tgdrive/teldrive
1
1
Fork 0
mirror of https://github.com/tgdrive/teldrive.git synced 2025-09-22 22:39:02 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions

added acl

Browse source
This commit is contained in:
divyam234 2023-09-08 20:21:54 +05:30
parent 1258816ec8
commit aacbb4da1f
3 changed files with 57 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -118,7 +118,7 @@ Before running the bot, you will need to set up the following mandatory variable
### Optional Vars
In addition to the mandatory variables, you can also set the following optional variables:
- `HTTPS` : Only needed when frontend is deployed on vercel.
- `ALLOWED_USERS` : Allow certian telgram usernames including yours to access app.Enter comma seperated telegram usernames here.Needed when your instance is on public cloud and you want to restrict other people to login.
- `COOKIE_SAME_SITE` : Only needed when frontend is deployed on vercel.
- `MULTI_CLIENT` : Enable or Disable Multi Token mode. If true you have pass atleast one Multi Token
- `MULTI_TOKEN[1....]` : Recommended to add atleast 10-12 tokens

41
services/auth.service.go
View file

@ -102,12 +102,32 @@ func setCookie(c *gin.Context, key string, value string, age int) {
}
func checkUserIsAllowed(userName string) bool {
config := utils.GetConfig()
found := false
if len(config.AllowedUsers) > 0 {
for _, user := range config.AllowedUsers {
if user == userName {
found = true
break
}
}
} else {
found = true
}
return found
}
func (as *AuthService) LogIn(c *gin.Context) (*schemas.Message, *types.AppError) {
var session types.TgSession
if err := c.ShouldBindJSON(&session); err != nil {
return nil, &types.AppError{Error: errors.New("invalid request payload"), Code: http.StatusBadRequest}
}
if !checkUserIsAllowed(session.UserName) {
return nil, &types.AppError{Error: errors.New("user not allowed"), Code: http.StatusUnauthorized}
}
now := time.Now().UTC()
jwtClaims := &types.JWTClaims{Claims: jwt.Claims{
@ -276,7 +296,12 @@ func (as *AuthService) HandleMultipleLogin(c *gin.Context) {
}
user, ok := authorization.User.AsNotEmpty()
if !ok {
conn.WriteJSON(map[string]interface{}{"type": "error", "message": errors.New("auth failed")})
conn.WriteJSON(map[string]interface{}{"type": "error", "message": "auth failed"})
return
}
if !checkUserIsAllowed(user.Username) {
conn.WriteJSON(map[string]interface{}{"type": "error", "message": "user not allowed"})
tgClient.API().AuthLogOut(c)
return
}
res, _ := sessionStorage.LoadSession(c)
@ -312,7 +337,12 @@ func (as *AuthService) HandleMultipleLogin(c *gin.Context) {
}
user, ok := auth.User.AsNotEmpty()
if !ok {
conn.WriteJSON(map[string]interface{}{"type": "error", "message": errors.New("auth failed")})
conn.WriteJSON(map[string]interface{}{"type": "error", "message": "auth failed"})
return
}
if !checkUserIsAllowed(user.Username) {
conn.WriteJSON(map[string]interface{}{"type": "error", "message": "user not allowed"})
tgClient.API().AuthLogOut(c)
return
}
res, _ := sessionStorage.LoadSession(c)
@ -332,7 +362,12 @@ func (as *AuthService) HandleMultipleLogin(c *gin.Context) {
}
user, ok := auth.User.AsNotEmpty()
if !ok {
conn.WriteJSON(map[string]interface{}{"type": "error", "message": errors.New("auth failed")})
conn.WriteJSON(map[string]interface{}{"type": "error", "message": "auth failed"})
return
}
if !checkUserIsAllowed(user.Username) {
conn.WriteJSON(map[string]interface{}{"type": "error", "message": "user not allowed"})
tgClient.API().AuthLogOut(c)
return
}
res, _ := sessionStorage.LoadSession(c)

35
utils/config.go
View file

@ -10,23 +10,24 @@ import (
type MultiToken string
type Config struct {
AppId int `envconfig:"APP_ID" required:"true"`
AppHash string `envconfig:"APP_HASH" required:"true"`
ChannelID int64 `envconfig:"CHANNEL_ID" required:"true"`
JwtSecret string `envconfig:"JWT_SECRET" required:"true"`
MultiClient bool `envconfig:"MULTI_CLIENT" default:"false"`
Https bool `envconfig:"HTTPS" default:"false"`
CookieSameSite bool `envconfig:"COOKIE_SAME_SITE" default:"true"`
DatabaseUrl string `envconfig:"DATABASE_URL" required:"true"`
RateLimit bool `envconfig:"RATE_LIMIT" default:"true"`
TgClientDeviceModel string `envconfig:"TG_CLIENT_DEVICE_MODEL" required:"true"`
TgClientSystemVersion string `envconfig:"TG_CLIENT_SYSTEM_VERSION" default:"Win32"`
TgClientAppVersion string `envconfig:"TG_CLIENT_APP_VERSION" default:"2.1.9 K"`
TgClientLangCode string `envconfig:"TG_CLIENT_LANG_CODE" default:"en"`
TgClientSystemLangCode string `envconfig:"TG_CLIENT_SYSTEM_LANG_CODE" default:"en"`
TgClientLangPack string `envconfig:"TG_CLIENT_LANG_PACK" default:"webk"`
RunMigrations bool `envconfig:"RUN_MIGRATIONS" default:"true"`
Port int `envconfig:"PORT" default:"8080"`
AppId int `envconfig:"APP_ID" required:"true"`
AppHash string `envconfig:"APP_HASH" required:"true"`
ChannelID int64 `envconfig:"CHANNEL_ID" required:"true"`
JwtSecret string `envconfig:"JWT_SECRET" required:"true"`
MultiClient bool `envconfig:"MULTI_CLIENT" default:"false"`
Https bool `envconfig:"HTTPS" default:"false"`
CookieSameSite bool `envconfig:"COOKIE_SAME_SITE" default:"true"`
AllowedUsers []string `envconfig:"ALLOWED_USERS"`
DatabaseUrl string `envconfig:"DATABASE_URL" required:"true"`
RateLimit bool `envconfig:"RATE_LIMIT" default:"true"`
TgClientDeviceModel string `envconfig:"TG_CLIENT_DEVICE_MODEL" required:"true"`
TgClientSystemVersion string `envconfig:"TG_CLIENT_SYSTEM_VERSION" default:"Win32"`
TgClientAppVersion string `envconfig:"TG_CLIENT_APP_VERSION" default:"2.1.9 K"`
TgClientLangCode string `envconfig:"TG_CLIENT_LANG_CODE" default:"en"`
TgClientSystemLangCode string `envconfig:"TG_CLIENT_SYSTEM_LANG_CODE" default:"en"`
TgClientLangPack string `envconfig:"TG_CLIENT_LANG_PACK" default:"webk"`
RunMigrations bool `envconfig:"RUN_MIGRATIONS" default:"true"`
Port int `envconfig:"PORT" default:"8080"`
ExecDir string
}