mirror of
https://github.com/hkalexling/Mango.git
synced 2025-08-03 11:25:29 -04:00
Use sessid and not token and fix get_username
This commit is contained in:
Alex Ling
parent
c3736d222c
commit
0d52544617
@ -19,9 +19,15 @@ class AuthHandler < Kemal::Handler
|
|||||||
end
|
end
|
||||||
|
|
||||||
def require_auth(env)
|
def require_auth(env)
|
||||||
|
if request_path_startswith env, ["/api"]
|
||||||
|
# Do not redirect API requests
|
||||||
|
env.response.status_code = 401
|
||||||
|
send_text env, "Unauthorized"
|
||||||
|
else
|
||||||
env.session.string "callback", env.request.path
|
env.session.string "callback", env.request.path
|
||||||
redirect env, "/login"
|
redirect env, "/login"
|
||||||
end
|
end
|
||||||
|
end
|
||||||
|
|
||||||
def validate_token(env)
|
def validate_token(env)
|
||||||
token = env.session.string? "token"
|
token = env.session.string? "token"
|
||||||
@ -44,8 +50,9 @@ class AuthHandler < Kemal::Handler
|
|||||||
return true
|
return true
|
||||||
end
|
end
|
||||||
if value.starts_with? BEARER
|
if value.starts_with? BEARER
|
||||||
token = value.split(" ")[1]
|
session_id = value.split(" ")[1]
|
||||||
return Storage.default.verify_token token
|
token = Kemal::Session.get(session_id).try &.string? "token"
|
||||||
|
return !token.nil? && Storage.default.verify_token token
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
@ -78,7 +78,7 @@ struct APIRouter
|
|||||||
env.session.string "token", token
|
env.session.string "token", token
|
||||||
send_json env, {
|
send_json env, {
|
||||||
"success" => true,
|
"success" => true,
|
||||||
"token" => token,
|
"session_id" => env.session.id,
|
||||||
}.to_json
|
}.to_json
|
||||||
rescue e
|
rescue e
|
||||||
Logger.error e
|
Logger.error e
|
||||||
|
|||||||
@ -24,10 +24,16 @@ class Server
|
|||||||
ReaderRouter.new
|
ReaderRouter.new
|
||||||
APIRouter.new
|
APIRouter.new
|
||||||
|
|
||||||
options "/api/*" do |env|
|
{% for path in %w(/api/* /uploads/* /img/*) %}
|
||||||
|
options {{path}} do |env|
|
||||||
cors
|
cors
|
||||||
halt env
|
halt env
|
||||||
end
|
end
|
||||||
|
{% end %}
|
||||||
|
|
||||||
|
static_headers do |response|
|
||||||
|
response.headers.add("Access-Control-Allow-Origin", "*")
|
||||||
|
end
|
||||||
|
|
||||||
Kemal.config.logging = false
|
Kemal.config.logging = false
|
||||||
add_handler LogHandler.new
|
add_handler LogHandler.new
|
||||||
|
|||||||
@ -43,10 +43,24 @@ macro send_img(env, img)
|
|||||||
send_file {{env}}, {{img}}.data, {{img}}.mime
|
send_file {{env}}, {{img}}.data, {{img}}.mime
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def get_token_from_auth_header(env) : String?
|
||||||
|
value = env.request.headers["Authorization"]
|
||||||
|
if value && value.starts_with? "Bearer"
|
||||||
|
session_id = value.split(" ")[1]
|
||||||
|
return Kemal::Session.get(session_id).try &.string? "token"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
macro get_username(env)
|
macro get_username(env)
|
||||||
begin
|
begin
|
||||||
token = env.session.string "token"
|
# Check if we can get the session id from the cookie
|
||||||
(Storage.default.verify_token token).not_nil!
|
token = env.session.string? "token"
|
||||||
|
if token.nil?
|
||||||
|
# If not, check if we can get the session id from the auth header
|
||||||
|
token = get_token_from_auth_header env
|
||||||
|
end
|
||||||
|
# If we still don't have a token, we handle it in `resuce` with `not_nil!`
|
||||||
|
(Storage.default.verify_token token.not_nil!).not_nil!
|
||||||
rescue e
|
rescue e
|
||||||
if Config.current.disable_login
|
if Config.current.disable_login
|
||||||
Config.current.default_username
|
Config.current.default_username
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user