mirror of
https://github.com/MHSanaei/3x-ui.git
synced 2025-11-29 10:52:54 +00:00
изменил middleware проверки Auth: добавил проверку ApiKey
This commit is contained in:
parent
68d003855b
commit
0b9b7ffa90
1 changed files with 14 additions and 2 deletions
|
|
@ -27,11 +27,23 @@ func NewAPIController(g *gin.RouterGroup) *APIController {
|
|||
|
||||
// checkAPIAuth is a middleware that returns 404 for unauthenticated API requests
|
||||
// to hide the existence of API endpoints from unauthorized users
|
||||
// have second type of authentication - APIKEY for remote and multiserver access
|
||||
func (a *APIController) checkAPIAuth(c *gin.Context) {
|
||||
if !session.IsLogin(c) {
|
||||
c.AbortWithStatus(http.StatusNotFound)
|
||||
return
|
||||
apiKey := c.GetHeader("X-API-KEY")
|
||||
if apiKey == "" {
|
||||
c.AbortWithStatus(http.StatusNotFound)
|
||||
return
|
||||
}
|
||||
|
||||
settingService := service.SettingService{}
|
||||
panelAPIKey, err := settingService.GetAPIKey()
|
||||
if err != nil || panelAPIKey == "" || apiKey != panelAPIKey {
|
||||
c.AbortWithStatus(http.StatusNotFound)
|
||||
return
|
||||
}
|
||||
}
|
||||
|
||||
c.Next()
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue