cloudreve/middleware/common.go

package middleware

import (
	"fmt"
	model "github.com/cloudreve/Cloudreve/v3/models"
	"github.com/cloudreve/Cloudreve/v3/pkg/auth"
	"github.com/cloudreve/Cloudreve/v3/pkg/hashid"
	"github.com/cloudreve/Cloudreve/v3/pkg/serializer"
	"github.com/gin-gonic/gin"
	"net/http"
)

// HashID 将给定对象的HashID转换为真实ID
func HashID(IDType int) gin.HandlerFunc {
	return func(c *gin.Context) {
		if c.Param("id") != "" {
			id, err := hashid.DecodeHashID(c.Param("id"), IDType)
			if err == nil {
				c.Set("object_id", id)
				c.Next()
				return
			}
			c.JSON(200, serializer.ParamErr("Failed to parse object ID", nil))
			c.Abort()
			return

		}
		c.Next()
	}
}

// IsFunctionEnabled 当功能未开启时阻止访问
func IsFunctionEnabled(key string) gin.HandlerFunc {
	return func(c *gin.Context) {
		if !model.IsTrueVal(model.GetSettingByName(key)) {
			c.JSON(200, serializer.Err(serializer.CodeFeatureNotEnabled, "This feature is not enabled", nil))
			c.Abort()
			return
		}

		c.Next()
	}
}

// CacheControl 屏蔽客户端缓存
func CacheControl() gin.HandlerFunc {
	return func(c *gin.Context) {
		c.Header("Cache-Control", "private, no-cache")
	}
}

func Sandbox() gin.HandlerFunc {
	return func(c *gin.Context) {
		c.Header("Content-Security-Policy", "sandbox")
	}
}

// StaticResourceCache 使用静态资源缓存策略
func StaticResourceCache() gin.HandlerFunc {
	return func(c *gin.Context) {
		c.Header("Cache-Control", fmt.Sprintf("public, max-age=%d", model.GetIntSetting("public_resource_maxage", 86400)))

	}
}

// MobileRequestOnly
func MobileRequestOnly() gin.HandlerFunc {
	return func(c *gin.Context) {
		if c.GetHeader(auth.CrHeaderPrefix+"ios") == "" {
			c.Redirect(http.StatusMovedPermanently, model.GetSiteURL().String())
			c.Abort()
			return
		}

		c.Next()
	}
}
Modify: change raw object ID to Hash ID in file service 5 years ago			`package middleware`

			`import (`
feat(cache): set `max-age` for public accessible static resources 2 years ago			`"fmt"`
Comply with Golang semantic import versioning (#630) * Code: compatible with semantic import versioning * Tools & Docs: compatible with semantic import versioning * Clean go.mod & go.sum 4 years ago			`model "github.com/cloudreve/Cloudreve/v3/models"`
feat(mobile): only allow request from mobile client to copy session 2 years ago			`"github.com/cloudreve/Cloudreve/v3/pkg/auth"`
Comply with Golang semantic import versioning (#630) * Code: compatible with semantic import versioning * Tools & Docs: compatible with semantic import versioning * Clean go.mod & go.sum 4 years ago			`"github.com/cloudreve/Cloudreve/v3/pkg/hashid"`
			`"github.com/cloudreve/Cloudreve/v3/pkg/serializer"`
			`"github.com/gin-gonic/gin"`
feat(mobile): only allow request from mobile client to copy session 2 years ago			`"net/http"`
Modify: change raw object ID to Hash ID in file service 5 years ago			`)`

Test: model.Tags / modifications 5 years ago			`// HashID 将给定对象的HashID转换为真实ID`
Modify: change raw object ID to Hash ID in file service 5 years ago			`func HashID(IDType int) gin.HandlerFunc {`
			`return func(c *gin.Context) {`
			`if c.Param("id") != "" {`
			`id, err := hashid.DecodeHashID(c.Param("id"), IDType)`
			`if err == nil {`
			`c.Set("object_id", id)`
			`c.Next()`
			`return`
			`}`
i18n: logs in bootstrapper and response code in middleware 2 years ago			`c.JSON(200, serializer.ParamErr("Failed to parse object ID", nil))`
Modify: change raw object ID to Hash ID in file service 5 years ago			`c.Abort()`
			`return`

			`}`
			`c.Next()`
			`}`
			`}`
Feat: Webauthn / theme changing 5 years ago
			`// IsFunctionEnabled 当功能未开启时阻止访问`
			`func IsFunctionEnabled(key string) gin.HandlerFunc {`
			`return func(c *gin.Context) {`
			`if !model.IsTrueVal(model.GetSettingByName(key)) {`
i18n: captcha, reset password 3 years ago			`c.JSON(200, serializer.Err(serializer.CodeFeatureNotEnabled, "This feature is not enabled", nil))`
Feat: Webauthn / theme changing 5 years ago			`c.Abort()`
			`return`
			`}`

			`c.Next()`
			`}`
			`}`
Feat: batch download in streamming paradism Fix: add cache-controler header in API call responses 3 years ago
			`// CacheControl 屏蔽客户端缓存`
			`func CacheControl() gin.HandlerFunc {`
			`return func(c *gin.Context) {`
			`c.Header("Cache-Control", "private, no-cache")`
			`}`
			`}`
fix(security): CVE-2022-32167 2 years ago
			`func Sandbox() gin.HandlerFunc {`
			`return func(c *gin.Context) {`
			`c.Header("Content-Security-Policy", "sandbox")`
			`}`
			`}`
feat(cache): set `max-age` for public accessible static resources 2 years ago
			`// StaticResourceCache 使用静态资源缓存策略`
			`func StaticResourceCache() gin.HandlerFunc {`
			`return func(c *gin.Context) {`
			`c.Header("Cache-Control", fmt.Sprintf("public, max-age=%d", model.GetIntSetting("public_resource_maxage", 86400)))`

			`}`
			`}`
feat(mobile): only allow request from mobile client to copy session 2 years ago
			`// MobileRequestOnly`
			`func MobileRequestOnly() gin.HandlerFunc {`
			`return func(c *gin.Context) {`
			`if c.GetHeader(auth.CrHeaderPrefix+"ios") == "" {`
			`c.Redirect(http.StatusMovedPermanently, model.GetSiteURL().String())`
			`c.Abort()`
			`return`
			`}`

			`c.Next()`
			`}`
			`}`