Spaces:
Sleeping
Sleeping
| package middleware | |
| import ( | |
| "net/http" | |
| "os" | |
| "strings" | |
| "github.com/gin-gonic/gin" | |
| "zencoder-2api/internal/service" | |
| ) | |
| // LoggerMiddleware 为每个请求创建 logger 并在结束时 flush | |
| func LoggerMiddleware() gin.HandlerFunc { | |
| return func(c *gin.Context) { | |
| logger := service.NewRequestLogger() | |
| ctx := service.WithLogger(c.Request.Context(), logger) | |
| c.Request = c.Request.WithContext(ctx) | |
| c.Next() | |
| // 请求结束时 flush 日志 | |
| logger.Flush() | |
| } | |
| } | |
| func AuthMiddleware() gin.HandlerFunc { | |
| // 从环境变量获取全局 Token | |
| token := os.Getenv("AUTH_TOKEN") | |
| return func(c *gin.Context) { | |
| // 如果没有配置全局 Token,则跳过鉴权 | |
| if token == "" { | |
| c.Next() | |
| return | |
| } | |
| // 1. 检查 OpenAI 格式: Authorization: Bearer <token> | |
| authHeader := c.GetHeader("Authorization") | |
| if authHeader != "" { | |
| parts := strings.SplitN(authHeader, " ", 2) | |
| if len(parts) == 2 && parts[0] == "Bearer" && parts[1] == token { | |
| c.Next() | |
| return | |
| } | |
| } | |
| // 2. 检查 Anthropic 格式: x-api-key: <token> | |
| if c.GetHeader("x-api-key") == token { | |
| c.Next() | |
| return | |
| } | |
| // 3. 检查 Gemini 格式: x-goog-api-key: <token> 或 query param key=<token> | |
| if c.GetHeader("x-goog-api-key") == token { | |
| c.Next() | |
| return | |
| } | |
| if c.Query("key") == token { | |
| c.Next() | |
| return | |
| } | |
| // 鉴权失败 | |
| c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{ | |
| "error": gin.H{ | |
| "message": "Invalid authentication token", | |
| "type": "authentication_error", | |
| }, | |
| }) | |
| } | |
| } | |
| // AdminAuthMiddleware 后台管理密码验证中间件 | |
| func AdminAuthMiddleware() gin.HandlerFunc { | |
| // 从环境变量获取后台管理密码 | |
| adminPassword := os.Getenv("ADMIN_PASSWORD") | |
| return func(c *gin.Context) { | |
| // 如果没有配置管理密码,则跳过鉴权 | |
| if adminPassword == "" { | |
| c.Next() | |
| return | |
| } | |
| // 检查请求头中的管理密码 | |
| // 支持多种格式: | |
| // 1. Authorization: Bearer <password> | |
| // 2. X-Admin-Password: <password> | |
| // 3. Admin-Password: <password> | |
| var providedPassword string | |
| // 检查 Authorization: Bearer <password> | |
| authHeader := c.GetHeader("Authorization") | |
| if authHeader != "" { | |
| parts := strings.SplitN(authHeader, " ", 2) | |
| if len(parts) == 2 && parts[0] == "Bearer" { | |
| providedPassword = parts[1] | |
| } | |
| } | |
| // 检查 X-Admin-Password | |
| if providedPassword == "" { | |
| providedPassword = c.GetHeader("X-Admin-Password") | |
| } | |
| // 检查 Admin-Password | |
| if providedPassword == "" { | |
| providedPassword = c.GetHeader("Admin-Password") | |
| } | |
| // 验证密码 | |
| if providedPassword == adminPassword { | |
| c.Next() | |
| return | |
| } | |
| // 鉴权失败 | |
| c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{ | |
| "error": gin.H{ | |
| "message": "Invalid admin password", | |
| "type": "authentication_error", | |
| }, | |
| }) | |
| } | |
| } | |