VisitAuth when user visit the site image, check visit token. This only for private mode.
()
| 30 | |
| 31 | // VisitAuth when user visit the site image, check visit token. This only for private mode. |
| 32 | func (am *AuthUserMiddleware) VisitAuth() gin.HandlerFunc { |
| 33 | return func(ctx *gin.Context) { |
| 34 | if len(os.Getenv("SKIP_FILE_ACCESS_VERIFY")) > 0 { |
| 35 | ctx.Next() |
| 36 | return |
| 37 | } |
| 38 | // If visit brand image, no need to check visit token. Because the brand image is public. |
| 39 | if strings.HasPrefix(ctx.Request.URL.Path, "/uploads/branding/") { |
| 40 | ctx.Next() |
| 41 | return |
| 42 | } |
| 43 | |
| 44 | siteSecurity, err := am.siteInfoCommonService.GetSiteSecurity(ctx) |
| 45 | if err != nil { |
| 46 | return |
| 47 | } |
| 48 | if !siteSecurity.LoginRequired { |
| 49 | ctx.Next() |
| 50 | return |
| 51 | } |
| 52 | |
| 53 | visitToken, err := ctx.Cookie(constant.UserVisitCookiesCacheKey) |
| 54 | if err != nil || len(visitToken) == 0 { |
| 55 | ctx.Abort() |
| 56 | ctx.Redirect(http.StatusFound, "/403") |
| 57 | return |
| 58 | } |
| 59 | |
| 60 | if !am.authService.CheckUserVisitToken(ctx, visitToken) { |
| 61 | ctx.Abort() |
| 62 | ctx.Redirect(http.StatusFound, "/403") |
| 63 | return |
| 64 | } |
| 65 | } |
| 66 | } |
no test coverage detected