From 845784d204c1bc2c5133666470f8fa42e4bfabfc Mon Sep 17 00:00:00 2001 From: mountain Date: Wed, 21 Feb 2024 11:12:25 +0900 Subject: [PATCH] =?UTF-8?q?api=20token=20=EC=B2=B4=ED=81=AC=20=EB=88=84?= =?UTF-8?q?=EB=9D=BD=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- core/api.go | 78 +++++++++++++++++++++++++----------------------- core/maingate.go | 1 + 2 files changed, 42 insertions(+), 37 deletions(-) diff --git a/core/api.go b/core/api.go index e32e367..0fe3791 100644 --- a/core/api.go +++ b/core/api.go @@ -459,34 +459,52 @@ func (mg *Maingate) api(w http.ResponseWriter, r *http.Request) { var userinfo map[string]any + var apiTokenObj primitive.ObjectID if !*devflag { - authheader := r.Header.Get("Authorization") - if len(authheader) == 0 { - logger.Println("Authorization header is not valid :", authheader) - w.WriteHeader(http.StatusBadRequest) - return - } + apiToken := r.Header.Get("MG-X-API-TOKEN") + if len(apiToken) > 0 { + if apiToken != mg.maingateConfig.ApiToken { + w.WriteHeader(http.StatusUnauthorized) + return + } - req, _ := http.NewRequest("GET", "https://graph.microsoft.com/oidc/userinfo", nil) - req.Header.Add("Authorization", authheader) - client := &http.Client{} + obj, err := primitive.ObjectIDFromHex(apiToken) + if err != nil { + logger.Error(err) + w.WriteHeader(http.StatusBadRequest) + return + } - resp, err := client.Do(req) - if err != nil { - logger.Println("graph microsoft api call failed :", err) - w.WriteHeader(http.StatusBadRequest) - return - } - defer resp.Body.Close() + apiTokenObj = obj + } else { + authheader := r.Header.Get("Authorization") + if len(authheader) == 0 { + logger.Println("Authorization header is not valid :", authheader) + w.WriteHeader(http.StatusUnauthorized) + return + } - raw, _ := io.ReadAll(resp.Body) - if err = json.Unmarshal(raw, &userinfo); err != nil { - return - } + req, _ := http.NewRequest("GET", "https://graph.microsoft.com/oidc/userinfo", nil) + req.Header.Add("Authorization", authheader) + client := &http.Client{} - if _, expired := userinfo["error"]; expired { - w.WriteHeader(http.StatusUnauthorized) - return + resp, err := client.Do(req) + if err != nil { + logger.Println("graph microsoft api call failed :", err) + w.WriteHeader(http.StatusBadRequest) + return + } + defer resp.Body.Close() + + raw, _ := io.ReadAll(resp.Body) + if err = json.Unmarshal(raw, &userinfo); err != nil { + return + } + + if _, expired := userinfo["error"]; expired { + w.WriteHeader(http.StatusUnauthorized) + return + } } } @@ -502,20 +520,6 @@ func (mg *Maingate) api(w http.ResponseWriter, r *http.Request) { } } - var apiTokenObj primitive.ObjectID - if !*devflag { - apiToken := r.Header.Get("MG-X-API-TOKEN") - if len(apiToken) > 0 { - obj, err := primitive.ObjectIDFromHex(apiToken) - if err != nil { - logger.Error(err) - w.WriteHeader(http.StatusBadRequest) - return - } - apiTokenObj = obj - } - } - logger.Println("api call :", r.URL.Path, r.Method, r.URL.Query(), userinfo) caller := apiCaller{ userinfo: userinfo, diff --git a/core/maingate.go b/core/maingate.go index 7d61003..acadc82 100644 --- a/core/maingate.go +++ b/core/maingate.go @@ -123,6 +123,7 @@ func makeAuthCollection(mongoClient gocommon.MongoClient, sessionTTL time.Durati type maingateConfig struct { Mongo string `json:"maingate_mongodb_url"` SessionTTL int64 `json:"maingate_session_ttl"` + ApiToken string `json:"maingate_api_token"` Autologin_ttl int64 `json:"autologin_ttl"` AccDelTTL int64 `json:"acc_del_ttl"` MaximumNumLinkAccount int64 `json:"maximum_num_link_account"`