MCPcopy Index your code
hub / github.com/apache/answer / VisitAuth

Method VisitAuth

internal/base/middleware/visit_img_auth.go:32–66  ·  view source on GitHub ↗

VisitAuth when user visit the site image, check visit token. This only for private mode.

()

Source from the content-addressed store, hash-verified

30
31// VisitAuth when user visit the site image, check visit token. This only for private mode.
32func (am *AuthUserMiddleware) VisitAuth() gin.HandlerFunc {
33 return func(ctx *gin.Context) {
34 if len(os.Getenv("SKIP_FILE_ACCESS_VERIFY")) > 0 {
35 ctx.Next()
36 return
37 }
38 // If visit brand image, no need to check visit token. Because the brand image is public.
39 if strings.HasPrefix(ctx.Request.URL.Path, "/uploads/branding/") {
40 ctx.Next()
41 return
42 }
43
44 siteSecurity, err := am.siteInfoCommonService.GetSiteSecurity(ctx)
45 if err != nil {
46 return
47 }
48 if !siteSecurity.LoginRequired {
49 ctx.Next()
50 return
51 }
52
53 visitToken, err := ctx.Cookie(constant.UserVisitCookiesCacheKey)
54 if err != nil || len(visitToken) == 0 {
55 ctx.Abort()
56 ctx.Redirect(http.StatusFound, "/403")
57 return
58 }
59
60 if !am.authService.CheckUserVisitToken(ctx, visitToken) {
61 ctx.Abort()
62 ctx.Redirect(http.StatusFound, "/403")
63 return
64 }
65 }
66}

Callers 1

NewHTTPServerFunction · 0.80

Calls 2

CheckUserVisitTokenMethod · 0.80
GetSiteSecurityMethod · 0.65

Tested by

no test coverage detected