|
|
@ -245,14 +245,12 @@ func handleAppRequest(w http.ResponseWriter, r *http.Request) { |
|
|
deviceSN := pathParts[1] |
|
|
deviceSN := pathParts[1] |
|
|
|
|
|
|
|
|
// --- [App 认证逻辑 - 暂时注释,需要时取消注释即可] ---
|
|
|
// --- [App 认证逻辑 - 暂时注释,需要时取消注释即可] ---
|
|
|
/* |
|
|
appUserID, err := authenticateAppRequest(r) |
|
|
appUserID, err := authenticateAppRequest(r) |
|
|
if err != nil { |
|
|
if err != nil { |
|
|
log.Printf("App authentication failed for device %s: %v", deviceSN, err) |
|
|
log.Printf("App authentication failed for device %s: %v", deviceSN, err) |
|
|
http.Error(w, "Unauthorized", http.StatusUnauthorized) |
|
|
http.Error(w, "Unauthorized", http.StatusUnauthorized) |
|
|
return |
|
|
return |
|
|
} |
|
|
} |
|
|
|
|
|
*/ |
|
|
|
|
|
|
|
|
|
|
|
sessionMutex.RLock() |
|
|
sessionMutex.RLock() |
|
|
sessionInfo, ok := deviceSessions[deviceSN] |
|
|
sessionInfo, ok := deviceSessions[deviceSN] |
|
|
@ -263,13 +261,11 @@ func handleAppRequest(w http.ResponseWriter, r *http.Request) { |
|
|
return |
|
|
return |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
/* --- [所有权检查 - 暂时注释] --- |
|
|
if config.Cfg.Auth.Enabled && sessionInfo.UserID != appUserID { |
|
|
if sessionInfo.UserID != appUserID { |
|
|
log.Printf("Forb idden: App user '%s' attempted to access device '%s' owned by '%s'", appUserID, deviceSN, sessionInfo.UserID) |
|
|
log.Printf("Forbidden: App user '%s' attempted to access device '%s' owned by '%s'", appUserID, deviceSN, sessionInfo.UserID) |
|
|
|
|
|
http.Error(w, "Forbidden: you do not own this device", http.StatusForbidden) |
|
|
http.Error(w, "Forbidden: you do not own this device", http.StatusForbidden) |
|
|
return |
|
|
return |
|
|
} |
|
|
} |
|
|
*/ |
|
|
|
|
|
|
|
|
|
|
|
proxy := &httputil.ReverseProxy{ |
|
|
proxy := &httputil.ReverseProxy{ |
|
|
Director: func(req *http.Request) { |
|
|
Director: func(req *http.Request) { |
|
|
@ -310,14 +306,18 @@ func handleAppRequest(w http.ResponseWriter, r *http.Request) { |
|
|
|
|
|
|
|
|
// authenticateAppRequest 和 verifyAppToken 保持不变,备用
|
|
|
// authenticateAppRequest 和 verifyAppToken 保持不变,备用
|
|
|
func authenticateAppRequest(r *http.Request) (string, error) { |
|
|
func authenticateAppRequest(r *http.Request) (string, error) { |
|
|
|
|
|
if !config.Cfg.Auth.Enabled { |
|
|
|
|
|
return "", nil |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
authHeader := r.Header.Get("Authorization") |
|
|
authHeader := r.Header.Get("Authorization") |
|
|
if authHeader == "" { |
|
|
if authHeader == "" { |
|
|
return "", errors.New("missing Authorization header") |
|
|
return "", errors.New("missing Authorization header") |
|
|
} |
|
|
} |
|
|
tokenString := strings.TrimPrefix(authHeader, "Bearer ") |
|
|
tokenString := strings.TrimPrefix(authHeader, "Bearer ") |
|
|
if tokenString == authHeader { |
|
|
//if tokenString == authHeader {
|
|
|
return "", errors.New("authorization header format must be Bearer {token}") |
|
|
// return "", errors.New("authorization header format must be Bearer {token}")
|
|
|
} |
|
|
//}
|
|
|
claims, err := verifyAppToken(tokenString) |
|
|
claims, err := verifyAppToken(tokenString) |
|
|
if err != nil { |
|
|
if err != nil { |
|
|
return "", fmt.Errorf("app token verification failed: %w", err) |
|
|
return "", fmt.Errorf("app token verification failed: %w", err) |
|
|
|
lin_hl
1 week ago