[break] change auth config & add auth key

2026-02-03 08:11:11 +08:00 · 2025-04-01 18:32:45 +08:00 · 2025-04-01 18:32:45 +08:00 · 395f641468
commit 395f641468
parent 978ece6fa0
8 changed files with 50 additions and 27 deletions
--- a/api/api.go
+++ b/api/api.go
@ -3,6 +3,7 @@ package api
 import (
 	"context"
 	"ghproxy/config"
 	"ghproxy/middleware/nocache"
 	"github.com/WJQSERVER-STUDIO/go-utils/logger"
 	"github.com/cloudwego/hertz/pkg/app"
@ -18,18 +19,8 @@ var (
 	logError   = logger.LogError
 )
 func NoCacheMiddleware() app.HandlerFunc {
 	return func(ctx context.Context, c *app.RequestContext) {
 		// 设置禁止缓存的响应头
 		c.Response.Header.Set("Cache-Control", "no-store, no-cache, must-revalidate")
 		c.Response.Header.Set("Pragma", "no-cache")
 		c.Response.Header.Set("Expires", "0")
 		c.Next(ctx) // 继续处理请求
 	}
 }
 func InitHandleRouter(cfg *config.Config, r *server.Hertz, version string) {
-	apiRouter := r.Group("/api", NoCacheMiddleware())
+	apiRouter := r.Group("/api", nocache.NoCacheMiddleware())
 	{
 		apiRouter.GET("/size_limit", func(ctx context.Context, c *app.RequestContext) {
 			SizeLimitHandler(cfg, c, ctx)
--- a/auth/auth-header.go
+++ b/auth/auth-header.go
@ -12,13 +12,19 @@ func AuthHeaderHandler(c *app.RequestContext, cfg *config.Config) (isValid bool,
 		return true, nil
 	}
 	// 获取"GH-Auth"的值
-	authToken := string(c.GetHeader("GH-Auth"))
+	var authToken string
 	if cfg.Auth.Key != "" {
 		authToken = string(c.GetHeader(cfg.Auth.Key))
 	} else {
 		authToken = string(c.GetHeader("GH-Auth"))
 	}
 	logDebug("%s %s %s %s %s AUTH_TOKEN: %s", c.Method(), string(c.Path()), c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), authToken)
 	if authToken == "" {
 		return false, fmt.Errorf("Auth token not found")
 	}
-	isValid = authToken == cfg.Auth.AuthToken
+	isValid = authToken == cfg.Auth.Token
 	if !isValid {
 		return false, fmt.Errorf("Auth token incorrect")
 	}
--- a/auth/auth-parameters.go
+++ b/auth/auth-parameters.go
@ -12,14 +12,20 @@ func AuthParametersHandler(c *app.RequestContext, cfg *config.Config) (isValid b
 		return true, nil
 	}
-	authToken := c.Query("auth_token")
+	var authToken string
 	if cfg.Auth.Key != "" {
 		authToken = c.Query(cfg.Auth.Key)
 	} else {
 		authToken = c.Query("auth_token")
 	}
 	logDebug("%s %s %s %s %s AUTH_TOKEN: %s", c.ClientIP(), c.Method(), string(c.Path()), c.Request.Header.UserAgent(), c.Request.Header.GetProtocol(), authToken)
 	if authToken == "" {
 		return false, fmt.Errorf("Auth token not found")
 	}
-	isValid = authToken == cfg.Auth.AuthToken
+	isValid = authToken == cfg.Auth.Token
 	if !isValid {
 		return false, fmt.Errorf("Auth token invalid")
 	}
--- a/auth/auth.go
+++ b/auth/auth.go
@ -37,17 +37,17 @@ func Init(cfg *config.Config) {
 }
 func AuthHandler(ctx context.Context, c *app.RequestContext, cfg *config.Config) (isValid bool, err error) {
-	if cfg.Auth.AuthMethod == "parameters" {
+	if cfg.Auth.Method == "parameters" {
