kefu/middleware/domain_limit.go

89 lines
2.2 KiB
Go

package middleware
import (
"github.com/gin-gonic/gin"
"github.com/tidwall/gjson"
"io/ioutil"
"kefu/common"
"kefu/models"
"kefu/tools"
"log"
"strings"
)
/*
*
域名中间件
*/
func DomainLimitMiddleware(c *gin.Context) {
//离线或者远程
// if !CheckSystemAuthCode(c) && !CheckBindOffcial(c) {
// c.Abort()
// return
// }
}
// 验证离线本地授权码
func CheckSystemAuthCode(c *gin.Context) bool {
authCode := models.FindConfig("SystemAuthCode")
privateKey := common.RsaPrivateKey
if authCode == "" {
authCodeByte, err := ioutil.ReadFile(common.RootPath + "/authorization")
if err != nil || string(authCodeByte) == "" {
log.Println("离线授权码本地文件错误:", err)
return false
}
authCode = string(authCodeByte)
}
rsa := tools.NewRsa("", privateKey)
decContent, _ := tools.Base64Decode2(authCode)
jsonByte, err := rsa.Decrypt(decContent)
if err != nil {
log.Println("离线授权码解析失败:", err)
jsonByte = []byte("")
}
allowHost := gjson.Get(string(jsonByte), "host").String()
if allowHost == "" {
log.Println("离线授权码解析字段失败")
return false
}
domains := strings.Split(allowHost, "|")
// 去除协议部分
if strings.HasPrefix(c.Request.Host, "http://") {
c.Request.Host = strings.TrimPrefix(c.Request.Host, "http://")
} else if strings.HasPrefix(c.Request.Host, "https://") {
c.Request.Host = strings.TrimPrefix(c.Request.Host, "https://")
}
// 去除末尾的斜杠
c.Request.Host = strings.TrimSuffix(c.Request.Host, "/")
for _, domain := range domains {
if tools.IsMatchingDomain(domain, c.Request.Host) {
return true
}
}
//if !strings.Contains(allowHost, c.Request.Host) {
// log.Println("离线授权码域名不一致:", allowHost, c.Request.Host)
// return false
//}
log.Println("离线授权码域名不一致:", allowHost, c.Request.Host)
return false
}
// 绑定官网账户
func CheckBindOffcial(c *gin.Context) bool {
res, err := tools.HTTPGet("https://gofly.v1kf.com/2/isBindOfficial")
if err != nil {
log.Println("离线授权码失败,认证连接失败")
c.Redirect(302, "/bind")
c.Abort()
}
if string(res) != "success" {
c.Redirect(302, "/bind")
c.Abort()
}
return true
}