From dd702a5bee2c7844d2b1bfc843cb8b7e59f7d9fe Mon Sep 17 00:00:00 2001
From: yanghao05 <yanghao05@qianxin.com>
Date: Tue, 29 Apr 2025 20:57:56 +0800
Subject: [PATCH] feat: update

---
 backend/app/middlewares/mid_auth.go | 14 +++++++++-----
 backend/test.http                   |  9 ++++++++-
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/backend/app/middlewares/mid_auth.go b/backend/app/middlewares/mid_auth.go
index 4552da5..c47bb89 100644
--- a/backend/app/middlewares/mid_auth.go
+++ b/backend/app/middlewares/mid_auth.go
@@ -29,11 +29,6 @@ func (f *Middlewares) Auth(ctx fiber.Ctx) error {
 		return ctx.Next()
 	}
 
-	// check is XMLHttpRequest
-	if ctx.XHR() {
-		return ctx.SendStatus(fiber.StatusUnauthorized)
-	}
-
 	fullUrl := utils.FullURI(ctx)
 	u, err := url.Parse(fullUrl)
 	if err != nil {
@@ -50,6 +45,9 @@ func (f *Middlewares) Auth(ctx fiber.Ctx) error {
 	log.Infof("cookie: %s", cookie)
 	if cookie == "" {
 		log.Infof("auth redirect_uri: %s", fullUrl)
+		if ctx.XHR() {
+			return ctx.SendStatus(fiber.StatusUnauthorized)
+		}
 		return ctx.Redirect().To(fullUrl)
 	}
 
@@ -57,6 +55,9 @@ func (f *Middlewares) Auth(ctx fiber.Ctx) error {
 	if err != nil {
 		// remove cookie
 		ctx.ClearCookie("token")
+		if ctx.XHR() {
+			return ctx.SendStatus(fiber.StatusUnauthorized)
+		}
 		return ctx.Redirect().To(fullUrl)
 	}
 
@@ -64,6 +65,9 @@ func (f *Middlewares) Auth(ctx fiber.Ctx) error {
 	if err != nil {
 		// remove cookie
 		ctx.ClearCookie("token")
+		if ctx.XHR() {
+			return ctx.SendStatus(fiber.StatusUnauthorized)
+		}
 		return ctx.Redirect().To(fullUrl)
 	}
 	ctx.Locals("user", user)
diff --git a/backend/test.http b/backend/test.http
index 3d2fe4c..eb7c80e 100644
--- a/backend/test.http
+++ b/backend/test.http
@@ -58,6 +58,11 @@ Content-Type: application/json
 GET {{host}}/v1/admin/orders HTTP/1.1
 Content-Type: application/json
 
+### get posts
+GET {{host}}/v1/posts HTTP/1.1
+Content-Type: application/json
+Cookie: token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyX2lkIjoxMDAxLCJleHAiOjE3NDY1MzU4MjYsIm5iZiI6MTc0NTkzMTAxNn0.Vg8LqDQLkpEvohBYEPSTPrGzKAyMNJ_m7uSm3NBbuDM
+
 ### get orders
 GET {{host}}/v1/posts/mine HTTP/1.1
 Content-Type: application/json
@@ -79,4 +84,6 @@ Authorization: {{token}}
 
 ### get user profile
 GET {{host}}/v1/users/profile HTTP/1.1
-Authorization: {{token}}
\ No newline at end of file
+Authorization: {{token}}
+
+