|
|
@@ -7,8 +7,6 @@
|
|
|
package routes
|
|
|
|
|
|
import (
|
|
|
- "github.com/iris-contrib/middleware/csrf"
|
|
|
- "github.com/kataras/iris/v12"
|
|
|
"github.com/kataras/iris/v12/mvc"
|
|
|
"go.mod/bootstrap"
|
|
|
"go.mod/services"
|
|
|
@@ -41,18 +39,15 @@ func Configure(b *bootstrap.Bootstrapper) {
|
|
|
groupService := services.NewGroupService()
|
|
|
versionService := services.NewVersionService()
|
|
|
|
|
|
- //CSRF相关
|
|
|
- b.Use(middleware.SetCsrf)
|
|
|
-
|
|
|
- protect := csrf.Protect([]byte("9AB0F421E53A477C084477AEA06096F5"), csrf.FieldName("csrf"), csrf.Secure(false), csrf.Path("/"), csrf.ErrorHandler(func(ctx iris.Context) {
|
|
|
- ctx.JSON(iris.Map{"code": -1, "msg": "CSRF token invalid"})
|
|
|
- }))
|
|
|
+ // b.Protect := csrf.b.Protect([]byte("9AB0F421E53A477C084477AEA06096F5"), csrf.FieldName("csrf"), csrf.Secure(false), csrf.Path("/"), csrf.ErrorHandler(func(ctx iris.Context) {
|
|
|
+ // ctx.JSON(iris.Map{"code": -1, "msg": "CSRF token invalid"})
|
|
|
+ // }))
|
|
|
|
|
|
- //b.Party("/", protect)
|
|
|
- //protect := NewCsrf()
|
|
|
+ //b.Party("/", b.Protect)
|
|
|
+ //b.Protect := NewCsrf()
|
|
|
|
|
|
//登录相关
|
|
|
- //login := mvc.New(b.Party("/", protect))
|
|
|
+ //login := mvc.New(b.Party("/", b.Protect))
|
|
|
// login := mvc.New(b.Party("/"))
|
|
|
// login.Register(ProjectAccountService)
|
|
|
// login.Register(LoginService)
|
|
|
@@ -102,63 +97,72 @@ func Configure(b *bootstrap.Bootstrapper) {
|
|
|
// b.Get("/swagger/{any:path}", )
|
|
|
// apiTree.Router.Use(middleware.JwtAuth().Serve)
|
|
|
// 接口相关
|
|
|
+
|
|
|
// 登陆接口
|
|
|
- apiLogin := mvc.New(b.Party("/api/login", protect))
|
|
|
+ apiLogin := mvc.New(b.Party("/api/login", b.Protect))
|
|
|
apiLogin.Register(ProjectAccountService)
|
|
|
apiLogin.Register(LoginService)
|
|
|
apiLogin.Register(ProjectService)
|
|
|
+ apiLogin.Router.Use(middleware.SetCsrf)
|
|
|
apiLogin.Handle(new(api.LoginApi))
|
|
|
|
|
|
// 项目相关接口
|
|
|
- apiProject := mvc.New(b.Party("/api/project", protect))
|
|
|
+ apiProject := mvc.New(b.Party("/api/project", b.Protect))
|
|
|
apiProject.Register(ProjectService)
|
|
|
apiProject.Router.Use(middleware.SessionsAuth)
|
|
|
apiProject.Router.Use(middleware.AccessAuth)
|
|
|
+ apiProject.Router.Use(middleware.SetCsrf)
|
|
|
apiProject.Handle(new(api.ProjectApi))
|
|
|
|
|
|
// 项目账号相关接口
|
|
|
- apiProjectAccount := mvc.New(b.Party("/api/projectAccount", protect))
|
|
|
+ apiProjectAccount := mvc.New(b.Party("/api/projectAccount", b.Protect))
|
|
|
apiProjectAccount.Register(ProjectAccountService)
|
|
|
apiProjectAccount.Router.Use(middleware.SessionsAuth)
|
|
|
apiProjectAccount.Router.Use(middleware.AccessAuth)
|
|
|
+ apiProjectAccount.Router.Use(middleware.SetCsrf)
|
|
|
apiProjectAccount.Handle(new(api.ProjectAccountApi))
|
|
|
|
|
|
// 标段相关接口
|
|
|
- apiBidsection := mvc.New(b.Party("/api/bidsection", protect))
|
|
|
+ apiBidsection := mvc.New(b.Party("/api/bidsection", b.Protect))
|
|
|
apiBidsection.Register(BidsectionService)
|
|
|
apiBidsection.Router.Use(middleware.SessionsAuth)
|
|
|
apiBidsection.Router.Use(middleware.AccessAuth)
|
|
|
+ apiBidsection.Router.Use(middleware.SetCsrf)
|
|
|
apiBidsection.Handle(new(api.BidsectionApi))
|
|
|
|
|
|
// 项目设置接口
|
|
|
