alist/server/middlewares/auth.go

package middlewares

import (
	"github.com/alist-org/alist/v3/internal/db"
	"github.com/alist-org/alist/v3/internal/model"
	common2 "github.com/alist-org/alist/v3/server/common"
	"github.com/gin-gonic/gin"
)

// Auth is a middleware that checks if the user is logged in.
// if token is empty, set user to guest
func Auth(c *gin.Context) {
	token := c.GetHeader("Authorization")
	if token == "" {
		guest, err := db.GetGuest()
		if err != nil {
			common2.ErrorResp(c, err, 500, true)
			c.Abort()
			return
		}
		c.Set("user", guest)
		c.Next()
		return
	}
	userClaims, err := common2.ParseToken(token)
	if err != nil {
		common2.ErrorResp(c, err, 401)
		c.Abort()
		return
	}
	user, err := db.GetUserByName(userClaims.Username)
	if err != nil {
		common2.ErrorResp(c, err, 401)
		c.Abort()
		return
	}
	c.Set("user", user)
	c.Next()
}

func AuthAdmin(c *gin.Context) {
	user := c.MustGet("user").(*model.User)
	if !user.IsAdmin() {
		common2.ErrorStrResp(c, "You are not an admin", 403)
		c.Abort()
	} else {
		c.Next()
	}
}
feat: user jwt login 2022-06-25 13:34:44 +00:00			`package middlewares`

			`import (`
chore: rename store to db 2022-06-25 13:36:35 +00:00			`"github.com/alist-org/alist/v3/internal/db"`
feat: meta manage api 2022-06-26 11:09:28 +00:00			`"github.com/alist-org/alist/v3/internal/model"`
chore: move server package to root 2022-06-26 11:10:14 +00:00			`common2 "github.com/alist-org/alist/v3/server/common"`
feat: user jwt login 2022-06-25 13:34:44 +00:00			`"github.com/gin-gonic/gin"`
			`)`

chore: set guest while token is empty 2022-06-26 08:39:02 +00:00			`// Auth is a middleware that checks if the user is logged in.`
			`// if token is empty, set user to guest`
			`func Auth(c *gin.Context) {`
feat: user jwt login 2022-06-25 13:34:44 +00:00			`token := c.GetHeader("Authorization")`
chore: set guest while token is empty 2022-06-26 08:39:02 +00:00			`if token == "" {`
chore: ignore password for get current user 2022-06-26 08:55:37 +00:00			`guest, err := db.GetGuest()`
			`if err != nil {`
chore: move server package to root 2022-06-26 11:10:14 +00:00			`common2.ErrorResp(c, err, 500, true)`
chore: ignore password for get current user 2022-06-26 08:55:37 +00:00			`c.Abort()`
			`return`
			`}`
chore: set guest while token is empty 2022-06-26 08:39:02 +00:00			`c.Set("user", guest)`
			`c.Next()`
			`return`
			`}`
chore: move server package to root 2022-06-26 11:10:14 +00:00			`userClaims, err := common2.ParseToken(token)`
feat: user jwt login 2022-06-25 13:34:44 +00:00			`if err != nil {`
chore: move server package to root 2022-06-26 11:10:14 +00:00			`common2.ErrorResp(c, err, 401)`
feat: user jwt login 2022-06-25 13:34:44 +00:00			`c.Abort()`
			`return`
			`}`
chore: rename store to db 2022-06-25 13:36:35 +00:00			`user, err := db.GetUserByName(userClaims.Username)`
feat: user jwt login 2022-06-25 13:34:44 +00:00			`if err != nil {`
chore: move server package to root 2022-06-26 11:10:14 +00:00			`common2.ErrorResp(c, err, 401)`
feat: user jwt login 2022-06-25 13:34:44 +00:00			`c.Abort()`
			`return`
			`}`
			`c.Set("user", user)`
			`c.Next()`
			`}`
feat: meta manage api 2022-06-26 11:09:28 +00:00
			`func AuthAdmin(c *gin.Context) {`
			`user := c.MustGet("user").(*model.User)`
			`if !user.IsAdmin() {`
chore: move server package to root 2022-06-26 11:10:14 +00:00			`common2.ErrorStrResp(c, "You are not an admin", 403)`
feat: meta manage api 2022-06-26 11:09:28 +00:00			`c.Abort()`
			`} else {`
			`c.Next()`
			`}`
			`}`