filter.go 2.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263
  1. package routers
  2. import (
  3. "encoding/json"
  4. "net/url"
  5. "regexp"
  6. "github.com/beego/beego/v2/server/web"
  7. "github.com/beego/beego/v2/server/web/context"
  8. "github.com/mindoc-org/mindoc/conf"
  9. "github.com/mindoc-org/mindoc/mcp"
  10. "github.com/mindoc-org/mindoc/models"
  11. )
  12. func init() {
  13. var FilterUser = func(ctx *context.Context) {
  14. _, ok := ctx.Input.Session(conf.LoginSessionName).(models.Member)
  15. if !ok {
  16. if ctx.Input.IsAjax() {
  17. jsonData := make(map[string]interface{}, 3)
  18. jsonData["errcode"] = 403
  19. jsonData["message"] = "请登录后再操作"
  20. returnJSON, _ := json.Marshal(jsonData)
  21. ctx.ResponseWriter.Write(returnJSON)
  22. } else {
  23. ctx.Redirect(302, conf.URLFor("AccountController.Login")+"?url="+url.PathEscape(conf.BaseUrl+ctx.Request.URL.RequestURI()))
  24. }
  25. }
  26. }
  27. web.InsertFilter("/manager", web.BeforeRouter, FilterUser)
  28. web.InsertFilter("/manager/*", web.BeforeRouter, FilterUser)
  29. web.InsertFilter("/setting", web.BeforeRouter, FilterUser)
  30. web.InsertFilter("/setting/*", web.BeforeRouter, FilterUser)
  31. web.InsertFilter("/book", web.BeforeRouter, FilterUser)
  32. web.InsertFilter("/book/*", web.BeforeRouter, FilterUser)
  33. web.InsertFilter("/api/*", web.BeforeRouter, FilterUser)
  34. web.InsertFilter("/manage/*", web.BeforeRouter, FilterUser)
  35. web.InsertFilter("/mcp/*", web.BeforeRouter, mcp.AuthMiddleware)
  36. var FinishRouter = func(ctx *context.Context) {
  37. ctx.ResponseWriter.Header().Add("MinDoc-Version", conf.VERSION)
  38. ctx.ResponseWriter.Header().Add("MinDoc-Site", "https://www.iminho.me")
  39. ctx.ResponseWriter.Header().Add("X-XSS-Protection", "1; mode=block")
  40. }
  41. var StartRouter = func(ctx *context.Context) {
  42. sessname, _ := web.AppConfig.String("sessionname")
  43. sessionId := ctx.Input.Cookie(sessname)
  44. if sessionId != "" {
  45. //sessionId必须是数字字母组成,且最小32个字符,最大1024字符
  46. if ok, err := regexp.MatchString(`^[a-zA-Z0-9]{32,512}$`, sessionId); !ok || err != nil {
  47. panic("401")
  48. }
  49. }
  50. }
  51. web.InsertFilter("/*", web.BeforeStatic, StartRouter, web.WithReturnOnOutput(false))
  52. web.InsertFilter("/*", web.BeforeRouter, FinishRouter, web.WithReturnOnOutput(false))
  53. }