- apiSetting := mvc.New(b.Party("/api/projectSetting", protect))
|
|
|
+ apiSetting := mvc.New(b.Party("/api/projectSetting", b.Protect))
|
|
|
apiSetting.Register(ProjectAccountService)
|
|
|
apiSetting.Register(ProjectService)
|
|
|
apiSetting.Register(BidAccountService)
|
|
|
apiSetting.Router.Use(middleware.SessionsAuth)
|
|
|
apiSetting.Router.Use(middleware.AccessAuth)
|
|
|
+ apiSetting.Router.Use(middleware.SetCsrf)
|
|
|
apiSetting.Handle(new(api.ProjectSettingApi))
|
|
|
|
|
|
// TreeNode相关接口
|
|
|
- apiTree := mvc.New(b.Party("/api/tree", protect))
|
|
|
+ apiTree := mvc.New(b.Party("/api/tree", b.Protect))
|
|
|
apiTree.Register(TreeService)
|
|
|
apiTree.Router.Use(middleware.SessionsAuth)
|
|
|
apiTree.Router.Use(middleware.AccessAuth)
|
|
|
+ apiTree.Router.Use(middleware.SetCsrf)
|
|
|
apiTree.Handle(new(api.TreeApi))
|
|
|
|
|
|
// 合同管理
|
|
|
- apiContract := mvc.New(b.Party("/api/contract", protect))
|
|
|
+ apiContract := mvc.New(b.Party("/api/contract", b.Protect))
|
|
|
apiContract.Register(TreeService)
|
|
|
apiContract.Register(ContractService)
|
|
|
// 中间件
|
|
|
apiContract.Router.Use(middleware.SessionsAuth)
|
|
|
apiContract.Router.Use(middleware.AccessAuth)
|
|
|
+ apiContract.Router.Use(middleware.SetCsrf)
|
|
|
apiContract.Handle(new(api.ContractApi))
|
|
|
|
|
|
// oss相关
|
|
|
- apiOss := mvc.New(b.Party("/api/oss", protect))
|
|
|
+ apiOss := mvc.New(b.Party("/api/oss", b.Protect))
|
|
|
apiOss.Router.Use(middleware.SessionsAuth)
|
|
|
apiOss.Router.Use(middleware.AccessAuth)
|
|
|
+ apiOss.Router.Use(middleware.SetCsrf)
|
|
|
apiOss.Handle(new(api.OssApi))
|
|
|
|
|
|
// rpc相关
|
|
|
@@ -169,51 +173,58 @@ func Configure(b *bootstrap.Bootstrapper) {
|
|
|
// rpc.Handle(new(api.RpcApi))
|
|
|
|
|
|
// safe
|
|
|
- apiSafe := mvc.New(b.Party("/api/safe", protect))
|
|
|
+ apiSafe := mvc.New(b.Party("/api/safe", b.Protect))
|
|
|
apiSafe.Register(SafeService)
|
|
|
apiSafe.Router.Use(middleware.SessionsAuth)
|
|
|
apiSafe.Router.Use(middleware.AccessAuth)
|
|
|
+ apiSafe.Router.Use(middleware.SetCsrf)
|
|
|
apiSafe.Handle(new(api.SafeApi))
|
|
|
|
|
|
- apiSafeAudit := mvc.New(b.Party("/api/safe_audit", protect))
|
|
|
+ apiSafeAudit := mvc.New(b.Party("/api/safe_audit", b.Protect))
|
|
|
apiSafeAudit.Register(SafeAuditService)
|
|
|
apiSafeAudit.Router.Use(middleware.SessionsAuth)
|
|
|
apiSafeAudit.Router.Use(middleware.AccessAuth)
|
|
|
+ apiSafeAudit.Router.Use(middleware.SetCsrf)
|
|
|
apiSafeAudit.Handle(new(api.SafeAuditApi))
|
|
|
|
|
|
// quality
|
|
|
- apiQuality := mvc.New(b.Party("/api/quality", protect))
|
|
|
+ apiQuality := mvc.New(b.Party("/api/quality", b.Protect))
|
|
|
apiQuality.Register(QualityService)
|
|
|
apiQuality.Router.Use(middleware.SessionsAuth)
|
|
|
apiQuality.Router.Use(middleware.AccessAuth)
|
|
|
+ apiQuality.Router.Use(middleware.SetCsrf)
|
|
|
apiQuality.Handle(new(api.QualityApi))
|
|
|
|
|
|
- apiQualityAudit := mvc.New(b.Party("/api/quality_audit", protect))
|
|
|
+ apiQualityAudit := mvc.New(b.Party("/api/quality_audit", b.Protect))
|
|
|
apiQualityAudit.Register(QualityAuditService)
|
|
|
apiQualityAudit.Router.Use(middleware.SessionsAuth)
|
|
|
apiQualityAudit.Router.Use(middleware.AccessAuth)
|
|
|
