feat: 修改路由中间件

2024-07-25 18:13:57 +08:00 · 2024-07-25 18:13:57 +08:00 · c0b39ffcbf
parent fafa042ee9
commit c0b39ffcbf
13 changed files with 66 additions and 42 deletions
--- a/agent/init/migration/migrations/init.go
+++ b/agent/init/migration/migrations/init.go
@ -84,6 +84,12 @@ var InitHost = &gormigrate.Migration{
 var InitSetting = &gormigrate.Migration{
 	ID: "20240722-init-setting",
 	Migrate: func(tx *gorm.DB) error {
+		encryptKey := common.RandStr(16)
+		global.CONF.System.EncryptKey = encryptKey
+		if err := tx.Create(&model.Setting{Key: "EncryptKey", Value: encryptKey}).Error; err != nil {
+			return err
+		}
+
 		if err := tx.Create(&model.Setting{Key: "SystemIP", Value: ""}).Error; err != nil {
 			return err
 		}
--- a/core/constant/errs.go
+++ b/core/constant/errs.go
@ -46,4 +46,5 @@ var (
 	ErrTypePasswordExpired = "ErrPasswordExpired"
 	ErrDemoEnvironment     = "ErrDemoEnvironment"
 	ErrEntrance            = "ErrEntrance"
+	ErrProxy               = "ErrProxy"
 )
--- a/core/i18n/lang/en.yaml
+++ b/core/i18n/lang/en.yaml
@ -8,6 +8,7 @@ ErrTransform: "Type conversion failure: {{ .detail }}"
 ErrNotLogin: "User is not Login: {{ .detail }}"
 ErrPasswordExpired: "The current password has expired: {{ .detail }}"
 ErrNotSupportType: "The system does not support the current type: {{ .detail }}"
+ErrProxy: "Request error, please check the node status"

 #common
 ErrNameIsExist: "Name is already exist"
--- a/core/i18n/lang/zh-Hant.yaml
+++ b/core/i18n/lang/zh-Hant.yaml
@ -8,6 +8,7 @@ ErrTransform: "類型轉換失敗: {{ .detail }}"
 ErrNotLogin: "用戶未登入: {{ .detail }}"
 ErrPasswordExpired: "當前密碼已過期: {{ .detail }}"
 ErrNotSupportType: "系統暫不支持當前類型: {{ .detail }}"
+ErrProxy: "請求錯誤，請檢查該節點狀態"

 #common
 ErrNameIsExist: "名稱已存在"
--- a/core/i18n/lang/zh.yaml
+++ b/core/i18n/lang/zh.yaml
@ -8,6 +8,7 @@ ErrTransform: "类型转换失败: {{ .detail }}"
 ErrNotLogin: "用户未登录: {{ .detail }}"
 ErrPasswordExpired: "当前密码已过期: {{ .detail }}"
 ErrNotSupportType: "系统暂不支持当前类型: {{ .detail }}"
+ErrProxy: "请求错误，请检查该节点状态"

 #common
 ErrDemoEnvironment: "演示服务器，禁止此操作!"
--- a/core/init/router/router.go
+++ b/core/init/router/router.go
@ -39,13 +39,7 @@ func setWebStatic(rootRouter *gin.RouterGroup) {

 func Routers() *gin.Engine {
 	Router = gin.Default()
-	Router.Use(middleware.OperationLog())
-	if global.CONF.System.IsDemo {
-		Router.Use(middleware.DemoHandle())
-	}
-
 	Router.Use(i18n.UseI18n())
-	Router.Use(middleware.Proxy())

