rogee/quyun-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: enforce auth on protected routes

Browse Source
This commit is contained in:
Rogee
2026-01-08 14:22:03 +08:00
parent f4efcefe20
commit 90058cdc8e
1 changed files with 43 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
backend/app/middlewares/middlewares.go
View File

@@ -1,6 +1,8 @@
package middlewares package middlewares
import ( import (
"strings"
"quyun/v2/app/errorx" "quyun/v2/app/errorx"
"quyun/v2/app/services" "quyun/v2/app/services"
"quyun/v2/pkg/consts" "quyun/v2/pkg/consts"
@@ -27,9 +29,12 @@ func (f *Middlewares) Prepare() error {
} }
func (m *Middlewares) Auth(ctx fiber.Ctx) error { func (m *Middlewares) Auth(ctx fiber.Ctx) error {
if isPublicRoute(ctx) {
return ctx.Next()
}
authHeader := ctx.Get("Authorization") authHeader := ctx.Get("Authorization")
if authHeader == "" { if authHeader == "" {
return ctx.Next() return errorx.ErrUnauthorized.WithMsg("Missing token")
} }
claims, err := m.jwt.Parse(authHeader) claims, err := m.jwt.Parse(authHeader)
@@ -88,3 +93,40 @@ func hasRole(roles types.Array[consts.Role], role consts.Role) bool {
} }
return false return false
} }
func isPublicRoute(ctx fiber.Ctx) bool {
path := ctx.Path()
method := ctx.Method()
if method == fiber.MethodGet {
switch path {
case "/v1/common/options", "/v1/contents", "/v1/topics", "/v1/tenants":
return true
}
if strings.HasPrefix(path, "/v1/contents/") {
return true
}
if strings.HasPrefix(path, "/v1/creators/") && strings.HasSuffix(path, "/contents") {
return true
}
if strings.HasPrefix(path, "/v1/tenants/") {
return true
}
if strings.HasPrefix(path, "/v1/orders/") && strings.HasSuffix(path, "/status") {
return true
}
if strings.HasPrefix(path, "/v1/storage/") {
return true
}
}
if method == fiber.MethodPost && path == "/v1/webhook/payment/notify" {
return true
}
if method == fiber.MethodPut && strings.HasPrefix(path, "/v1/storage/") {
return true
}
return false
}