+ apiQualityAudit.Router.Use(middleware.SetCsrf)
|
|
|
apiQualityAudit.Handle(new(api.QualityAuditApi))
|
|
|
// rule
|
|
|
- apiRule := mvc.New(b.Party("/api/rule", protect))
|
|
|
+ apiRule := mvc.New(b.Party("/api/rule", b.Protect))
|
|
|
apiRule.Register(RuleService)
|
|
|
apiRule.Router.Use(middleware.SessionsAuth)
|
|
|
apiRule.Router.Use(middleware.AccessAuth)
|
|
|
+ apiRule.Router.Use(middleware.SetCsrf)
|
|
|
apiRule.Handle(new(api.RuleApi))
|
|
|
|
|
|
// file
|
|
|
- apiAnnex := mvc.New(b.Party("/api/file", protect))
|
|
|
+ apiAnnex := mvc.New(b.Party("/api/file", b.Protect))
|
|
|
apiAnnex.Register(AnnexService)
|
|
|
apiAnnex.Router.Use(middleware.SessionsAuth)
|
|
|
apiAnnex.Router.Use(middleware.AccessAuth)
|
|
|
+ apiAnnex.Router.Use(middleware.SetCsrf)
|
|
|
apiAnnex.Handle(new(api.AnnexApi))
|
|
|
|
|
|
- apiDashboard := mvc.New(b.Party("/api/dashboard", protect))
|
|
|
+ apiDashboard := mvc.New(b.Party("/api/dashboard", b.Protect))
|
|
|
apiDashboard.Register(SafeService)
|
|
|
apiDashboard.Register(QualityService)
|
|
|
apiDashboard.Register(ProjectMessageService)
|
|
|
apiDashboard.Register(VersionService)
|
|
|
apiDashboard.Router.Use(middleware.SessionsAuth)
|
|
|
apiDashboard.Router.Use(middleware.AccessAuth)
|
|
|
+ apiDashboard.Router.Use(middleware.SetCsrf)
|
|
|
apiDashboard.Handle(new(api.DashboardApi))
|
|
|
|
|
|
// 对计量接口
|
|
|
@@ -221,24 +232,27 @@ func Configure(b *bootstrap.Bootstrapper) {
|
|
|
jlEx.Handle(new(external.JlEx))
|
|
|
|
|
|
// 后台相关
|
|
|
- backstageCM := mvc.New(b.Party("/api/backstage/login"))
|
|
|
+ backstageCM := mvc.New(b.Party("/api/backstage/login", b.Protect))
|
|
|
backstageCM.Register(backstageService)
|
|
|
+ backstageCM.Router.Use(middleware.SetCsrf)
|
|
|
backstageCM.Handle(new(backstage.LoginBs))
|
|
|
|
|
|
- backstageProjectCM := mvc.New(b.Party("/api/backstage/project"))
|
|
|
+ backstageProjectCM := mvc.New(b.Party("/api/backstage/project", b.Protect))
|
|
|
backstageProjectCM.Register(ProjectService)
|
|
|
backstageProjectCM.Register(backstageService)
|
|
|
backstageProjectCM.Router.Use(middleware.SessionsBackstageAuth)
|
|
|
backstageProjectCM.Router.Use(middleware.AccessBackstageAuth)
|
|
|
+ backstageProjectCM.Router.Use(middleware.SetCsrf)
|
|
|
backstageProjectCM.Handle(new(backstage.ProjectBs))
|
|
|
|
|
|
- backstageAccountCM := mvc.New(b.Party("/api/backstage/account"))
|
|
|
+ backstageAccountCM := mvc.New(b.Party("/api/backstage/account", b.Protect))
|
|
|
backstageAccountCM.Register(ProjectAccountService)
|
|
|
backstageAccountCM.Register(ProjectService)
|
|
|
backstageAccountCM.Register(BidAccountService)
|
|
|
backstageAccountCM.Register(backstageService)
|
|
|
backstageAccountCM.Router.Use(middleware.SessionsBackstageAuth)
|
|
|
backstageAccountCM.Router.Use(middleware.AccessBackstageAuth)
|
|
|
+ backstageAccountCM.Router.Use(middleware.SetCsrf)
|
|
|
backstageAccountCM.Handle(new(backstage.ProjectAccountBs))
|
|
|
|
|
|
managerCM := mvc.New(b.Party("/api/backstage/manager"))
|
|
|
@@ -256,4 +270,6 @@ func Configure(b *bootstrap.Bootstrapper) {
|
|
|
versionCM.Router.Use(middleware.SessionsBackstageAuth)
|
|
|
versionCM.Handle(new(backstage.VersionBs))
|
|
|
|
|
|
+ //CSRF相关
|
|
|
+ // b.Use(middleware.SetCsrf)
|
|
|
}
|