 	swaggerRouter := Router.Group("1panel")
 	docs.SwaggerInfo.BasePath = "/api/v1"
@ -58,6 +52,15 @@ func Routers() *gin.Engine {
 		PublicGroup.Use(gzip.Gzip(gzip.DefaultCompression))
 		setWebStatic(PublicGroup)
 	}
+
+	Router.Use(middleware.OperationLog())
+	if global.CONF.System.IsDemo {
+		Router.Use(middleware.DemoHandle())
+	}
+	Router.Use(middleware.JwtAuth())
+	Router.Use(middleware.SessionAuth())
+	Router.Use(middleware.PasswordExpired())
+	Router.Use(middleware.Proxy())
 	PrivateGroup := Router.Group("/api/v2/core")
 	PrivateGroup.Use(middleware.WhiteAllow())
 	PrivateGroup.Use(middleware.BindDomain())
--- a/core/middleware/jwt.go
+++ b/core/middleware/jwt.go
@ -1,6 +1,8 @@
 package middleware

 import (
+	"strings"
+
 	"github.com/1Panel-dev/1Panel/core/app/api/v1/helper"
 	"github.com/1Panel-dev/1Panel/core/constant"
 	jwtUtils "github.com/1Panel-dev/1Panel/core/utils/jwt"
@ -10,6 +12,10 @@ import (

 func JwtAuth() gin.HandlerFunc {
 	return func(c *gin.Context) {
+		if strings.HasPrefix(c.Request.URL.Path, "/api/v2/core/auth") {
+			c.Next()
+			return
+		}
 		token := c.Request.Header.Get(constant.JWTHeaderName)
 		if token == "" {
 			c.Next()
--- a/core/middleware/password_expired.go
+++ b/core/middleware/password_expired.go
@ -2,6 +2,7 @@ package middleware

 import (
 	"strconv"
+	"strings"
 	"time"

 	"github.com/1Panel-dev/1Panel/core/app/api/v1/helper"
@ -13,6 +14,12 @@ import (

 func PasswordExpired() gin.HandlerFunc {
 	return func(c *gin.Context) {
+		if strings.HasPrefix(c.Request.URL.Path, "/api/v2/core/auth") ||
+			c.Request.URL.Path == "/api/v2/core/settings/expired/handle" ||
+			c.Request.URL.Path == "/api/v2/core/settings/search" {
+			c.Next()
+			return
+		}
 		settingRepo := repo.NewISettingRepo()
 		setting, err := settingRepo.Get(settingRepo.WithByKey("ExpirationDays"))
 		if err != nil {
--- a/core/middleware/proxy.go
+++ b/core/middleware/proxy.go
@ -8,6 +8,8 @@ import (
 	"os"
 	"strings"

+	"github.com/1Panel-dev/1Panel/core/app/api/v1/helper"
+	"github.com/1Panel-dev/1Panel/core/constant"
 	"github.com/gin-gonic/gin"
 )

@ -16,28 +18,28 @@ func Proxy() gin.HandlerFunc {
 		if strings.HasPrefix(c.Request.URL.Path, "/api/v2/core") {
 			c.Next()
 			return
-		} else {
-			sockPath := "/tmp/agent.sock"
-			if _, err := os.Stat(sockPath); err != nil {
-				panic(err)
-			}
-			dialUnix := func() (conn net.Conn, err error) {
-				return net.Dial("unix", sockPath)
-			}
-			transport := &http.Transport{
-				DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
-					return dialUnix()
-				},
-			}
-			proxy := &httputil.ReverseProxy{
-				Director: func(req *http.Request) {
-					req.URL.Scheme = "http"
-					req.URL.Host = "unix"
-				},
-				Transport: transport,
-			}
-			proxy.ServeHTTP(c.Writer, c.Request)
-			c.Abort()
 		}
+		sockPath := "/tmp/agent.sock"
+		if _, err := os.Stat(sockPath); err != nil {
+			helper.ErrorWithDetail(c, constant.CodeErrBadRequest, constant.ErrProxy, err)
+			return
+		}
+		dialUnix := func() (conn net.Conn, err error) {
+			return net.Dial("unix", sockPath)
+		}
+		transport := &http.Transport{
+			DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
+				return dialUnix()
+			},
+		}
+		proxy := &httputil.ReverseProxy{
+			Director: func(req *http.Request) {
+				req.URL.Scheme = "http"
+				req.URL.Host = "unix"
+			},
+			Transport: transport,
+		}
+		proxy.ServeHTTP(c.Writer, c.Request)
+		c.Abort()
 	}
 }
--- a/core/middleware/session.go
+++ b/core/middleware/session.go
@ -2,6 +2,7 @@ package middleware

 import (
 	"strconv"
+	"strings"

