diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 49ffd7173..000000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright © 2023 OpenIM. All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# To get started with Dependabot version updates, you'll need to specify which -# package ecosystems to update and where the package manifests are located. -# Please see the documentation for all configuration options: -# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates - -version: 2 -updates: - - package-ecosystem: "gomod" - directory: "/" - schedule: - interval: "daily" - time: "08:00" - labels: - - "dependencies" - commit-message: - prefix: "feat" - include: "scope" - groups: - gomod-deps: - patterns: - - "*" - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "daily" - time: "08:00" - labels: - - "dependencies" - commit-message: - prefix: "chore" - include: "scope" - groups: - github-actions: - patterns: - - "*" - - package-ecosystem: "docker" - directory: "/" - schedule: - interval: "daily" - time: "08:00" - labels: - - "dependencies" - commit-message: - prefix: "feat" - include: "scope" \ No newline at end of file diff --git a/CONTRIBUTING-zh_CN.md b/CONTRIBUTING-zh_CN.md index 8bb98a8e9..47965a9f4 100644 --- a/CONTRIBUTING-zh_CN.md +++ b/CONTRIBUTING-zh_CN.md @@ -93,4 +93,4 @@ I have read the CLA Document and I hereby sign the CLA ### 异常及错误处理 - **禁止使用 `panic`**:程序中不应使用 `panic`,以避免在遇到不可恢复的错误时突然终止。 - **错误包裹**:使用 `"github.com/openimsdk/tools/errs"` 来包裹错误,保持错误信息的完整性并增加调试便利。 -- **错误传递**:如果函数本身不能处理错误,应将错误返回给调用者,而不是隐藏或忽略这些错误。 \ No newline at end of file +- **错误传递**:如果函数本身不能处理错误,应将错误返回给调用者,而不是隐藏或忽略这些错误。 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 26c800063..0aa07393e 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -91,4 +91,4 @@ Please refer to the following documents for detailed information on Go language ### Exception and Error Handling - **Prohibit the use of `panic`**: The code should not use `panic` to avoid abrupt termination when encountering unrecoverable errors. - **Error Wrapping**: Use `"github.com/openimsdk/tools/errs"` to wrap errors, maintaining the integrity of error information and facilitating debugging. -- **Error Propagation**: If a function cannot handle an error itself, it should return the error to the caller, rather than hiding or ignoring it. \ No newline at end of file +- **Error Propagation**: If a function cannot handle an error itself, it should return the error to the caller, rather than hiding or ignoring it. diff --git a/internal/api/router.go b/internal/api/router.go index 1fbb33b09..600567178 100644 --- a/internal/api/router.go +++ b/internal/api/router.go @@ -15,6 +15,7 @@ import ( "google.golang.org/grpc" "google.golang.org/grpc/credentials/insecure" "net/http" + "strings" ) func newGinRouter(disCov discovery.SvcDiscoveryRegistry, config *Config) *gin.Engine { @@ -25,7 +26,6 @@ func newGinRouter(disCov discovery.SvcDiscoveryRegistry, config *Config) *gin.En if v, ok := binding.Validator.Engine().(*validator.Validate); ok { _ = v.RegisterValidation("required_if", RequiredIf) } - r.Use(gin.Recovery(), mw.CorsHandler(), mw.GinParseOperationID()) // init rpc client here userRpc := rpcclient.NewUser(disCov, config.Share.RpcRegisterName.User, config.Share.RpcRegisterName.MessageGateway, config.Share.IMAdminUserID) @@ -36,37 +36,37 @@ func newGinRouter(disCov discovery.SvcDiscoveryRegistry, config *Config) *gin.En authRpc := rpcclient.NewAuth(disCov, config.Share.RpcRegisterName.Auth) thirdRpc := rpcclient.NewThird(disCov, config.Share.RpcRegisterName.Third, config.API.Prometheus.GrafanaURL) + r.Use(gin.Recovery(), mw.CorsHandler(), mw.GinParseOperationID(), GinParseToken(authRpc)) u := NewUserApi(*userRpc) m := NewMessageApi(messageRpc, userRpc, config.Share.IMAdminUserID) - ParseToken := GinParseToken(authRpc) userRouterGroup := r.Group("/user") { userRouterGroup.POST("/user_register", u.UserRegister) - userRouterGroup.POST("/update_user_info", ParseToken, u.UpdateUserInfo) - userRouterGroup.POST("/update_user_info_ex", ParseToken, u.UpdateUserInfoEx) - userRouterGroup.POST("/set_global_msg_recv_opt", ParseToken, u.SetGlobalRecvMessageOpt) - userRouterGroup.POST("/get_users_info", ParseToken, u.GetUsersPublicInfo) - userRouterGroup.POST("/get_all_users_uid", ParseToken, u.GetAllUsersID) - userRouterGroup.POST("/account_check", ParseToken, u.AccountCheck) - userRouterGroup.POST("/get_users", ParseToken, u.GetUsers) - userRouterGroup.POST("/get_users_online_status", ParseToken, u.GetUsersOnlineStatus) - userRouterGroup.POST("/get_users_online_token_detail", ParseToken, u.GetUsersOnlineTokenDetail) - userRouterGroup.POST("/subscribe_users_status", ParseToken, u.SubscriberStatus) - userRouterGroup.POST("/get_users_status", ParseToken, u.GetUserStatus) - userRouterGroup.POST("/get_subscribe_users_status", ParseToken, u.GetSubscribeUsersStatus) + userRouterGroup.POST("/update_user_info", u.UpdateUserInfo) + userRouterGroup.POST("/update_user_info_ex", u.UpdateUserInfoEx) + userRouterGroup.POST("/set_global_msg_recv_opt", u.SetGlobalRecvMessageOpt) + userRouterGroup.POST("/get_users_info", u.GetUsersPublicInfo) + userRouterGroup.POST("/get_all_users_uid", u.GetAllUsersID) + userRouterGroup.POST("/account_check", u.AccountCheck) + userRouterGroup.POST("/get_users", u.GetUsers) + userRouterGroup.POST("/get_users_online_status", u.GetUsersOnlineStatus) + userRouterGroup.POST("/get_users_online_token_detail", u.GetUsersOnlineTokenDetail) + userRouterGroup.POST("/subscribe_users_status", u.SubscriberStatus) + userRouterGroup.POST("/get_users_status", u.GetUserStatus) + userRouterGroup.POST("/get_subscribe_users_status", u.GetSubscribeUsersStatus) - userRouterGroup.POST("/process_user_command_add", ParseToken, u.ProcessUserCommandAdd) - userRouterGroup.POST("/process_user_command_delete", ParseToken, u.ProcessUserCommandDelete) - userRouterGroup.POST("/process_user_command_update", ParseToken, u.ProcessUserCommandUpdate) - userRouterGroup.POST("/process_user_command_get", ParseToken, u.ProcessUserCommandGet) - userRouterGroup.POST("/process_user_command_get_all", ParseToken, u.ProcessUserCommandGetAll) + userRouterGroup.POST("/process_user_command_add", u.ProcessUserCommandAdd) + userRouterGroup.POST("/process_user_command_delete", u.ProcessUserCommandDelete) + userRouterGroup.POST("/process_user_command_update", u.ProcessUserCommandUpdate) + userRouterGroup.POST("/process_user_command_get", u.ProcessUserCommandGet) + userRouterGroup.POST("/process_user_command_get_all", u.ProcessUserCommandGetAll) - userRouterGroup.POST("/add_notification_account", ParseToken, u.AddNotificationAccount) - userRouterGroup.POST("/update_notification_account", ParseToken, u.UpdateNotificationAccountInfo) - userRouterGroup.POST("/search_notification_account", ParseToken, u.SearchNotificationAccount) + userRouterGroup.POST("/add_notification_account", u.AddNotificationAccount) + userRouterGroup.POST("/update_notification_account", u.UpdateNotificationAccountInfo) + userRouterGroup.POST("/search_notification_account", u.SearchNotificationAccount) } // friend routing group - friendRouterGroup := r.Group("/friend", ParseToken) + friendRouterGroup := r.Group("/friend") { f := NewFriendApi(*friendRpc) friendRouterGroup.POST("/delete_friend", f.DeleteFriend) @@ -88,7 +88,7 @@ func newGinRouter(disCov discovery.SvcDiscoveryRegistry, config *Config) *gin.En friendRouterGroup.POST("/update_friends", f.UpdateFriends) } g := NewGroupApi(*groupRpc) - groupRouterGroup := r.Group("/group", ParseToken) + groupRouterGroup := r.Group("/group") { groupRouterGroup.POST("/create_group", g.CreateGroup) groupRouterGroup.POST("/set_group_info", g.SetGroupInfo) @@ -120,12 +120,12 @@ func newGinRouter(disCov discovery.SvcDiscoveryRegistry, config *Config) *gin.En { a := NewAuthApi(*authRpc) authRouterGroup.POST("/user_token", a.UserToken) - authRouterGroup.POST("/get_user_token", ParseToken, a.GetUserToken) + authRouterGroup.POST("/get_user_token", a.GetUserToken) authRouterGroup.POST("/parse_token", a.ParseToken) - authRouterGroup.POST("/force_logout", ParseToken, a.ForceLogout) + authRouterGroup.POST("/force_logout", a.ForceLogout) } // Third service - thirdGroup := r.Group("/third", ParseToken) + thirdGroup := r.Group("/third") { t := NewThirdApi(*thirdRpc) thirdGroup.GET("/prometheus", t.GetPrometheus) @@ -137,7 +137,7 @@ func newGinRouter(disCov discovery.SvcDiscoveryRegistry, config *Config) *gin.En logs.POST("/delete", t.DeleteLogs) logs.POST("/search", t.SearchLogs) - objectGroup := r.Group("/object", ParseToken) + objectGroup := r.Group("/object") objectGroup.POST("/part_limit", t.PartLimit) objectGroup.POST("/part_size", t.PartSize) @@ -150,7 +150,7 @@ func newGinRouter(disCov discovery.SvcDiscoveryRegistry, config *Config) *gin.En objectGroup.GET("/*name", t.ObjectRedirect) } // Message - msgGroup := r.Group("/msg", ParseToken) + msgGroup := r.Group("/msg") { msgGroup.POST("/newest_seq", m.GetSeq) msgGroup.POST("/search_msg", m.SearchMsg) @@ -174,7 +174,7 @@ func newGinRouter(disCov discovery.SvcDiscoveryRegistry, config *Config) *gin.En msgGroup.POST("/get_server_time", m.GetServerTime) } // Conversation - conversationGroup := r.Group("/conversation", ParseToken) + conversationGroup := r.Group("/conversation") { c := NewConversationApi(*conversationRpc) conversationGroup.POST("/get_sorted_conversation_list", c.GetSortedConversationList) @@ -185,7 +185,7 @@ func newGinRouter(disCov discovery.SvcDiscoveryRegistry, config *Config) *gin.En conversationGroup.POST("/get_conversation_offline_push_user_ids", c.GetConversationOfflinePushUserIDs) } - statisticsGroup := r.Group("/statistics", ParseToken) + statisticsGroup := r.Group("/statistics") { statisticsGroup.POST("/user/register", u.UserRegisterCount) statisticsGroup.POST("/user/active", m.GetActiveUser) @@ -199,6 +199,13 @@ func GinParseToken(authRPC *rpcclient.Auth) gin.HandlerFunc { return func(c *gin.Context) { switch c.Request.Method { case http.MethodPost: + for _, wApi := range Whitelist { + if strings.HasPrefix(c.Request.URL.Path, wApi) { + c.Next() + return + } + } + token := c.Request.Header.Get(constant.Token) if token == "" { log.ZWarn(c, "header get token error", servererrs.ErrArgs.WrapMsg("header must have token")) @@ -218,3 +225,10 @@ func GinParseToken(authRPC *rpcclient.Auth) gin.HandlerFunc { } } } + +// Whitelist api not parse token +var Whitelist = []string{ + "/user/user_register", + "/auth/user_token", + "/auth/parse_token", +} diff --git a/pkg/common/config/config.go b/pkg/common/config/config.go index 12c4f7f78..04b3564dc 100644 --- a/pkg/common/config/config.go +++ b/pkg/common/config/config.go @@ -348,6 +348,7 @@ type Share struct { RpcRegisterName RpcRegisterName `mapstructure:"rpcRegisterName"` IMAdminUserID []string `mapstructure:"imAdminUserID"` } + type RpcRegisterName struct { User string `mapstructure:"user"` Friend string `mapstructure:"friend"`