CiallooWeb/Blog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
cialloo
2025-10-25 08:23:36 +08:00
parent 6b0a88ed4c
commit e5cd2700aa
3 changed files with 67 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
app/etc/blog.yaml
View File

@@ -2,6 +2,11 @@ Name: Blog
Host: 0.0.0.0 Host: 0.0.0.0
Port: 8888 Port: 8888
JWT:
Secret: your-secret-key-change-in-production
Issuer: cialloo-authenticator
ExpiresIn: 604800 # 7 days in seconds
Database: Database:
DSN: "${DATABASE_DSN}" # postgres: host=localhost port=5432 user=postgres password=your_password dbname=steam_union sslmode=disable DSN: "${DATABASE_DSN}" # postgres: host=localhost port=5432 user=postgres password=your_password dbname=steam_union sslmode=disable

7
app/internal/config/config.go
View File

@@ -6,6 +6,7 @@ type Config struct {
rest.RestConf rest.RestConf
Database DatabaseConfig Database DatabaseConfig
S3 S3Config S3 S3Config
JWT JWTConfig
} }
type DatabaseConfig struct { type DatabaseConfig struct {
@@ -20,3 +21,9 @@ type S3Config struct {
Endpoint string `json:",optional"` // Optional: for S3-compatible services Endpoint string `json:",optional"` // Optional: for S3-compatible services
PresignedURLExpiration int64 `json:",default=3600"` // Default 1 hour PresignedURLExpiration int64 `json:",default=3600"` // Default 1 hour
} }
type JWTConfig struct {
Secret string
Issuer string
ExpiresIn int64
}

57
app/internal/middleware/superadminauthmiddleware.go
View File

@@ -2,8 +2,10 @@ package middleware
import ( import (
"net/http" "net/http"
"strings"
"git.cialloo.com/CiallooWeb/Blog/app/internal/config" "git.cialloo.com/CiallooWeb/Blog/app/internal/config"
"github.com/golang-jwt/jwt/v4"
) )
type SuperAdminAuthMiddleware struct { type SuperAdminAuthMiddleware struct {
@@ -14,11 +16,62 @@ func NewSuperAdminAuthMiddleware(c config.Config) *SuperAdminAuthMiddleware {
return &SuperAdminAuthMiddleware{Config: c} return &SuperAdminAuthMiddleware{Config: c}
} }
type Claims struct {
SteamID string `json:"steamId"`
jwt.RegisteredClaims
}
func (m *SuperAdminAuthMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc { func (m *SuperAdminAuthMiddleware) Handle(next http.HandlerFunc) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) { return func(w http.ResponseWriter, r *http.Request) {
// TODO generate middleware implement function, delete after code implementation // Get Authorization header
authHeader := r.Header.Get("Authorization")
if authHeader == "" {
http.Error(w, "Missing authorization header", http.StatusUnauthorized)
return
}
// Passthrough to next handler if need // Check Bearer token format
parts := strings.SplitN(authHeader, " ", 2)
if len(parts) != 2 || parts[0] != "Bearer" {
http.Error(w, "Invalid authorization header format", http.StatusUnauthorized)
return
}
tokenString := parts[1]
// Parse and validate JWT token
claims := &Claims{}
token, err := jwt.ParseWithClaims(tokenString, claims, func(token *jwt.Token) (interface{}, error) {
// Validate signing method
if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
return nil, jwt.ErrSignatureInvalid
}
return []byte(m.Config.JWT.Secret), nil
})
if err != nil {
http.Error(w, "Invalid token: "+err.Error(), http.StatusUnauthorized)
return
}
if !token.Valid {
http.Error(w, "Invalid token", http.StatusUnauthorized)
return
}
// Validate issuer
if claims.Issuer != m.Config.JWT.Issuer {
http.Error(w, "Invalid token issuer", http.StatusUnauthorized)
return
}
// Check if user is super admin (steamId must be "1234567")
if claims.SteamID != "1234567" {
http.Error(w, "Forbidden: Super admin access required", http.StatusForbidden)
return
}
// Passthrough to next handler if authenticated and authorized
next(w, r) next(w, r)
} }
} }