mirror of
https://github.com/usememos/memos.git
synced 2024-09-21 06:55:55 +08:00
fix: acl middleware
This commit is contained in:
parent
fa93d0fd6e
commit
5617118fa8
|
@ -53,8 +53,12 @@ func removeUserSession(ctx echo.Context) error {
|
||||||
|
|
||||||
func aclMiddleware(s *Server, next echo.HandlerFunc) echo.HandlerFunc {
|
func aclMiddleware(s *Server, next echo.HandlerFunc) echo.HandlerFunc {
|
||||||
return func(ctx echo.Context) error {
|
return func(ctx echo.Context) error {
|
||||||
// Skip auth for some paths.
|
// Skip auth.
|
||||||
if common.HasPrefixes(ctx.Path(), "/api/auth", "/api/ping", "/api/status", "/api/user/:id") {
|
if common.HasPrefixes(ctx.Path(), "/api/auth") {
|
||||||
|
return next(ctx)
|
||||||
|
}
|
||||||
|
|
||||||
|
if common.HasPrefixes(ctx.Path(), "/api/ping", "/api/status", "/api/user/:id") && ctx.Request().Method == http.MethodGet {
|
||||||
return next(ctx)
|
return next(ctx)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -104,7 +108,7 @@ func aclMiddleware(s *Server, next echo.HandlerFunc) echo.HandlerFunc {
|
||||||
|
|
||||||
userID := ctx.Get(getUserIDContextKey())
|
userID := ctx.Get(getUserIDContextKey())
|
||||||
if userID == nil {
|
if userID == nil {
|
||||||
return echo.NewHTTPError(http.StatusUnauthorized, "Missing userID in session")
|
return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
|
||||||
}
|
}
|
||||||
|
|
||||||
return next(ctx)
|
return next(ctx)
|
||||||
|
|
|
@ -15,7 +15,10 @@ import (
|
||||||
|
|
||||||
func (s *Server) registerMemoRoutes(g *echo.Group) {
|
func (s *Server) registerMemoRoutes(g *echo.Group) {
|
||||||
g.POST("/memo", func(c echo.Context) error {
|
g.POST("/memo", func(c echo.Context) error {
|
||||||
userID := c.Get(getUserIDContextKey()).(int)
|
userID, ok := c.Get(getUserIDContextKey()).(int)
|
||||||
|
if !ok {
|
||||||
|
return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
|
||||||
|
}
|
||||||
memoCreate := &api.MemoCreate{
|
memoCreate := &api.MemoCreate{
|
||||||
CreatorID: userID,
|
CreatorID: userID,
|
||||||
}
|
}
|
||||||
|
@ -133,7 +136,10 @@ func (s *Server) registerMemoRoutes(g *echo.Group) {
|
||||||
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("memoId"))).SetInternal(err)
|
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("memoId"))).SetInternal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
userID := c.Get(getUserIDContextKey()).(int)
|
userID, ok := c.Get(getUserIDContextKey()).(int)
|
||||||
|
if !ok {
|
||||||
|
return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
|
||||||
|
}
|
||||||
memoOrganizerUpsert := &api.MemoOrganizerUpsert{
|
memoOrganizerUpsert := &api.MemoOrganizerUpsert{
|
||||||
MemoID: memoID,
|
MemoID: memoID,
|
||||||
UserID: userID,
|
UserID: userID,
|
||||||
|
@ -207,7 +213,10 @@ func (s *Server) registerMemoRoutes(g *echo.Group) {
|
||||||
})
|
})
|
||||||
|
|
||||||
g.GET("/memo/amount", func(c echo.Context) error {
|
g.GET("/memo/amount", func(c echo.Context) error {
|
||||||
userID := c.Get(getUserIDContextKey()).(int)
|
userID, ok := c.Get(getUserIDContextKey()).(int)
|
||||||
|
if !ok {
|
||||||
|
return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
|
||||||
|
}
|
||||||
normalRowStatus := api.Normal
|
normalRowStatus := api.Normal
|
||||||
memoFind := &api.MemoFind{
|
memoFind := &api.MemoFind{
|
||||||
CreatorID: &userID,
|
CreatorID: &userID,
|
||||||
|
|
|
@ -14,7 +14,10 @@ import (
|
||||||
|
|
||||||
func (s *Server) registerResourceRoutes(g *echo.Group) {
|
func (s *Server) registerResourceRoutes(g *echo.Group) {
|
||||||
g.POST("/resource", func(c echo.Context) error {
|
g.POST("/resource", func(c echo.Context) error {
|
||||||
userID := c.Get(getUserIDContextKey()).(int)
|
userID, ok := c.Get(getUserIDContextKey()).(int)
|
||||||
|
if !ok {
|
||||||
|
return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
|
||||||
|
}
|
||||||
|
|
||||||
err := c.Request().ParseMultipartForm(64 << 20)
|