 	"github.com/1Panel-dev/1Panel/core/app/api/v1/helper"
 	"github.com/1Panel-dev/1Panel/core/app/repo"
@ -12,6 +13,10 @@ import (

 func SessionAuth() gin.HandlerFunc {
 	return func(c *gin.Context) {
+		if strings.HasPrefix(c.Request.URL.Path, "/api/v2/core/auth") {
+			c.Next()
+			return
+		}
 		if method, exist := c.Get("authMethod"); exist && method == constant.AuthMethodJWT {
 			c.Next()
 			return
--- a/core/router/ro_log.go
+++ b/core/router/ro_log.go
@ -2,7 +2,6 @@ package router

 import (
 	v1 "github.com/1Panel-dev/1Panel/core/app/api/v1"
-	"github.com/1Panel-dev/1Panel/core/middleware"

 	"github.com/gin-gonic/gin"
 )
@ -11,7 +10,6 @@ type LogRouter struct{}

 func (s *LogRouter) InitRouter(Router *gin.RouterGroup) {
 	operationRouter := Router.Group("logs")
-	operationRouter.Use(middleware.JwtAuth()).Use(middleware.SessionAuth()).Use(middleware.PasswordExpired())
 	baseApi := v1.ApiGroupApp.BaseApi
 	{
 		operationRouter.POST("/login", baseApi.GetLoginLogs)
--- a/core/router/ro_setting.go
+++ b/core/router/ro_setting.go
@ -2,24 +2,17 @@ package router

 import (
 	v1 "github.com/1Panel-dev/1Panel/core/app/api/v1"
-	"github.com/1Panel-dev/1Panel/core/middleware"
 	"github.com/gin-gonic/gin"
 )

 type SettingRouter struct{}

 func (s *SettingRouter) InitRouter(Router *gin.RouterGroup) {
-	router := Router.Group("settings").
-		Use(middleware.JwtAuth()).
-		Use(middleware.SessionAuth())
-	settingRouter := Router.Group("settings").
-		Use(middleware.JwtAuth()).
-		Use(middleware.SessionAuth()).
-		Use(middleware.PasswordExpired())
+	settingRouter := Router.Group("settings")
 	baseApi := v1.ApiGroupApp.BaseApi
 	{
-		router.POST("/search", baseApi.GetSettingInfo)
-		router.POST("/expired/handle", baseApi.HandlePasswordExpired)
+		settingRouter.POST("/search", baseApi.GetSettingInfo)
+		settingRouter.POST("/expired/handle", baseApi.HandlePasswordExpired)
 		settingRouter.GET("/search/available", baseApi.GetSystemAvailable)
 		settingRouter.POST("/update", baseApi.UpdateSetting)
 		settingRouter.GET("/interface", baseApi.LoadInterfaceAddr)
--- a/frontend/src/api/modules/log.ts
+++ b/frontend/src/api/modules/log.ts
@ -3,11 +3,11 @@ import { ResPage } from '../interface';
 import { Log } from '../interface/log';

 export const getOperationLogs = (info: Log.SearchOpLog) => {
-    return http.post<ResPage<Log.OperationLog>>(`/logs/operation`, info);
+    return http.post<ResPage<Log.OperationLog>>(`/core/logs/operation`, info);
 };

 export const getLoginLogs = (info: Log.SearchLgLog) => {
-    return http.post<ResPage<Log.OperationLog>>(`/logs/login`, info);
+    return http.post<ResPage<Log.OperationLog>>(`/core/logs/login`, info);
 };

 export const getSystemFiles = () => {