store auth information with session

2026-04-04 06:16:59 +08:00 · 2023-09-14 12:45:21 +08:00
parent 79bbf4a39c
commit 8eb72831c1
12 changed files with 110 additions and 53 deletions
--- a/pkg/server/controller/authorizer.go
+++ b/pkg/server/controller/authorizer.go
@@ -3,25 +3,36 @@ package controller
 import (
 	"encoding/base64"
 	"fmt"
+	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
 	"net/http"
 	"strings"
+	"time"
 )

 func (c *HandleController) BasicAuth() gin.HandlerFunc {
 	return func(context *gin.Context) {
 		if strings.TrimSpace(c.CommonInfo.User) == "" || strings.TrimSpace(c.CommonInfo.Pwd) == "" {
-			ClearLogin(context)
 			if context.Request.RequestURI == LoginUrl {
 				context.Redirect(http.StatusTemporaryRedirect, LoginSuccessUrl)
 			}
 			return
 		}

-		auth, err := context.Request.Cookie("token")
+		session := sessions.Default(context)
+		auth := session.Get(AuthName)

-		if err == nil {
-			username, password, _ := ParseBasicAuth(auth.Value)
+		if auth != nil {
+			if c.CommonInfo.KeepTime > 0 {
+				cookie, _ := context.Request.Cookie(SessionName)
+				if cookie != nil {
+					//important thx https://blog.csdn.net/zhanghongxia8285/article/details/107321838/
+					cookie.Expires = time.Now().Add(time.Second * time.Duration(c.CommonInfo.KeepTime))
+					http.SetCookie(context.Writer, cookie)
+				}
+			}
+
+			username, password, _ := parseBasicAuth(fmt.Sprintf("%v", auth))

 			usernameMatch := username == c.CommonInfo.User
 			passwordMatch := password == c.CommonInfo.Pwd
@@ -42,11 +53,40 @@ func (c *HandleController) BasicAuth() gin.HandlerFunc {
 	}
 }

-func ParseBasicAuth(auth string) (username, password string, ok bool) {
-	if len(auth) < len(AuthPrefix) || auth[:len(AuthPrefix)] != AuthPrefix {
-		return "", "", false
+func (c *HandleController) LoginAuth(username, password string, context *gin.Context) bool {
+	if strings.TrimSpace(c.CommonInfo.User) == "" || strings.TrimSpace(c.CommonInfo.Pwd) == "" {
+		return true
 	}
-	c, err := base64.StdEncoding.DecodeString(auth[len(AuthPrefix):])
+
+	session := sessions.Default(context)
+
+	sessionAuth := session.Get(AuthName)
+	internalAuth := encodeBasicAuth(c.CommonInfo.User, c.CommonInfo.Pwd)
+
+	if sessionAuth == internalAuth {
+		return true
+	} else {
+		basicAuth := encodeBasicAuth(username, password)
+		if basicAuth == internalAuth {
+			session.Set(AuthName, basicAuth)
+			_ = session.Save()
+			return true
+		} else {
+			session.Delete(AuthName)
+			_ = session.Save()
+			return false
+		}
+	}
+}
+
+func ClearAuth(context *gin.Context) {
+	session := sessions.Default(context)
+	session.Delete(AuthName)
+	_ = session.Save()
+}
+
+func parseBasicAuth(auth string) (username, password string, ok bool) {
+	c, err := base64.StdEncoding.DecodeString(auth)
 	if err != nil {
 		return "", "", false
 	}
@@ -58,11 +98,7 @@ func ParseBasicAuth(auth string) (username, password string, ok bool) {
 	return username, password, true
 }

-func EncodeBasicAuth(username, password string) string {
+func encodeBasicAuth(username, password string) string {
 	authString := fmt.Sprintf("%s:%s", username, password)
-	return AuthPrefix + base64.StdEncoding.EncodeToString([]byte(authString))
-}
-
-func ClearLogin(context *gin.Context) {
-	context.SetCookie("token", "", -1, "/", context.Request.Host, false, false)
+	return base64.StdEncoding.EncodeToString([]byte(authString))
 }
--- a/pkg/server/controller/controller.go
+++ b/pkg/server/controller/controller.go
@@ -2,7 +2,6 @@ package controller

 import (
 	"crypto/tls"
-	"encoding/base64"
 	"encoding/json"
 	"errors"
 	"fmt"
@@ -17,10 +16,6 @@ import (
 	"strings"
 )

-func (e *HTTPError) Error() string {
-	return e.Err.Error()
-}
-
 func (c *HandleController) MakeHandlerFunc() gin.HandlerFunc {
 	return func(context *gin.Context) {
 		var response plugin.Response
@@ -28,19 +23,13 @@ func (c *HandleController) MakeHandlerFunc() gin.HandlerFunc {

 		request := plugin.Request{}
 		if err := context.BindJSON(&request); err != nil {
-			_ = context.Error(&HTTPError{
-				Code: http.StatusBadRequest,
-				Err:  err,
-			})
+			_ = context.AbortWithError(http.StatusBadRequest, err)
 			return
 		}

 		jsonStr, err := json.Marshal(request.Content)
 		if err != nil {
-			_ = context.Error(&HTTPError{
-				Code: http.StatusBadRequest,
-				Err:  err,
-			})
+			_ = context.AbortWithError(http.StatusBadRequest, err)
 			return
 		}

@@ -88,8 +77,7 @@ func (c *HandleController) MakeHandlerFunc() gin.HandlerFunc {
 func (c *HandleController) MakeLoginFunc() func(context *gin.Context) {
 	return func(context *gin.Context) {
 		if context.Request.Method == "GET" {
-			if strings.TrimSpace(c.CommonInfo.User) == "" || strings.TrimSpace(c.CommonInfo.Pwd) == "" {
-				ClearLogin(context)
+			if c.LoginAuth("", "", context) {
 				if context.Request.RequestURI == LoginUrl {
 					context.Redirect(http.StatusTemporaryRedirect, LoginSuccessUrl)
 				}
@@ -107,19 +95,15 @@ func (c *HandleController) MakeLoginFunc() func(context *gin.Context) {
 		} else if context.Request.Method == "POST" {
 			username := context.PostForm("username")
 			password := context.PostForm("password")
-
-			auth := EncodeBasicAuth(username, password)
-			if auth == EncodeBasicAuth(c.CommonInfo.User, c.CommonInfo.Pwd) {
+			if c.LoginAuth(username, password, context) {
 				context.JSON(http.StatusOK, gin.H{
 					"success": true,
 					"message": ginI18n.MustGetMessage(context, "Login success"),
-					"token":   auth,
 				})
 			} else {
 				context.JSON(http.StatusOK, gin.H{
 					"success": false,
 					"message": ginI18n.MustGetMessage(context, "Username or password incorrect"),
-					"token":   "",
 				})
 			}
 		}
@@ -128,7 +112,8 @@ func (c *HandleController) MakeLoginFunc() func(context *gin.Context) {

 func (c *HandleController) MakeLogoutFunc() func(context *gin.Context) {
 	return func(context *gin.Context) {
-		ClearLogin(context)
+		ClearAuth(context)
+		context.Redirect(http.StatusTemporaryRedirect, LogoutSuccessUrl)
 	}
 }

@@ -681,12 +666,10 @@ func (c *HandleController) MakeProxyFunc() func(context *gin.Context) {
 		requestUrl := protocol + host + ":" + strconv.Itoa(port) + context.Param("serverApi")
 		request, _ := http.NewRequest("GET", requestUrl, nil)
 		username := c.CommonInfo.DashboardUser
-		if len(strings.TrimSpace(username)) != 0 {
-			password := c.CommonInfo.DashboardPwd
-			userAndPwd := []byte(username + ":" + password)
-			authorization := "Basic " + base64.StdEncoding.EncodeToString(userAndPwd)
-			request.Header.Add("Authorization", authorization)
-			log.Printf("Proxy to %s with Authorization %s", requestUrl, authorization)
+		password := c.CommonInfo.DashboardPwd
+		if len(strings.TrimSpace(username)) != 0 && len(strings.TrimSpace(password)) != 0 {
+			request.SetBasicAuth(username, password)
+			log.Printf("Proxy to %s", requestUrl)
 		}

 		response, err := client.Do(request)
--- a/pkg/server/controller/variables.go
+++ b/pkg/server/controller/variables.go
@@ -1,6 +1,8 @@
 package controller

-import "regexp"
+import (
+	"regexp"
+)

 const (
 	Success          = 0
@@ -11,10 +13,12 @@ const (
 	TokenFormatError = 5
 	FrpServerError   = 6

-	AuthPrefix      = "Basic "
-	LoginUrl        = "/login"
-	LogoutUrl       = "/logout"
-	LoginSuccessUrl = "/"
+	SessionName      = "GOSESSION"
+	AuthName         = "_PANEL_AUTH"
+	LoginUrl         = "/login"
+	LoginSuccessUrl  = "/"
+	LogoutUrl        = "/logout"
+	LogoutSuccessUrl = "/login"
 )

 var (
@@ -38,6 +42,7 @@ type CommonInfo struct {
 	PluginPort    int
 	User          string
 	Pwd           string
+	KeepTime      int
 	DashboardTLS  bool
 	DashboardAddr string
 	DashboardPort int
@@ -95,3 +100,7 @@ type TokenDisable struct {
 type TokenEnable struct {
 	TokenDisable
 }
+
+func (e *HTTPError) Error() string {
+	return e.Err.Error()
+}