fix: remove token auth for user login

2025-10-05 08:06:51 +08:00 · 2022-11-22 12:53:27 +08:00
parent 9dc3498a2a
commit 391a1c09af
2 changed files with 8 additions and 64 deletions
--- a/middleware/auth.go
+++ b/middleware/auth.go
@@ -4,7 +4,6 @@ import (
 	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
 	"message-pusher/common"
 	"message-pusher/model"
 	"net/http"
 )
@@ -14,34 +13,12 @@ func authHelper(c *gin.Context, minRole int) {
 	role := session.Get("role")
 	id := session.Get("id")
 	status := session.Get("status")
 	authByToken := false
 	if username == nil {
-		// Check token
+		c.JSON(http.StatusOK, gin.H{
-		token := c.Request.Header.Get("Authorization")
+			"success": false,
-		if token == "" {
+			"message": "无权进行此操作，未登录",
-			c.JSON(http.StatusOK, gin.H{
+		})
-				"success": false,
+		c.Abort()
 				"message": "无权进行此操作，未登录或 token 无效",
 			})
 			c.Abort()
 			return
 		}
 		user := model.ValidateUserToken(token)
 		if user != nil && user.Username != "" {
 			// Token is valid
 			username = user.Username
 			role = user.Role
 			id = user.Id
 			status = user.Status
 		} else {
 			c.JSON(http.StatusOK, gin.H{
 				"success": false,
 				"message": "无权进行此操作，token 无效",
 			})
 			c.Abort()
 			return
 		}
 		authByToken = true
 	}
 	if status.(int) == common.UserStatusDisabled {
 		c.JSON(http.StatusOK, gin.H{
@@ -62,7 +39,6 @@ func authHelper(c *gin.Context, minRole int) {
 	c.Set("username", username)
 	c.Set("role", role)
 	c.Set("id", id)
 	c.Set("authByToken", authByToken)
 	c.Next()
 }
@@ -83,35 +59,3 @@ func RootAuth() func(c *gin.Context) {
 		authHelper(c, common.RoleRootUser)
 	}
 }
 // NoTokenAuth You should always use this after normal auth middlewares.
 func NoTokenAuth() func(c *gin.Context) {
 	return func(c *gin.Context) {
 		authByToken := c.GetBool("authByToken")
 		if authByToken {
 			c.JSON(http.StatusOK, gin.H{
 				"success": false,
 				"message": "本接口不支持使用 token 进行验证",
 			})
 			c.Abort()
 			return
 		}
 		c.Next()
 	}
 }
 // TokenOnlyAuth You should always use this after normal auth middlewares.
 func TokenOnlyAuth() func(c *gin.Context) {
 	return func(c *gin.Context) {
 		authByToken := c.GetBool("authByToken")
 		if !authByToken {
 			c.JSON(http.StatusOK, gin.H{
 				"success": false,
 				"message": "本接口仅支持使用 token 进行验证",
 			})
 			c.Abort()
 			return
 		}
 		c.Next()
 	}
 }
--- a/router/api-router.go
+++ b/router/api-router.go
@@ -28,7 +28,7 @@ func SetApiRouter(router *gin.Engine) {
 			userRoute.GET("/logout", controller.Logout)
 			selfRoute := userRoute.Group("/")
-			selfRoute.Use(middleware.UserAuth(), middleware.NoTokenAuth())
+			selfRoute.Use(middleware.UserAuth())
 			{
 				selfRoute.GET("/self", controller.GetSelf)
 				selfRoute.PUT("/self", controller.UpdateSelf)
@@ -37,7 +37,7 @@ func SetApiRouter(router *gin.Engine) {
 			}
 			adminRoute := userRoute.Group("/")
-			adminRoute.Use(middleware.AdminAuth(), middleware.NoTokenAuth())
+			adminRoute.Use(middleware.AdminAuth())
 			{
 				adminRoute.GET("/", controller.GetAllUsers)
 				adminRoute.GET("/search", controller.SearchUsers)
@@ -49,7 +49,7 @@ func SetApiRouter(router *gin.Engine) {
 			}
 		}
 		optionRoute := apiRouter.Group("/option")
-		optionRoute.Use(middleware.RootAuth(), middleware.NoTokenAuth())
+		optionRoute.Use(middleware.RootAuth())
 		{
 			optionRoute.GET("/", controller.GetOptions)
 			optionRoute.PUT("/", controller.UpdateOption)