-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.go
129 lines (119 loc) · 3.38 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
/*
Nging is a toolbox for webmasters
Copyright (C) 2018-present Wenhui Shen <swh@admpub.com>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
package middleware
import (
"strings"
"time"
"github.com/admpub/nging/application/handler"
"github.com/admpub/nging/application/library/config"
"github.com/admpub/nging/application/library/license"
"github.com/admpub/nging/application/model"
"github.com/admpub/nging/application/registry/perm"
"github.com/webx-top/echo"
)
func AuthCheck(h echo.Handler) echo.HandlerFunc {
return func(c echo.Context) error {
//检查是否已安装
if !config.IsInstalled() {
return c.Redirect(handler.URLFor(`/setup`))
}
//验证授权文件
if !license.Ok(c.Host()) {
return c.Redirect(handler.URLFor(`/license`))
}
if user := handler.User(c); user != nil {
if jump, ok := c.Session().Get(`auth2ndURL`).(string); ok && len(jump) > 0 {
return c.Redirect(jump)
}
var (
rpath = c.Path()
ppath string
)
//println(`--------------------->>>`, rpath)
if len(handler.BackendPrefix) > 0 {
rpath = strings.TrimPrefix(rpath, handler.BackendPrefix)
}
if user.Id == 1 || strings.HasPrefix(rpath, `/user/`) {
c.SetFunc(`CheckPerm`, func(route string) error {
return nil
})
return h.Handle(c)
}
roleList := handler.RoleList(c)
roleM := model.NewUserRole(c)
if checker, ok := perm.SpecialAuths[rpath]; ok {
var err error
var ret bool
err, ppath, ret = checker(h, c, rpath, user, roleM, roleList)
if ret {
return err
}
if err != nil {
return err
}
} else {
ppath = rpath
if len(ppath) >= 13 {
switch ppath[0:13] {
case `/term/client/`:
ppath = `/term/client`
default:
if strings.HasPrefix(rpath, `/frp/dashboard/`) {
ppath = `/frp/dashboard`
}
}
}
}
if !roleM.CheckPerm2(roleList, ppath) {
return echo.ErrForbidden
}
c.SetFunc(`CheckPerm`, func(route string) error {
if user.Id == 1 {
return nil
}
if !roleM.CheckPerm2(roleList, route) {
return echo.ErrForbidden
}
return nil
})
return h.Handle(c)
}
return c.Redirect(handler.URLFor(`/login`))
}
}
func Auth(c echo.Context, saveSession bool) error {
user := c.Form(`user`)
pass := c.Form(`pass`)
m := model.NewUser(c)
exists, err := m.CheckPasswd(user, pass)
if !exists {
return c.E(`用户不存在`)
}
if err == nil {
if saveSession {
m.SetSession()
}
if m.NeedCheckU2F(m.User.Id) {
c.Session().Set(`auth2ndURL`, handler.URLFor(`/gauth_check`))
}
m.User.LastLogin = uint(time.Now().Unix())
m.User.LastIp = c.RealIP()
m.User.Param().SetSend(map[string]interface{}{
`last_login`: m.User.LastLogin,
`last_ip`: m.User.LastIp,
}).SetArgs(`id`, m.User.Id).Update()
}
return err
}