/powerLog/") - group.POST("list", h.List) - group.GET("stats", h.Stats) + + // 需要用户授权的接口 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.POST("list", h.List) + group.GET("stats", h.Stats) + } } func (h *PowerLogHandler) List(c *gin.Context) { diff --git a/api/handler/product_handler.go b/api/handler/product_handler.go index 296bc13a..bd873b05 100644 --- a/api/handler/product_handler.go +++ b/api/handler/product_handler.go @@ -9,10 +9,12 @@ package handler import ( "geekai/core" + "geekai/core/middleware" "geekai/store/model" "geekai/store/vo" "geekai/utils" "geekai/utils/resp" + "github.com/gin-gonic/gin" "gorm.io/gorm" ) @@ -28,7 +30,12 @@ func NewProductHandler(app *core.AppServer, db *gorm.DB) *ProductHandler { // RegisterRoutes 注册路由 func (h *ProductHandler) RegisterRoutes() { group := h.App.Engine.Group("/api/product/") - group.GET("list", h.List) + + // 需要用户授权的接口 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.GET("list", h.List) + } } // List 模型列表 diff --git a/api/handler/prompt_handler.go b/api/handler/prompt_handler.go index ffb55d4d..8622542c 100644 --- a/api/handler/prompt_handler.go +++ b/api/handler/prompt_handler.go @@ -10,6 +10,7 @@ package handler import ( "fmt" "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/service" "geekai/store/model" @@ -41,11 +42,16 @@ func NewPromptHandler(app *core.AppServer, db *gorm.DB, userService *service.Use // RegisterRoutes 注册路由 func (h *PromptHandler) RegisterRoutes() { - group := h.App.Engine.Group("/api/prompt") - group.POST("/lyric", h.Lyric) - group.POST("/image", h.Image) - group.POST("/video", h.Video) - group.POST("/meta", h.MetaPrompt) + group := h.App.Engine.Group("/api/prompt/") + + // 需要用户授权的接口 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.POST("lyric", h.Lyric) + group.POST("image", h.Image) + group.POST("video", h.Video) + group.POST("meta", h.MetaPrompt) + } } // Lyric 生成歌词 diff --git a/api/handler/realtime_handler.go b/api/handler/realtime_handler.go index 8340dc45..f66e891a 100644 --- a/api/handler/realtime_handler.go +++ b/api/handler/realtime_handler.go @@ -4,6 +4,7 @@ import ( "encoding/json" "fmt" "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/service" "geekai/store/model" @@ -41,8 +42,14 @@ func NewRealtimeHandler(server *core.AppServer, db *gorm.DB, userService *servic // RegisterRoutes 注册路由 func (h *RealtimeHandler) RegisterRoutes() { - h.App.Engine.Any("/api/realtime", h.Connection) - h.App.Engine.POST("/api/realtime/voice", h.VoiceChat) + group := h.App.Engine.Group("/api/realtime/") + + // 需要用户授权的接口 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.Any("", h.Connection) + group.POST("voice", h.VoiceChat) + } } func (h *RealtimeHandler) Connection(c *gin.Context) { diff --git a/api/handler/redeem_handler.go b/api/handler/redeem_handler.go index 6acfac44..87a41c24 100644 --- a/api/handler/redeem_handler.go +++ b/api/handler/redeem_handler.go @@ -10,14 +10,16 @@ package handler import ( "fmt" "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/service" "geekai/store/model" "geekai/utils/resp" - "github.com/gin-gonic/gin" - "gorm.io/gorm" "sync" "time" + + "github.com/gin-gonic/gin" + "gorm.io/gorm" ) type RedeemHandler struct { @@ -33,7 +35,12 @@ func NewRedeemHandler(app *core.AppServer, db *gorm.DB, userService *service.Use // RegisterRoutes 注册路由 func (h *RedeemHandler) RegisterRoutes() { group := h.App.Engine.Group("/api/redeem/") - group.POST("verify", h.Verify) + + // 需要用户授权的接口 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.POST("verify", h.Verify) + } } func (h *RedeemHandler) Verify(c *gin.Context) { diff --git a/api/handler/sd_handler.go b/api/handler/sd_handler.go index e1bb46b8..808aa468 100644 --- a/api/handler/sd_handler.go +++ b/api/handler/sd_handler.go @@ -10,6 +10,7 @@ package handler import ( "fmt" "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/service" "geekai/service/oss" @@ -58,12 +59,19 @@ func NewSdJobHandler(app *core.AppServer, // RegisterRoutes 注册路由 func (h *SdJobHandler) RegisterRoutes() { - group := h.App.Engine.Group("/api/sd") - group.POST("image", h.Image) - group.GET("jobs", h.JobList) + group := h.App.Engine.Group("/api/sd/") + + // 公开接口,不需要授权 group.GET("imgWall", h.ImgWall) - group.GET("remove", h.Remove) - group.GET("publish", h.Publish) + + // 需要用户授权的接口 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.POST("image", h.Image) + group.GET("jobs", h.JobList) + group.GET("remove", h.Remove) + group.GET("publish", h.Publish) + } } func (h *SdJobHandler) preCheck(c *gin.Context) bool { diff --git a/api/handler/sms_handler.go b/api/handler/sms_handler.go index 5acc7216..d1ddaef0 100644 --- a/api/handler/sms_handler.go +++ b/api/handler/sms_handler.go @@ -9,6 +9,7 @@ package handler import ( "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/service" "geekai/service/sms" @@ -47,7 +48,12 @@ func NewSmsHandler( // RegisterRoutes 注册路由 func (h *SmsHandler) RegisterRoutes() { group := h.App.Engine.Group("/api/sms/") - group.POST("code", h.SendCode) + + // 需要用户授权的接口 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.POST("code", h.SendCode) + } } // SendCode 发送验证码 diff --git a/api/handler/suno_handler.go b/api/handler/suno_handler.go index 4579bc62..608023c7 100644 --- a/api/handler/suno_handler.go +++ b/api/handler/suno_handler.go @@ -10,6 +10,7 @@ package handler import ( "fmt" "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/service" "geekai/service/oss" @@ -45,14 +46,21 @@ func NewSunoHandler(app *core.AppServer, db *gorm.DB, service *suno.Service, upl // RegisterRoutes 注册路由 func (h *SunoHandler) RegisterRoutes() { - group := h.App.Engine.Group("/api/suno") - group.POST("create", h.Create) - group.GET("list", h.List) - group.GET("remove", h.Remove) - group.GET("publish", h.Publish) - group.POST("update", h.Update) - group.GET("detail", h.Detail) + group := h.App.Engine.Group("/api/suno/") + + // 公开接口,不需要授权 group.GET("play", h.Play) + + // 需要用户授权的接口 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.POST("create", h.Create) + group.GET("list", h.List) + group.GET("remove", h.Remove) + group.GET("publish", h.Publish) + group.POST("update", h.Update) + group.GET("detail", h.Detail) + } } func (h *SunoHandler) Create(c *gin.Context) { diff --git a/api/handler/test_handler.go b/api/handler/test_handler.go index 3a2508eb..7dae66ac 100644 --- a/api/handler/test_handler.go +++ b/api/handler/test_handler.go @@ -2,6 +2,7 @@ package handler import ( "geekai/core" + "geekai/core/middleware" "geekai/service" "geekai/service/payment" "net/http" @@ -23,8 +24,13 @@ func NewTestHandler(app *core.AppServer, db *gorm.DB, snowflake *service.Snowfla // RegisterRoutes 注册路由 func (h *TestHandler) RegisterRoutes() { - group := h.App.Engine.Group("/api/test") - group.Any("sse", h.PostTest, h.SseTest) + group := h.App.Engine.Group("/api/test/") + + // 需要用户授权的接口 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.Any("sse", h.PostTest, h.SseTest) + } } func (h *TestHandler) SseTest(c *gin.Context) { diff --git a/api/handler/user_handler.go b/api/handler/user_handler.go index ec83eddb..9dcf53ec 100644 --- a/api/handler/user_handler.go +++ b/api/handler/user_handler.go @@ -10,6 +10,7 @@ package handler import ( "fmt" "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/service" "geekai/store" @@ -61,19 +62,26 @@ func NewUserHandler( // RegisterRoutes 注册路由 func (h *UserHandler) RegisterRoutes() { group := h.App.Engine.Group("/api/user/") + + // 公开接口,不需要授权 group.POST("register", h.Register) group.POST("login", h.Login) - group.GET("logout", h.Logout) - group.GET("session", h.Session) - group.GET("profile", h.Profile) - group.POST("profile/update", h.ProfileUpdate) - group.POST("password", h.UpdatePass) - group.POST("bind/mobile", h.BindMobile) - group.POST("bind/email", h.BindEmail) group.POST("resetPass", h.ResetPass) group.GET("clogin", h.CLogin) group.GET("clogin/callback", h.CLoginCallback) - group.GET("signin", h.SignIn) + + // 需要用户授权的接口 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.GET("logout", h.Logout) + group.GET("session", h.Session) + group.GET("profile", h.Profile) + group.POST("profile/update", h.ProfileUpdate) + group.POST("password", h.UpdatePass) + group.POST("bind/mobile", h.BindMobile) + group.POST("bind/email", h.BindEmail) + group.GET("signin", h.SignIn) + } } // Register user register diff --git a/api/handler/video_handler.go b/api/handler/video_handler.go index 8d8df750..1ebba5e6 100644 --- a/api/handler/video_handler.go +++ b/api/handler/video_handler.go @@ -10,6 +10,7 @@ package handler import ( "fmt" "geekai/core" + "geekai/core/middleware" "geekai/core/types" "geekai/service" "geekai/service/oss" @@ -45,12 +46,17 @@ func NewVideoHandler(app *core.AppServer, db *gorm.DB, service *video.Service, u // RegisterRoutes 注册路由 func (h *VideoHandler) RegisterRoutes() { - group := h.App.Engine.Group("/api/video") - group.POST("luma/create", h.LumaCreate) - group.POST("keling/create", h.KeLingCreate) - group.GET("list", h.List) - group.GET("remove", h.Remove) - group.GET("publish", h.Publish) + group := h.App.Engine.Group("/api/video/") + + // 需要用户授权的接口 + group.Use(middleware.UserAuthMiddleware(h.App.Config.Session.SecretKey, h.App.Redis)) + { + group.POST("luma/create", h.LumaCreate) + group.POST("keling/create", h.KeLingCreate) + group.GET("list", h.List) + group.GET("remove", h.Remove) + group.GET("publish", h.Publish) + } } func (h *VideoHandler) LumaCreate(c *gin.Context) {