diff --git a/controllers/resource.go b/controllers/resource.go index c9c1dfb2..c35cf6bb 100644 --- a/controllers/resource.go +++ b/controllers/resource.go @@ -120,11 +120,11 @@ func (c *ApiController) UploadResource() { fullFilePath := c.Input().Get("fullFilePath") file, header, err := c.GetFile("file") - defer file.Close() if err != nil { c.ResponseError(err.Error()) return } + defer file.Close() filename := filepath.Base(fullFilePath) fileBuffer := bytes.NewBuffer(nil) diff --git a/routers/authz_filter.go b/routers/authz_filter.go index 979b29b6..9d961577 100644 --- a/routers/authz_filter.go +++ b/routers/authz_filter.go @@ -34,7 +34,7 @@ type Object struct { func getUsernameByClientIdSecret(ctx *context.Context) string { clientId := ctx.Input.Query("clientId") clientSecret := ctx.Input.Query("clientSecret") - if len(clientId) == 0 || len(clientSecret) == 0 { + if clientId == "" || clientSecret == "" { return "" } @@ -42,6 +42,7 @@ func getUsernameByClientIdSecret(ctx *context.Context) string { if app == nil || app.ClientSecret != clientSecret { return "" } + return "built-in/service" } @@ -56,7 +57,7 @@ func getUsername(ctx *context.Context) (username string) { // so we catch the panic username = ctx.Input.Session("username").(string) - if len(username) == 0 { + if username == "" { username = getUsernameByClientIdSecret(ctx) } @@ -79,13 +80,12 @@ func getSubject(ctx *context.Context) (string, string) { func getObject(ctx *context.Context) (string, string) { method := ctx.Request.Method if method == http.MethodGet { - query := ctx.Request.URL.RawQuery // query == "?id=built-in/admin" - idParamValue := parseQuery(query, "id") - if idParamValue == "" { + id := ctx.Input.Query("id") + if id == "" { return "", "" } - return parseSlash(idParamValue) + return parseSlash(id) } else { body := ctx.Input.RequestBody diff --git a/routers/auto_signin_filter.go b/routers/auto_signin_filter.go index c9a5d63d..cca57791 100644 --- a/routers/auto_signin_filter.go +++ b/routers/auto_signin_filter.go @@ -16,10 +16,8 @@ package routers import ( "fmt" - "net/url" "github.com/astaxie/beego/context" - "github.com/casbin/casdoor/controllers" "github.com/casbin/casdoor/object" "github.com/casbin/casdoor/util" ) @@ -43,33 +41,17 @@ func setSessionUser(ctx *context.Context, user string) { ctx.Input.CruSession.SessionRelease(ctx.ResponseWriter) } -func returnRequest(ctx *context.Context, msg string) { - w := ctx.ResponseWriter - w.WriteHeader(200) - resp := &controllers.Response{Status: "error", Msg: msg} - _, err := w.Write([]byte(util.StructToJson(resp))) - if err != nil { - panic(err) - } -} - func AutoSigninFilter(ctx *context.Context) { //if getSessionUser(ctx) != "" { // return //} - query := ctx.Request.URL.RawQuery - queryMap, err := url.ParseQuery(query) - if err != nil { - panic(err) - } - // "/page?access_token=123" - accessToken := queryMap.Get("accessToken") + accessToken := ctx.Input.Query("accessToken") if accessToken != "" { claims, err := object.ParseJwtToken(accessToken) if err != nil { - returnRequest(ctx, "Invalid JWT token") + responseError(ctx, "invalid JWT token") return } @@ -79,13 +61,13 @@ func AutoSigninFilter(ctx *context.Context) { } // "/page?username=abc&password=123" - userId := queryMap.Get("username") - password := queryMap.Get("password") + userId := ctx.Input.Query("username") + password := ctx.Input.Query("password") if userId != "" && password != "" { owner, name := util.GetOwnerAndNameFromId(userId) _, msg := object.CheckUserPassword(owner, name, password) if msg != "" { - returnRequest(ctx, msg) + responseError(ctx, msg) return }