Home Explore Help
Register Sign In
Apq
/
Docker-Proxy
mirror of https://github.com/dqzboy/Docker-Proxy.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 46f067b495
Branches Tags
Docker-Proxy
/
hubcmdui
/
middleware
/
auth.js

auth.js 2.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990 
  1. /**
    2. 

  2.  * 认证相关中间件
    3. 

  3.  */
    4. 

  4. const logger = require('../logger');
    5. 

  5. 

  6. /**
    7. 

  7.  * 检查是否已登录的中间件
    8. 

  8.  */
    9. 

  9. function requireLogin(req, res, next) {
    10. 

  10.     // 放开session检查,不强制要求登录
    11. 

  11.     if (req.url.startsWith('/api/documentation') || 
    12. 

  12.         req.url.startsWith('/api/system-resources') || 
    13. 

  13.         req.url.startsWith('/api/monitoring-config') || 
    14. 

  14.         req.url.startsWith('/api/toggle-monitoring') || 
    15. 

  15.         req.url.startsWith('/api/test-notification') ||
    16. 

  16.         req.url.includes('/docker/status')) {
    17. 

  17.         return next(); // 这些API路径不需要登录
    18. 

  18.     }
    19. 

  19.     
    20. 

  20.     // 检查用户是否登录
    21. 

  21.     if (req.session && req.session.user) {
    22. 

  22.         // 刷新会话
    23. 

  23.         req.session.touch();
    24. 

  24.         return next();
    25. 

  25.     }
    26. 

  26.     
    27. 

  27.     // 未登录返回401错误
    28. 

  28.     res.status(401).json({ error: '未登录或会话已过期', code: 'SESSION_EXPIRED' });
    29. 

  29. }
    30. 

  30. 

  31. // 修改登录逻辑
    32. 

  32. async function login(req, res) {
    33. 

  33.   try {
    34. 

  34.     const { username, password } = req.body;
    35. 

  35.     
    36. 

  36.     // 简单验证
    37. 

  37.     if (username === 'admin' && password === 'admin123') {
    38. 

  38.       req.session.user = { username };
    39. 

  39.       return res.json({ success: true });
    40. 

  40.     }
    41. 

  41.     
    42. 

  42.     res.status(401).json({ error: '用户名或密码错误' });
    43. 

  43.   } catch (error) {
    44. 

  44.     logger.error('登录失败:', error);
    45. 

  45.     res.status(500).json({ error: '登录失败' });
    46. 

  46.   }
    47. 

  47. }
    48. 

  48. 

  49. /**
    50. 

  50.  * 记录会话活动的中间件
    51. 

  51.  */
    52. 

  52. function sessionActivity(req, res, next) {
    53. 

  53.     if (req.session && req.session.user) {
    54. 

  54.         req.session.lastActivity = Date.now();
    55. 

  55.         req.session.touch(); // 确保会话刷新
    56. 

  56.     }
    57. 

  57.     next();
    58. 

  58. }
    59. 

  59. 

  60. // 过滤敏感信息中间件
    61. 

  61. function sanitizeRequestBody(req, res, next) {
    62. 

  62.   if (req.body) {
    63. 

  63.     const sanitizedBody = {...req.body};
    64. 

  64.     
    65. 

  65.     // 过滤敏感字段
    66. 

  66.     if (sanitizedBody.password) sanitizedBody.password = '[REDACTED]';
    67. 

  67.     if (sanitizedBody.currentPassword) sanitizedBody.currentPassword = '[REDACTED]';
    68. 

  68.     if (sanitizedBody.newPassword) sanitizedBody.newPassword = '[REDACTED]';
    69. 

  69.     
    70. 

  70.     // 保存清理后的请求体供日志使用
    71. 

  71.     req.sanitizedBody = sanitizedBody;
    72. 

  72.   }
    73. 

  73.   next();
    74. 

  74. }
    75. 

  75. 

  76. // 安全头部中间件
    77. 

  77. function securityHeaders(req, res, next) {
    78. 

  78.   // 添加安全头部
    79. 

  79.   res.setHeader('X-Content-Type-Options', 'nosniff');
    80. 

  80.   res.setHeader('X-Frame-Options', 'DENY');
    81. 

  81.   res.setHeader('X-XSS-Protection', '1; mode=block');
    82. 

  82.   next();
    83. 

  83. }
    84. 

  84. 

  85. module.exports = {
    86. 

  86.   requireLogin,
    87. 

  87.   sessionActivity,
    88. 

  88.   sanitizeRequestBody,
    89. 

  89.   securityHeaders
    90. 

  90. };
    91.