From 366904cc310b925799cb555cd68d919e704b93b3 Mon Sep 17 00:00:00 2001 From: zhangchenhao Date: Fri, 9 May 2025 10:33:08 +0800 Subject: [PATCH] =?UTF-8?q?fix=E5=BC=80=E5=85=B3ssl=E5=A4=B1=E8=B4=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/middleware/auth.go | 46 ++++++++++++++++++++++++++++++++++++++ backend/route/route.go | 8 ++++--- 2 files changed, 51 insertions(+), 3 deletions(-) diff --git a/backend/middleware/auth.go b/backend/middleware/auth.go index 2f34266..c7a49d9 100644 --- a/backend/middleware/auth.go +++ b/backend/middleware/auth.go @@ -2,10 +2,13 @@ package middleware import ( "ALLinSSL/backend/public" + "crypto/md5" "encoding/gob" + "encoding/hex" "github.com/gin-contrib/sessions" "github.com/gin-gonic/gin" "net/http" + "strconv" "strings" "time" ) @@ -20,6 +23,10 @@ var Html404 = []byte(` func SessionAuthMiddleware() gin.HandlerFunc { return func(c *gin.Context) { + if checkApiKey(c) { + return + } + routePath := c.Request.URL.Path method := c.Request.Method paths := strings.Split(strings.TrimPrefix(routePath, "/"), "/") @@ -115,3 +122,42 @@ func SessionAuthMiddleware() gin.HandlerFunc { } } } + +func checkApiKey(c *gin.Context) bool { + var form struct { + ApiToken string `form:"api_token"` + Timestamp string `form:"timestamp"` + } + err := c.Bind(&form) + if err != nil { + c.JSON(http.StatusBadRequest, gin.H{"error": "invalid request"}) + return false + } + apiKey := public.GetSettingIgnoreError("api_key") + // timestamp := time.Now().Unix() + ApiToken := generateSignature(form.Timestamp, apiKey) + if form.ApiToken != ApiToken { + c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid token"}) + return false + } + // 这里可以添加其他的验证逻辑,比如检查时间戳是否过期等 + timestamp, err := strconv.ParseInt(form.Timestamp, 10, 64) + if err != nil { + c.JSON(http.StatusBadRequest, gin.H{"error": "invalid timestamp"}) + return false + } + if time.Now().Unix()-timestamp > 60*5 { + c.JSON(http.StatusUnauthorized, gin.H{"error": "timestamp expired"}) + return false + } + return true +} + +func generateSignature(timestamp, apiKey string) string { + keyMd5 := md5.Sum([]byte(apiKey)) + keyMd5Hex := strings.ToLower(hex.EncodeToString(keyMd5[:])) + + signMd5 := md5.Sum([]byte(timestamp + keyMd5Hex)) + signMd5Hex := strings.ToLower(hex.EncodeToString(signMd5[:])) + return signMd5Hex +} diff --git a/backend/route/route.go b/backend/route/route.go index d5f29a3..af52b83 100644 --- a/backend/route/route.go +++ b/backend/route/route.go @@ -8,7 +8,7 @@ import ( func Register(r *gin.Engine) { v1 := r.Group("/v1") - + login := v1.Group("/login") { login.POST("/sign", api.Sign) @@ -70,11 +70,13 @@ func Register(r *gin.Engine) { { overview.POST("/get_overviews", api.GetOverview) } - + // 1. 提供静态文件服务 r.StaticFS("/static", http.Dir("./frontend/static")) // 静态资源路径 r.StaticFS("/auto-deploy/static", http.Dir("./frontend/static")) // 静态资源路径 - + // icon + r.StaticFS("/favicon.ico", http.Dir("./frontend/favicon.ico")) // favicon.ico + // 3. 前端路由托管:匹配所有其他路由并返回 index.html r.NoRoute(func(c *gin.Context) { c.File("./frontend/index.html")