llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-07-03 12:30:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

Support server-side upload-resource call.

Browse Source
This commit is contained in:
Yang Luo
2021-09-05 01:03:29 +08:00
parent 06006c87b8
commit 14d09cad2c
6 changed files with 58 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
routers/authz_filter.go
View File

@ -22,7 +22,6 @@ import (
"github.com/astaxie/beego/context"
"github.com/casbin/casdoor/authz"
"github.com/casbin/casdoor/object"
"github.com/casbin/casdoor/util"
)
@ -31,21 +30,6 @@ type Object struct {
Name string `json:"name"`
}
func getUsernameByClientIdSecret(ctx *context.Context) string {
clientId := ctx.Input.Query("clientId")
clientSecret := ctx.Input.Query("clientSecret")
if clientId == "" || clientSecret == "" {
return ""
}
app := object.GetApplicationByClientId(clientId)
if app == nil || app.ClientSecret != clientSecret {
return ""
}
return "built-in/service"
}
func getUsername(ctx *context.Context) (username string) {
defer func() {
if r := recover(); r != nil {

9
routers/auto_signin_filter.go
View File

@ -60,8 +60,15 @@ func AutoSigninFilter(ctx *context.Context) {
return
}
// "/page?clientId=123&clientSecret=456"
userId := getUsernameByClientIdSecret(ctx)
if userId != "" {
setSessionUser(ctx, userId)
return
}
// "/page?username=abc&password=123"
userId := ctx.Input.Query("username")
userId = ctx.Input.Query("username")
password := ctx.Input.Query("password")
if userId != "" && password != "" {
owner, name := util.GetOwnerAndNameFromId(userId)

22
routers/base.go
View File

@ -14,7 +14,12 @@
package routers
import "github.com/astaxie/beego/context"
import (
"fmt"
"github.com/astaxie/beego/context"
"github.com/casbin/casdoor/object"
)
type Response struct {
Status string `json:"status"`
@ -42,3 +47,18 @@ func responseError(ctx *context.Context, error string, data ...interface{}) {
func denyRequest(ctx *context.Context) {
responseError(ctx, "Unauthorized operation")
}
func getUsernameByClientIdSecret(ctx *context.Context) string {
clientId := ctx.Input.Query("clientId")
clientSecret := ctx.Input.Query("clientSecret")
if clientId == "" || clientSecret == "" {
return ""
}
application := object.GetApplicationByClientId(clientId)
if application == nil || application.ClientSecret != clientSecret {
return ""
}
return fmt.Sprintf("app/%s", application.Name)
}