mirror of
https://github.com/siyuan-note/siyuan.git
synced 2025-12-16 22:50:13 +01:00
🎨 Add cookie-based auth in publish proxy (#15692)
* chore(publish-auth): Add TODO for cookie-based auth in publish proxy A TODO comment was added to indicate future implementation of authentication using cookies in the PublishServiceTransport RoundTrip method. * 🎨 Add session-based authentication for publish proxy Introduces session management using cookies for the publish reverse proxy server. Adds session ID generation, storage, and validation in kernel/model/auth.go, and updates the proxy transport to check for valid sessions before falling back to basic authentication. Sets a session cookie upon successful basic auth login. * 🐛 Fixed the issue of repeatedly setting cookies * 🎨 Dynamically remove invalid session IDs * ♻️ Revert changes in pnpm-lock.yaml
This commit is contained in:
Yingyi / 颖逸
GitHub
parent
2a4adf089f
commit
ff4d215f78
3 changed files with 67 additions and 7 deletions
|
|
@ -19,8 +19,10 @@ package model
|
|||
import (
|
||||
"crypto/rand"
|
||||
"net/http"
|
||||
"sync"
|
||||
|
||||
"github.com/golang-jwt/jwt/v5"
|
||||
"github.com/google/uuid"
|
||||
"github.com/siyuan-note/logging"
|
||||
)
|
||||
|
||||
|
|
@ -29,12 +31,15 @@ type Account struct {
|
|||
Password string
|
||||
Token string
|
||||
}
|
||||
type AccountsMap map[string]*Account
|
||||
type AccountsMap map[string]*Account // username -> account
|
||||
type SessionsMap map[string]string // sessionID -> username
|
||||
type ClaimsKeyType string
|
||||
|
||||
const (
|
||||
XAuthTokenKey = "X-Auth-Token"
|
||||
|
||||
SessionIdCookieName = "publish-visitor-session-id"
|
||||
|
||||
ClaimsContextKey = "claims"
|
||||
|
||||
iss = "siyuan-publish-reverse-proxy-server"
|
||||
|
|
@ -46,13 +51,37 @@ const (
|
|||
|
||||
var (
|
||||
accountsMap = AccountsMap{}
|
||||
jwtKey = make([]byte, 32)
|
||||
sessionsMap = SessionsMap{}
|
||||
sessionLock = sync.Mutex{}
|
||||
|
||||
jwtKey = make([]byte, 32)
|
||||
)
|
||||
|
||||
func GetBasicAuthAccount(username string) *Account {
|
||||
return accountsMap[username]
|
||||
}
|
||||
|
||||
func GetBasicAuthUsernameBySessionID(sessionID string) string {
|
||||
return sessionsMap[sessionID]
|
||||
}
|
||||
|
||||
func GetNewSessionID() string {
|
||||
sessionID := uuid.New().String()
|
||||
return sessionID
|
||||
}
|
||||
|
||||
func AddSession(sessionID, username string) {
|
||||
sessionLock.Lock()
|
||||
defer sessionLock.Unlock()
|
||||
sessionsMap[sessionID] = username
|
||||
}
|
||||
|
||||
func DeleteSession(sessionID string) {
|
||||
sessionLock.Lock()
|
||||
defer sessionLock.Unlock()
|
||||
delete(sessionsMap, sessionID)
|
||||
}
|
||||
|
||||
func InitAccounts() {
|
||||
accountsMap = AccountsMap{
|
||||
"": &Account{}, // 匿名用户
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue