mirror of
https://github.com/usememos/memos.git
synced 2025-06-05 22:09:59 +02:00
feat: impl auth interceptor (#2055)
* feat: impl auth interceptor * chore: update * chore: update * chore: update
This commit is contained in:
@@ -21,6 +21,7 @@ import (
|
||||
"github.com/disintegration/imaging"
|
||||
"github.com/labstack/echo/v4"
|
||||
"github.com/pkg/errors"
|
||||
"github.com/usememos/memos/api/v1/auth"
|
||||
"github.com/usememos/memos/common/log"
|
||||
"github.com/usememos/memos/common/util"
|
||||
"github.com/usememos/memos/plugin/storage/s3"
|
||||
@@ -82,7 +83,7 @@ var fileKeyPattern = regexp.MustCompile(`\{[a-z]{1,9}\}`)
|
||||
func (s *APIV1Service) registerResourceRoutes(g *echo.Group) {
|
||||
g.POST("/resource", func(c echo.Context) error {
|
||||
ctx := c.Request().Context()
|
||||
userID, ok := c.Get(getUserIDContextKey()).(int)
|
||||
userID, ok := c.Get(auth.UserIDContextKey).(int)
|
||||
if !ok {
|
||||
return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
|
||||
}
|
||||
@@ -156,7 +157,7 @@ func (s *APIV1Service) registerResourceRoutes(g *echo.Group) {
|
||||
|
||||
g.POST("/resource/blob", func(c echo.Context) error {
|
||||
ctx := c.Request().Context()
|
||||
userID, ok := c.Get(getUserIDContextKey()).(int)
|
||||
userID, ok := c.Get(auth.UserIDContextKey).(int)
|
||||
if !ok {
|
||||
return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
|
||||
}
|
||||
@@ -216,7 +217,7 @@ func (s *APIV1Service) registerResourceRoutes(g *echo.Group) {
|
||||
|
||||
g.GET("/resource", func(c echo.Context) error {
|
||||
ctx := c.Request().Context()
|
||||
userID, ok := c.Get(getUserIDContextKey()).(int)
|
||||
userID, ok := c.Get(auth.UserIDContextKey).(int)
|
||||
if !ok {
|
||||
return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
|
||||
}
|
||||
@@ -243,7 +244,7 @@ func (s *APIV1Service) registerResourceRoutes(g *echo.Group) {
|
||||
|
||||
g.PATCH("/resource/:resourceId", func(c echo.Context) error {
|
||||
ctx := c.Request().Context()
|
||||
userID, ok := c.Get(getUserIDContextKey()).(int)
|
||||
userID, ok := c.Get(auth.UserIDContextKey).(int)
|
||||
if !ok {
|
||||
return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
|
||||
}
|
||||
@@ -289,7 +290,7 @@ func (s *APIV1Service) registerResourceRoutes(g *echo.Group) {
|
||||
|
||||
g.DELETE("/resource/:resourceId", func(c echo.Context) error {
|
||||
ctx := c.Request().Context()
|
||||
userID, ok := c.Get(getUserIDContextKey()).(int)
|
||||
userID, ok := c.Get(auth.UserIDContextKey).(int)
|
||||
if !ok {
|
||||
return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
|
||||
}
|
||||
@@ -345,7 +346,7 @@ func (s *APIV1Service) registerResourcePublicRoutes(g *echo.Group) {
|
||||
}
|
||||
|
||||
// Protected resource require a logined user
|
||||
userID, ok := c.Get(getUserIDContextKey()).(int)
|
||||
userID, ok := c.Get(auth.UserIDContextKey).(int)
|
||||
if resourceVisibility == store.Protected && (!ok || userID <= 0) {
|
||||
return echo.NewHTTPError(http.StatusUnauthorized, "Resource visibility not match").SetInternal(err)
|
||||
}
|
||||
|
Reference in New Issue
Block a user