Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2025-11-29 10:52:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

изменил middleware проверки Auth: добавил проверку ApiKey

Browse source
This commit is contained in:
Дмитрий Саенко 2025-10-19 18:41:08 +03:00
parent 68d003855b
commit 0b9b7ffa90
1 changed files with 14 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
web/controller/api.go
View file

@ -27,11 +27,23 @@ func NewAPIController(g *gin.RouterGroup) *APIController {
// checkAPIAuth is a middleware that returns 404 for unauthenticated API requests // checkAPIAuth is a middleware that returns 404 for unauthenticated API requests
// to hide the existence of API endpoints from unauthorized users // to hide the existence of API endpoints from unauthorized users
// have second type of authentication - APIKEY for remote and multiserver access
func (a *APIController) checkAPIAuth(c *gin.Context) { func (a *APIController) checkAPIAuth(c *gin.Context) {
if !session.IsLogin(c) { if !session.IsLogin(c) {
c.AbortWithStatus(http.StatusNotFound) apiKey := c.GetHeader("X-API-KEY")
return if apiKey == "" {
c.AbortWithStatus(http.StatusNotFound)
return
}
settingService := service.SettingService{}
panelAPIKey, err := settingService.GetAPIKey()
if err != nil || panelAPIKey == "" || apiKey != panelAPIKey {
c.AbortWithStatus(http.StatusNotFound)
return
}
} }
c.Next() c.Next()
} }