نسخ من khaledmahfouz5/Maqtaa
Add access tokens (#602)
هذا الالتزام موجود في:
Thomas Miceli
@@ -326,6 +326,40 @@ func loadSettings(ctx *context.Context) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// getUserByToken checks the Authorization header for token-based auth.
|
||||
// Expects format: Authorization: Token <token>
|
||||
// Returns the user if the token is valid and has gist read permission, nil otherwise.
|
||||
func getUserByToken(ctx *context.Context) *db.User {
|
||||
authHeader := ctx.Request().Header.Get("Authorization")
|
||||
if authHeader == "" {
|
||||
return nil
|
||||
}
|
||||
|
||||
if !strings.HasPrefix(authHeader, "Token ") {
|
||||
return nil
|
||||
}
|
||||
|
||||
plainToken := strings.TrimPrefix(authHeader, "Token ")
|
||||
|
||||
accessToken, err := db.GetAccessTokenByToken(plainToken)
|
||||
if err != nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
if accessToken.IsExpired() {
|
||||
return nil
|
||||
}
|
||||
|
||||
if !accessToken.HasGistReadPermission() {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Update last used timestamp
|
||||
_ = accessToken.UpdateLastUsed()
|
||||
|
||||
return &accessToken.User
|
||||
}
|
||||
|
||||
func gistInit(next Handler) Handler {
|
||||
return func(ctx *context.Context) error {
|
||||
currUser := ctx.User
|
||||
@@ -352,7 +386,12 @@ func gistInit(next Handler) Handler {
|
||||
|
||||
if gist.Private == db.PrivateVisibility {
|
||||
if currUser == nil || currUser.ID != gist.UserID {
|
||||
return ctx.NotFound("Gist not found")
|
||||
// Check for token-based auth via Authorization header
|
||||
if tokenUser := getUserByToken(ctx); tokenUser != nil && tokenUser.ID == gist.UserID {
|
||||
// Token is valid and belongs to gist owner, allow access
|
||||
} else {
|
||||
return ctx.NotFound("Gist not found")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -192,6 +192,9 @@ func (s *Server) setFuncMap() {
|
||||
"humanDate": func(t int64) string {
|
||||
return time.Unix(t, 0).Format("02/01/2006 15:04")
|
||||
},
|
||||
"humanDateOnly": func(t int64) string {
|
||||
return time.Unix(t, 0).Format("02/01/2006")
|
||||
},
|
||||
"mainTheme": func(theme *db.UserStyleDTO) string {
|
||||
if theme == nil {
|
||||
return "auto"
|
||||
|
||||
@@ -62,6 +62,9 @@ func (s *Server) registerRoutes() {
|
||||
sA.DELETE("/account", settings.AccountDeleteProcess)
|
||||
sA.POST("/ssh-keys", settings.SshKeysProcess)
|
||||
sA.DELETE("/ssh-keys/:id", settings.SshKeysDelete)
|
||||
sA.GET("/access-tokens", settings.AccessTokens)
|
||||
sA.POST("/access-tokens", settings.AccessTokensProcess)
|
||||
sA.DELETE("/access-tokens/:id", settings.AccessTokensDelete)
|
||||
sA.DELETE("/passkeys/:id", settings.PasskeyDelete)
|
||||
sA.PUT("/password", settings.PasswordProcess)
|
||||
sA.PUT("/username", settings.UsernameProcess)
|
||||
|
||||
المرجع في مشكلة جديدة
حظر مستخدم