Почетна Преглед Помоћ
Пријавите се
LBP
/
miniflux_v2
огледало од https://github.com/miniflux/v2.git
4
0
Креирај огранак 0
Датотеке Дискусије 0 Вики
Грана: web_bot_auth
Гране Ознаке
miniflux_v2
/
internal
/
fever
/
middleware.go

middleware.go 2.2 KB
Пермалинк Историја Датотека

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778 
  1. // SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved.
    2. 

  2. // SPDX-License-Identifier: Apache-2.0
    3. 

  3. 

  4. package fever // import "miniflux.app/v2/internal/fever"
    5. 

  5. 

  6. import (
    7. 

  7. 	"context"
    8. 

  8. 	"log/slog"
    9. 

  9. 	"net/http"
    10. 

  10. 

  11. 	"miniflux.app/v2/internal/http/request"
    12. 

  12. 	"miniflux.app/v2/internal/http/response/json"
    13. 

  13. 	"miniflux.app/v2/internal/storage"
    14. 

  14. )
    15. 

  15. 

  16. type middleware struct {
    17. 

  17. 	store *storage.Storage
    18. 

  18. }
    19. 

  19. 

  20. func newMiddleware(s *storage.Storage) *middleware {
    21. 

  21. 	return &middleware{s}
    22. 

  22. }
    23. 

  23. 

  24. func (m *middleware) serve(next http.Handler) http.Handler {
    25. 

  25. 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
    26. 

  26. 		clientIP := request.ClientIP(r)
    27. 

  27. 		apiKey := r.FormValue("api_key")
    28. 

  28. 		if apiKey == "" {
    29. 

  29. 			slog.Warn("[Fever] No API key provided",
    30. 

  30. 				slog.Bool("authentication_failed", true),
    31. 

  31. 				slog.String("client_ip", clientIP),
    32. 

  32. 				slog.String("user_agent", r.UserAgent()),
    33. 

  33. 			)
    34. 

  34. 			json.OK(w, r, newAuthFailureResponse())
    35. 

  35. 			return
    36. 

  36. 		}
    37. 

  37. 

  38. 		user, err := m.store.UserByFeverToken(apiKey)
    39. 

  39. 		if err != nil {
    40. 

  40. 			slog.Error("[Fever] Unable to fetch user by API key",
    41. 

  41. 				slog.Bool("authentication_failed", true),
    42. 

  42. 				slog.String("client_ip", clientIP),
    43. 

  43. 				slog.String("user_agent", r.UserAgent()),
    44. 

  44. 				slog.Any("error", err),
    45. 

  45. 			)
    46. 

  46. 			json.OK(w, r, newAuthFailureResponse())
    47. 

  47. 			return
    48. 

  48. 		}
    49. 

  49. 

  50. 		if user == nil {
    51. 

  51. 			slog.Warn("[Fever] No user found with the API key provided",
    52. 

  52. 				slog.Bool("authentication_failed", true),
    53. 

  53. 				slog.String("client_ip", clientIP),
    54. 

  54. 				slog.String("user_agent", r.UserAgent()),
    55. 

  55. 			)
    56. 

  56. 			json.OK(w, r, newAuthFailureResponse())
    57. 

  57. 			return
    58. 

  58. 		}
    59. 

  59. 

  60. 		slog.Info("[Fever] User authenticated successfully",
    61. 

  61. 			slog.Bool("authentication_successful", true),
    62. 

  62. 			slog.String("client_ip", clientIP),
    63. 

  63. 			slog.String("user_agent", r.UserAgent()),
    64. 

  64. 			slog.Int64("user_id", user.ID),
    65. 

  65. 			slog.String("username", user.Username),
    66. 

  66. 		)
    67. 

  67. 

  68. 		m.store.SetLastLogin(user.ID)
    69. 

  69. 

  70. 		ctx := r.Context()
    71. 

  71. 		ctx = context.WithValue(ctx, request.UserIDContextKey, user.ID)
    72. 

  72. 		ctx = context.WithValue(ctx, request.UserTimezoneContextKey, user.Timezone)
    73. 

  73. 		ctx = context.WithValue(ctx, request.IsAdminUserContextKey, user.IsAdmin)
    74. 

  74. 		ctx = context.WithValue(ctx, request.IsAuthenticatedContextKey, true)
    75. 

  75. 

  76. 		next.ServeHTTP(w, r.WithContext(ctx))
    77. 

  77. 	})
    78. 

  78. }
    79.