From ce815a98d0255042925bbbf8852a668dd5eeb4e2 Mon Sep 17 00:00:00 2001 From: CalciumIon <1808837298@qq.com> Date: Fri, 19 Jul 2024 13:39:05 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8Dnginx=E7=BC=93?= =?UTF-8?q?=E5=AD=98=E5=AF=BC=E8=87=B4=E4=B8=B2=E7=94=A8=E6=88=B7=E9=97=AE?= =?UTF-8?q?=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- middleware/auth.go | 33 +++++++++++++++++++++++++++++++++ web/src/helpers/api.js | 5 ++++- web/src/helpers/utils.js | 7 +++++++ 3 files changed, 44 insertions(+), 1 deletion(-) diff --git a/middleware/auth.go b/middleware/auth.go index d9df9c8..edd15de 100644 --- a/middleware/auth.go +++ b/middleware/auth.go @@ -6,6 +6,7 @@ import ( "net/http" "one-api/common" "one-api/model" + "strconv" "strings" ) @@ -15,6 +16,7 @@ func authHelper(c *gin.Context, minRole int) { role := session.Get("role") id := session.Get("id") status := session.Get("status") + useAccessToken := false if username == nil { // Check access token accessToken := c.Request.Header.Get("Authorization") @@ -33,6 +35,7 @@ func authHelper(c *gin.Context, minRole int) { role = user.Role id = user.Id status = user.Status + useAccessToken = true } else { c.JSON(http.StatusOK, gin.H{ "success": false, @@ -42,6 +45,36 @@ func authHelper(c *gin.Context, minRole int) { return } } + if !useAccessToken { + // get header New-Api-User + apiUserIdStr := c.Request.Header.Get("New-Api-User") + if apiUserIdStr == "" { + c.JSON(http.StatusUnauthorized, gin.H{ + "success": false, + "message": "无权进行此操作,请刷新页面或清空缓存后重试", + }) + c.Abort() + return + } + apiUserId, err := strconv.Atoi(apiUserIdStr) + if err != nil { + c.JSON(http.StatusUnauthorized, gin.H{ + "success": false, + "message": "无权进行此操作,登录信息无效,请重新登录", + }) + c.Abort() + return + + } + if id != apiUserId { + c.JSON(http.StatusUnauthorized, gin.H{ + "success": false, + "message": "无权进行此操作,与登录用户不匹配,请重新登录", + }) + c.Abort() + return + } + } if status.(int) == common.UserStatusDisabled { c.JSON(http.StatusOK, gin.H{ "success": false, diff --git a/web/src/helpers/api.js b/web/src/helpers/api.js index 31a8c14..51b99d1 100644 --- a/web/src/helpers/api.js +++ b/web/src/helpers/api.js @@ -1,10 +1,13 @@ -import { showError } from './utils'; +import { getUserIdFromLocalStorage, showError } from './utils'; import axios from 'axios'; export const API = axios.create({ baseURL: import.meta.env.VITE_REACT_APP_SERVER_URL ? import.meta.env.VITE_REACT_APP_SERVER_URL : '', + headers: { + 'New-API-User': getUserIdFromLocalStorage() + } }); API.interceptors.response.use( diff --git a/web/src/helpers/utils.js b/web/src/helpers/utils.js index f03f1f9..321b00a 100644 --- a/web/src/helpers/utils.js +++ b/web/src/helpers/utils.js @@ -33,6 +33,13 @@ export function getLogo() { return logo; } +export function getUserIdFromLocalStorage() { + let user = localStorage.getItem('user'); + if (!user) return -1; + user = JSON.parse(user); + return user.id; +} + export function getFooterHTML() { return localStorage.getItem('footer_html'); }