Hugging Face's logo

Spaces:
wzxwhxcz
/
zencoder
No application file

App Files Community
wzxwhxcz commited on
Commit
a358779
·
verified ·
1 Parent(s): eddf71a

Create internal/middleware/auth.go

Browse files
Files changed (1) hide show
  1. internal/middleware/auth.go +126 -0
internal/middleware/auth.go ADDED
@@ -0,0 +1,126 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ package middleware
2
+
3
+ import (
4
+ "net/http"
5
+ "os"
6
+ "strings"
7
+
8
+ "github.com/gin-gonic/gin"
9
+ "zencoder-2api/internal/service"
10
+ )
11
+
12
+ // LoggerMiddleware 为每个请求创建 logger 并在结束时 flush
13
+ func LoggerMiddleware() gin.HandlerFunc {
14
+ return func(c *gin.Context) {
15
+ logger := service.NewRequestLogger()
16
+ ctx := service.WithLogger(c.Request.Context(), logger)
17
+ c.Request = c.Request.WithContext(ctx)
18
+
19
+ c.Next()
20
+
21
+ // 请求结束时 flush 日志
22
+ logger.Flush()
23
+ }
24
+ }
25
+
26
+ func AuthMiddleware() gin.HandlerFunc {
27
+ // 从环境变量获取全局 Token
28
+ token := os.Getenv("AUTH_TOKEN")
29
+
30
+ return func(c *gin.Context) {
31
+ // 如果没有配置全局 Token,则跳过鉴权
32
+ if token == "" {
33
+ c.Next()
34
+ return
35
+ }
36
+
37
+ // 1. 检查 OpenAI 格式: Authorization: Bearer <token>
38
+ authHeader := c.GetHeader("Authorization")
39
+ if authHeader != "" {
40
+ parts := strings.SplitN(authHeader, " ", 2)
41
+ if len(parts) == 2 && parts[0] == "Bearer" && parts[1] == token {
42
+ c.Next()
43
+ return
44
+ }
45
+ }
46
+
47
+ // 2. 检查 Anthropic 格式: x-api-key: <token>
48
+ if c.GetHeader("x-api-key") == token {
49
+ c.Next()
50
+ return
51
+ }
52
+
53
+ // 3. 检查 Gemini 格式: x-goog-api-key: <token> 或 query param key=<token>
54
+ if c.GetHeader("x-goog-api-key") == token {
55
+ c.Next()
56
+ return
57
+ }
58
+ if c.Query("key") == token {
59
+ c.Next()
60
+ return
61
+ }
62
+
63
+ // 鉴权失败
64
+ c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
65
+ "error": gin.H{
66
+ "message": "Invalid authentication token",
67
+ "type": "authentication_error",
68
+ },
69
+ })
70
+ }
71
+ }
72
+
73
+ // AdminAuthMiddleware 后台管理密码验证中间件
74
+ func AdminAuthMiddleware() gin.HandlerFunc {
75
+ // 从环境变量获取后台管理密码
76
+ adminPassword := os.Getenv("ADMIN_PASSWORD")
77
+
78
+ return func(c *gin.Context) {
79
+ // 如果没有配置管理密码,则跳过鉴权
80
+ if adminPassword == "" {
81
+ c.Next()
82
+ return
83
+ }
84
+
85
+ // 检查请求头中的管理密码
86
+ // 支持多种格式:
87
+ // 1. Authorization: Bearer <password>
88
+ // 2. X-Admin-Password: <password>
89
+ // 3. Admin-Password: <password>
90
+
91
+ var providedPassword string
92
+
93
+ // 检查 Authorization: Bearer <password>
94
+ authHeader := c.GetHeader("Authorization")
95
+ if authHeader != "" {
96
+ parts := strings.SplitN(authHeader, " ", 2)
97
+ if len(parts) == 2 && parts[0] == "Bearer" {
98
+ providedPassword = parts[1]
99
+ }
100
+ }
101
+
102
+ // 检查 X-Admin-Password
103
+ if providedPassword == "" {
104
+ providedPassword = c.GetHeader("X-Admin-Password")
105
+ }
106
+
107
+ // 检查 Admin-Password
108
+ if providedPassword == "" {
109
+ providedPassword = c.GetHeader("Admin-Password")
110
+ }
111
+
112
+ // 验证密码
113
+ if providedPassword == adminPassword {
114
+ c.Next()
115
+ return
116
+ }
117
+
118
+ // 鉴权失败
119
+ c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{
120
+ "error": gin.H{
121
+ "message": "Invalid admin password",
122
+ "type": "authentication_error",
123
+ },
124
+ })
125
+ }
126
+ }