Andreas/siyuan
1
0
Fork 0
mirror of https://github.com/siyuan-note/siyuan.git synced 2025-12-17 23:20:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

🧑‍💻 Authenticated kernel API requests work without setting the authentication code https://github.com/siyuan-note/siyuan/issues/14571

Browse source
This commit is contained in:
Daniel 2025-04-12 16:22:01 +08:00
parent 8682b30fa0
commit eaa0b59e52
No known key found for this signature in database
GPG key ID: 86211BA83DF03017
1 changed files with 39 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

78
kernel/model/session.go
View file

@ -182,6 +182,45 @@ func CheckAuth(c *gin.Context) {
return return
} }
// 通过 API token (header: Authorization)
if authHeader := c.GetHeader("Authorization"); "" != authHeader {
var token string
if strings.HasPrefix(authHeader, "Token ") {
token = strings.TrimPrefix(authHeader, "Token ")
} else if strings.HasPrefix(authHeader, "token ") {
token = strings.TrimPrefix(authHeader, "token ")
} else if strings.HasPrefix(authHeader, "Bearer ") {
token = strings.TrimPrefix(authHeader, "Bearer ")
} else if strings.HasPrefix(authHeader, "bearer ") {
token = strings.TrimPrefix(authHeader, "bearer ")
}
if "" != token {
if Conf.Api.Token == token {
c.Set(RoleContextKey, RoleAdministrator)
c.Next()
return
}
c.JSON(http.StatusUnauthorized, map[string]interface{}{"code": -1, "msg": "Auth failed [header: Authorization]"})
c.Abort()
return
}
}
// 通过 API token (query-params: token)
if token := c.Query("token"); "" != token {
if Conf.Api.Token == token {
c.Set(RoleContextKey, RoleAdministrator)
c.Next()
return
}
c.JSON(http.StatusUnauthorized, map[string]interface{}{"code": -1, "msg": "Auth failed [query: token]"})
c.Abort()
return
}
//logging.LogInfof("check auth for [%s]", c.Request.RequestURI) //logging.LogInfof("check auth for [%s]", c.Request.RequestURI)
localhost := util.IsLocalHost(c.Request.RemoteAddr) localhost := util.IsLocalHost(c.Request.RemoteAddr)
@ -267,45 +306,6 @@ func CheckAuth(c *gin.Context) {
} }
} }
// 通过 API token (header: Authorization)
if authHeader := c.GetHeader("Authorization"); "" != authHeader {
var token string
if strings.HasPrefix(authHeader, "Token ") {
token = strings.TrimPrefix(authHeader, "Token ")
} else if strings.HasPrefix(authHeader, "token ") {
token = strings.TrimPrefix(authHeader, "token ")
} else if strings.HasPrefix(authHeader, "Bearer ") {
token = strings.TrimPrefix(authHeader, "Bearer ")
} else if strings.HasPrefix(authHeader, "bearer ") {
token = strings.TrimPrefix(authHeader, "bearer ")
}
if "" != token {
if Conf.Api.Token == token {
c.Set(RoleContextKey, RoleAdministrator)
c.Next()
return
}
c.JSON(http.StatusUnauthorized, map[string]interface{}{"code": -1, "msg": "Auth failed [header: Authorization]"})
c.Abort()
return
}
}
// 通过 API token (query-params: token)
if token := c.Query("token"); "" != token {
if Conf.Api.Token == token {
c.Set(RoleContextKey, RoleAdministrator)
c.Next()
return
}
c.JSON(http.StatusUnauthorized, map[string]interface{}{"code": -1, "msg": "Auth failed [query: token]"})
c.Abort()
return
}
// WebDAV BasicAuth Authenticate // WebDAV BasicAuth Authenticate
if strings.HasPrefix(c.Request.RequestURI, "/webdav") || if strings.HasPrefix(c.Request.RequestURI, "/webdav") ||
strings.HasPrefix(c.Request.RequestURI, "/caldav") || strings.HasPrefix(c.Request.RequestURI, "/caldav") ||