err := c.Request().ParseMultipartForm(64 << 20)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -61,7 +64,10 @@ func (s *Server) registerResourceRoutes(g *echo.Group) {
|
||||||
})
|
})
|
||||||
|
|
||||||
g.GET("/resource", func(c echo.Context) error {
|
g.GET("/resource", func(c echo.Context) error {
|
||||||
userID := c.Get(getUserIDContextKey()).(int)
|
userID, ok := c.Get(getUserIDContextKey()).(int)
|
||||||
|
if !ok {
|
||||||
|
return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
|
||||||
|
}
|
||||||
resourceFind := &api.ResourceFind{
|
resourceFind := &api.ResourceFind{
|
||||||
CreatorID: &userID,
|
CreatorID: &userID,
|
||||||
}
|
}
|
||||||
|
@ -83,7 +89,10 @@ func (s *Server) registerResourceRoutes(g *echo.Group) {
|
||||||
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("resourceId"))).SetInternal(err)
|
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("resourceId"))).SetInternal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
userID := c.Get(getUserIDContextKey()).(int)
|
userID, ok := c.Get(getUserIDContextKey()).(int)
|
||||||
|
if !ok {
|
||||||
|
return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
|
||||||
|
}
|
||||||
resourceFind := &api.ResourceFind{
|
resourceFind := &api.ResourceFind{
|
||||||
ID: &resourceID,
|
ID: &resourceID,
|
||||||
CreatorID: &userID,
|
CreatorID: &userID,
|
||||||
|
@ -106,7 +115,10 @@ func (s *Server) registerResourceRoutes(g *echo.Group) {
|
||||||
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("resourceId"))).SetInternal(err)
|
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("resourceId"))).SetInternal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
userID := c.Get(getUserIDContextKey()).(int)
|
userID, ok := c.Get(getUserIDContextKey()).(int)
|
||||||
|
if !ok {
|
||||||
|
return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
|
||||||
|
}
|
||||||
resourceFind := &api.ResourceFind{
|
resourceFind := &api.ResourceFind{
|
||||||
ID: &resourceID,
|
ID: &resourceID,
|
||||||
CreatorID: &userID,
|
CreatorID: &userID,
|
||||||
|
|
|
@ -13,7 +13,10 @@ import (
|
||||||
|
|
||||||
func (s *Server) registerShortcutRoutes(g *echo.Group) {
|
func (s *Server) registerShortcutRoutes(g *echo.Group) {
|
||||||
g.POST("/shortcut", func(c echo.Context) error {
|
g.POST("/shortcut", func(c echo.Context) error {
|
||||||
userID := c.Get(getUserIDContextKey()).(int)
|
userID, ok := c.Get(getUserIDContextKey()).(int)
|
||||||
|
if !ok {
|
||||||
|
return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
|
||||||
|
}
|
||||||
shortcutCreate := &api.ShortcutCreate{
|
shortcutCreate := &api.ShortcutCreate{
|
||||||
CreatorID: userID,
|
CreatorID: userID,
|
||||||
}
|
}
|
||||||
|
|
|
@ -108,7 +108,10 @@ func (s *Server) registerUserRoutes(g *echo.Group) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("id"))).SetInternal(err)
|
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("ID is not a number: %s", c.Param("id"))).SetInternal(err)
|
||||||
}
|
}
|
||||||
currentUserID := c.Get(getUserIDContextKey()).(int)
|
currentUserID, ok := c.Get(getUserIDContextKey()).(int)
|
||||||
|
if !ok {
|
||||||
|
return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
|
||||||
|
}
|
||||||
currentUser, err := s.Store.FindUser(&api.UserFind{
|
currentUser, err := s.Store.FindUser(&api.UserFind{
|
||||||
ID: ¤tUserID,
|
ID: ¤tUserID,
|
||||||
})
|
})
|
||||||
|
@ -156,7 +159,10 @@ func (s *Server) registerUserRoutes(g *echo.Group) {
|
||||||
})
|
})
|
||||||
|
|
||||||
g.DELETE("/user/:id", func(c echo.Context) error {
|
g.DELETE("/user/:id", func(c echo.Context) error {
|
||||||
currentUserID := c.Get(getUserIDContextKey()).(int)
|
currentUserID, ok := c.Get(getUserIDContextKey()).(int)
|
||||||
|
if !ok {
|
||||||
|
return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")
|
||||||
|
}
|
||||||
currentUser, err := s.Store.FindUser(&api.UserFind{
|
currentUser, err := s.Store.FindUser(&api.UserFind{
|
||||||
ID: ¤tUserID,
|
ID: ¤tUserID,
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in a new issue