Support auto-login.

routers/authz_filter.go

@@ -61,18 +61,12 @@ func getObject(ctx *context.Context) (string, string) {
 	method := ctx.Request.Method
 	if method == http.MethodGet {
 		query := ctx.Request.URL.RawQuery
-
-		// query == "owner=admin"
-		if query == "" || strings.Contains(query, "=") {
+		// query == "?id=built-in/admin"
+		idParamValue := parseQuery(query, "id")
+		if idParamValue == "" {
 			return "", ""
 		}
-
-		// query == "id=built-in/admin"
-		query = strings.TrimLeft(query, "id=")
-		tokens := strings.Split(query, "/")
-		owner := tokens[0]
-		name := tokens[1]
-		return owner, name
+		return parseSlash(idParamValue)
 	} else {
 		body := ctx.Input.RequestBody
 

routers/auto_login_filter.go

@@ -0,0 +1,62 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package routers
+
+import (
+	"fmt"
+
+	"github.com/astaxie/beego/context"
+	"github.com/casdoor/casdoor/object"
+)
+
+func getSessionUser(ctx *context.Context) string {
+	user := ctx.Input.CruSession.Get("username")
+	if user == nil {
+		return ""
+	}
+
+	return user.(string)
+}
+
+func setSessionUser(ctx *context.Context, user string) {
+	err := ctx.Input.CruSession.Set("username", user)
+	if err != nil {
+		panic(err)
+	}
+
+	// https://github.com/beego/beego/issues/3445#issuecomment-455411915
+	ctx.Input.CruSession.SessionRelease(ctx.ResponseWriter)
+}
+
+func AutoLoginFilter(ctx *context.Context) {
+	query := ctx.Request.URL.RawQuery
+	// query == "?access_token=123"
+	accessToken := parseQuery(query, "accessToken")
+	if accessToken == "" {
+		return
+	}
+
+	if getSessionUser(ctx) != "" {
+		return
+	}
+
+	claims, err := object.ParseJwtToken(accessToken)
+	if err != nil {
+		panic(err)
+	}
+
+	userId := fmt.Sprintf("%s/%s", claims.Organization, claims.Username)
+	setSessionUser(ctx, userId)
+}

routers/util.go

@@ -0,0 +1,34 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package routers
+
+import (
+	"net/url"
+	"strings"
+)
+
+func parseQuery(query string, key string) string {
+	valueMap, err := url.ParseQuery(query)
+	if err != nil {
+		panic(err)
+	}
+
+	return valueMap.Get(key)
+}
+
+func parseSlash(s string) (string, string) {
+	tokens := strings.Split(s, "/")
+	return tokens[0], tokens[1]
+}