Skip to content

Commit 9594d16

Browse files
sjqzhangsjqzhang
committed
fix auth #451 
1 parent ca6a713 commit 9594d16

File tree

4 files changed

+63
-16
lines changed

4 files changed

+63
-16
lines changed

auth.py

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
from flask import Flask,request
2+
app = Flask(__name__)
3+
@app.route('/',methods=["GET", "POST"])
4+
def index():
5+
print(request.headers)
6+
auth_token = request.headers.get("auth_token") # check auth_token here
7+
print(auth_token)
8+
if auth_token=='abc':
9+
return 'ok' #success
10+
else:
11+
return 'fail'
12+
if __name__ == '__main__':
13+
app.run(host='0.0.0.0',debug=True)

server/http_auth.go

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,14 +16,18 @@ func (c *Server) CheckAuth(w http.ResponseWriter, r *http.Request) bool {
1616
result string
1717
jsonResult JsonResult
1818
)
19-
if err = r.ParseForm(); err != nil {
20-
log.Error(err)
19+
20+
// 直接从请求头中获取认证信息(例如 auth_token)
21+
authToken := r.Header.Get("Auth-Token")
22+
if authToken == "" {
23+
log.Warn("auth_token is missing")
24+
// w.WriteHeader(http.StatusUnauthorized)
2125
return false
2226
}
2327
req = httplib.Post(Config().AuthUrl)
2428
req.SetTimeout(time.Second*10, time.Second*10)
25-
req.Param("__path__", r.URL.Path)
26-
req.Param("__query__", r.URL.RawQuery)
29+
// req.Param("__path__", r.URL.Path)
30+
// req.Param("__query__", r.URL.RawQuery)
2731
for k, _ := range r.Form {
2832
req.Param(k, r.FormValue(k))
2933
}

server/http_info.go

Lines changed: 30 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -478,14 +478,15 @@ func (c *Server) Index(w http.ResponseWriter, r *http.Request) {
478478
<input type="text" id="code" name="code" value="" /></span>
479479
<span class="form-line">自定义认证(auth_token):
480480
<input type="text" id="auth_token" name="auth_token" value="" /></span>
481-
<input type="submit" name="submit" value="upload" />
481+
<button type="button" id="submit" value="upload" >上传</button>
482482
</form>
483483
</div>
484484
<div>断点续传(如果文件很大时可以考虑)</div>
485485
<div>
486486
487487
<div id="drag-drop-area"></div>
488488
<script src="https://transloadit.edgly.net/releases/uppy/v0.30.0/dist/uppy.min.js"></script>
489+
<script src="/%s/static/js/jquery.min.js"></script>
489490
<script>var uppy = Uppy.Core().use(Uppy.Dashboard, {
490491
inline: true,
491492
target: '#drag-drop-area'
@@ -499,6 +500,33 @@ func (c *Server) Index(w http.ResponseWriter, r *http.Request) {
499500
uppy.setMeta({ auth_token: '9ee60e59-cb0f-4578-aaba-29b9fc2919ca',callback_url:'http://127.0.0.1/callback'})//自定义参数与普通上传类似(虽然支持自定义,建议不要自定义,海量文件情况下,自定义很可能给自已给埋坑)
500501
</script>
501502
</div>
503+
<script>
504+
$(document).ready(function() {
505+
$("#submit").click(function(e) {
506+
e.preventDefault(); // 阻止表单默认提交
507+
508+
var formData = new FormData($("form").get(0));
509+
var authToken = $("#auth_token").val(); // 获取 auth_token 输入框的值
510+
511+
$.ajax({
512+
url: $("form").attr('action'),
513+
type: 'POST',
514+
data: formData,
515+
headers: {
516+
'auth-token': authToken // 将 auth_token 放入请求头
517+
},
518+
processData: false,
519+
contentType: false,
520+
success: function(response) {
521+
alert("上传成功"+response);
522+
},
523+
error: function(xhr, status, error) {
524+
alert("上传失败: " + error);
525+
}
526+
});
527+
});
528+
});
529+
</script>
502530
</body>
503531
</html>`
504532
uppyFileName := STATIC_DIR + "/uppy.html"
@@ -512,7 +540,7 @@ func (c *Server) Index(w http.ResponseWriter, r *http.Request) {
512540
c.util.WriteFile(uppyFileName, uppy)
513541
}
514542
fmt.Fprintf(w,
515-
fmt.Sprintf(uppy, uploadUrl, Config().DefaultScene, uploadBigUrl))
543+
fmt.Sprintf(uppy, uploadUrl, Config().DefaultScene, Config().Group, uploadBigUrl))
516544
} else {
517545
w.Write([]byte("web upload deny"))
518546
}

server/http_upload.go

Lines changed: 12 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,18 @@ func (c *Server) Upload(w http.ResponseWriter, r *http.Request) {
7474
folder string
7575
fpTmp *os.File
7676
fpBody *os.File
77+
result JsonResult
7778
)
79+
if Config().AuthUrl != "" {
80+
if !c.CheckAuth(w, r) {
81+
msg:= "auth fail"
82+
// log.Warn(msg, r.Form)
83+
c.NotPermit(w, r)
84+
result.Message = msg
85+
w.Write([]byte(c.util.JsonEncodePretty(result)))
86+
return
87+
}
88+
}
7889
if r.Method == http.MethodGet {
7990
c.upload(w, r)
8091
return
@@ -201,16 +212,7 @@ func (c *Server) upload(w http.ResponseWriter, r *http.Request) {
201212
}
202213
}
203214
result.Status = "fail"
204-
if Config().AuthUrl != "" {
205-
if !c.CheckAuth(w, r) {
206-
msg = "auth fail"
207-
log.Warn(msg, r.Form)
208-
c.NotPermit(w, r)
209-
result.Message = msg
210-
w.Write([]byte(c.util.JsonEncodePretty(result)))
211-
return
212-
}
213-
}
215+
214216
if r.Method == http.MethodPost {
215217
md5sum = r.FormValue("md5")
216218
fileName = r.FormValue("filename")

0 commit comments

Comments
 (0)