|
|
|
@ -0,0 +1,30 @@
|
|
|
|
|
package middleware
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"github.com/gin-contrib/sessions"
|
|
|
|
|
"github.com/gin-contrib/sessions/cookie"
|
|
|
|
|
"github.com/gin-gonic/gin"
|
|
|
|
|
"net/http"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// SessionHandler 创建并返回会话中间件
|
|
|
|
|
func SessionHandler() gin.HandlerFunc {
|
|
|
|
|
store := SessionConfig()
|
|
|
|
|
return sessions.Sessions("GOFLY", store)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// SessionConfig 配置会话存储
|
|
|
|
|
func SessionConfig() sessions.Store {
|
|
|
|
|
sessionMaxAge := 3600
|
|
|
|
|
sessionSecret := "GOFLY"
|
|
|
|
|
|
|
|
|
|
store := cookie.NewStore([]byte(sessionSecret))
|
|
|
|
|
store.Options(sessions.Options{
|
|
|
|
|
MaxAge: sessionMaxAge, // seconds
|
|
|
|
|
Path: "/",
|
|
|
|
|
HttpOnly: true, // 建议添加,防止XSS攻击
|
|
|
|
|
Secure: true, // 生产环境建议启用,要求HTTPS
|
|
|
|
|
SameSite: http.SameSiteLaxMode, // 防止CSRF攻击
|
|
|
|
|
})
|
|
|
|
|
return store
|
|
|
|
|
}
|