 		isValid, err = AuthParametersHandler(c, cfg)
 		return isValid, err
-	} else if cfg.Auth.AuthMethod == "header" {
+	} else if cfg.Auth.Method == "header" {
 		isValid, err = AuthHeaderHandler(c, cfg)
 		return isValid, err
-	} else if cfg.Auth.AuthMethod == "" {
+	} else if cfg.Auth.Method == "" {
 		logError("Auth method not set")
 		return true, nil
 	} else {
 		logError("Auth method not supported")
-		return false, fmt.Errorf(fmt.Sprintf("Auth method %s not supported", cfg.Auth.AuthMethod))
+		return false, fmt.Errorf(fmt.Sprintf("Auth method %s not supported", cfg.Auth.Method))
 	}
 }
--- a/config/config.go
+++ b/config/config.go
@ -93,16 +93,18 @@ type LogConfig struct {
 /*
 [auth]
-authMethod = "parameters" # "header" or "parameters"
+Method = "parameters" # "header" or "parameters"
-authToken = "token"
+Key = ""
 Token = "token"
 enabled = false
 passThrough = false
 ForceAllowApi = true
 */
 type AuthConfig struct {
 	Enabled       bool   `toml:"enabled"`
-	AuthMethod    string `toml:"authMethod"`
+	Method        string `toml:"method"`
-	AuthToken     string `toml:"authToken"`
+	Key           string `toml:"key"`
 	Token         string `toml:"token"`
 	PassThrough   bool   `toml:"passThrough"`
 	ForceAllowApi bool   `toml:"ForceAllowApi"`
 }
@ -208,8 +210,9 @@ func DefaultConfig() *Config {
 		},
 		Auth: AuthConfig{
 			Enabled:       false,
-			AuthMethod:    "parameters",
+			Method:        "parameters",
-			AuthToken:     "token",
+			Key:           "",
 			Token:         "token",
 			PassThrough:   false,
 			ForceAllowApi: true,
 		},
--- a/middleware/nocache/nocache.go
+++ b/middleware/nocache/nocache.go
@ -0,0 +1,17 @@
 package nocache
 import (
 	"context"
 	"github.com/cloudwego/hertz/pkg/app"
 )
 func NoCacheMiddleware() app.HandlerFunc {
 	return func(ctx context.Context, c *app.RequestContext) {
 		// 设置禁止缓存的响应头
 		c.Response.Header.Set("Cache-Control", "no-store, no-cache, must-revalidate")
 		c.Response.Header.Set("Pragma", "no-cache")
 		c.Response.Header.Set("Expires", "0")
 		c.Next(ctx) // 继续处理请求
 	}
 }
--- a/proxy/authpass.go
+++ b/proxy/authpass.go
@ -12,7 +12,7 @@ func AuthPassThrough(c *app.RequestContext, cfg *config.Config, req *http.Reques
 		token := c.Query("token")
 		if token != "" {
 			logDebug("%s %s %s %s %s Auth-PassThrough: token %s", c.ClientIP(), c.Method(), string(c.Path()), c.UserAgent(), c.Request.Header.GetProtocol(), token)
-			switch cfg.Auth.AuthMethod {
+			switch cfg.Auth.Method {
 			case "parameters":
 				if !cfg.Auth.Enabled {
 					req.Header.Set("Authorization", "token "+token)
--- a/proxy/match.go
+++ b/proxy/match.go
@ -114,7 +114,7 @@ func Matcher(rawPath string, cfg *config.Config) (string, string, string, error)
 			user = parts[1]
 		}
 		if !cfg.Auth.ForceAllowApi {
-			if cfg.Auth.AuthMethod != "header" || !cfg.Auth.Enabled {
+			if cfg.Auth.Method != "header" || !cfg.Auth.Enabled {
 				return "", "", "", ErrAuthHeaderUnavailable
 			}
 		}