修改鉴权逻辑

提升对第三方鉴权系统接入的便利性为 API 文档的撰写提供基础
lilac-milena · Mar 15, 2024 · cac2f3f · cac2f3f
1 parent 9712ceb
commit cac2f3f
Show file tree

Hide file tree

Showing 5 changed files with 58 additions and 23 deletions.
diff --git a/admin/assets/js/main.js b/admin/assets/js/main.js
@@ -57,12 +57,16 @@ function ml_getCustomUrl() {
     return customUrl;
 }
 
-function ml_sessionLogin(password) {
+function ml_sessionLogin(auth) {
     return new Promise((resolve, reject) => {
         var settings = {
-            "url": customUrl+"/admin/api/auth?session="+JSON.stringify({"type":"session","session":password}),
+            "url": customUrl+"/admin/api/auth",
             "method": "GET",
             "timeout": 0,
+            "headers": {
+                "type": auth.type,
+                "session": auth.session
+            },
             async: false,
             error: function (xhr, status, error) {
                 // 获取状态码
@@ -91,7 +95,7 @@ function ml_sessionLogin(password) {
     })
 }
 
-function ml_convert(to, path, session) {
+function ml_convert(to, path, auth) {
     if (to == undefined || to == "") {
         return({"status":false, "msg":"URL can't be empty"})
     }
@@ -111,9 +115,13 @@ function ml_convert(to, path, session) {
 
     return new Promise((resolve, reject) => {
         var settings = {
-            "url": customUrl+"/admin/api/create?session="+session+"&to="+btoa(to)+requestAdd,
+            "url": customUrl+"/admin/api/create?to="+btoa(to)+requestAdd,
             "method": "GET",
             "timeout": 0,
+            "headers": {
+                "type": auth.type,
+                "session": auth.session
+            },
             async: false,
             error: function (xhr, status, error) {
                 // 获取状态码

diff --git a/admin/create.html b/admin/create.html
@@ -49,11 +49,15 @@ <h1 class="display-6 fw-bold mb-4">Create</h1>
     <script src="/admin/assets/js/main.js"></script>
 
     <script>
-        const session = localStorage.getItem("session")
+        try {
+            const auth = JSON.parse(localStorage.getItem("auth"))
+        } catch {
+            const auth = null
+        }
 
         async function main() {
-            if (session != null) {
-                var res = await ml_sessionLogin(session)
+            if (auth != null) {
+                var res = await ml_sessionLogin(auth)
                 if (res.status == false) {
                     logout()
                 }
@@ -68,7 +72,7 @@ <h1 class="display-6 fw-bold mb-4">Create</h1>
             var to = $('#longUrl_input').val()
             var path = $('#path_input').val()
 
-            var res = await ml_convert(to, path, JSON.stringify({"type":"session","session":session}))
+            var res = await ml_convert(to, path, auth)
             if (res.status) {
                 console.log(res)
                 $('#urlShower').text(res.url)

diff --git a/admin/index.html b/admin/index.html
@@ -67,7 +67,11 @@ <h2 class="display-6 fw-bold mb-5"><span class="pb-1"><strong>Magic Link | Login
     var url = fullUrl()
     var to = getUrlParam("to")
 
-    const session = localStorage.getItem("session") 
+    try {
+        const auth = JSON.parse(localStorage.getItem("auth"))
+    } catch {
+        const auth = null
+    }
 
     function jump() {
         if (to == null) {
@@ -84,7 +88,7 @@ <h2 class="display-6 fw-bold mb-5"><span class="pb-1"><strong>Magic Link | Login
         oLoginBtn.disabled = true
         var res = await ml_sessionLogin(password)
         if (res.status) {
-            localStorage.setItem("session",password)
+            localStorage.setItem("auth",JSON.stringify({"type":"session","session":password}))
             jump()
         } else {
             alert("Authentication failed, please check whether your login credentials are correct.")
@@ -93,12 +97,12 @@ <h2 class="display-6 fw-bold mb-5"><span class="pb-1"><strong>Magic Link | Login
     }
 
     async function main() {
-        if (session != null) { 
-            var res = await ml_sessionLogin(session)
+        if (auth != null) { 
+            var res = await ml_sessionLogin(auth)
             if (res.status) {
                 jump()
             } else {
-                localStorage.removeItem("session")
+                localStorage.removeItem("auth")
             }
         }
     }

diff --git a/admin/list.html b/admin/list.html
@@ -66,11 +66,15 @@ <h1 class="display-6 fw-bold mb-4">List</h1>
         // The following code needs to be rewritten and optimized
 
         var url = fullUrl()
-        let session = localStorage.getItem("session")
-        if (session == null) {
+        try {
+            const auth = JSON.parse(localStorage.getItem("auth"))
+        } catch {
+            const auth = null
+        }
+        if (auth == null) {
             logout()
         }
-        session = JSON.stringify({"type":"session","session":session})
+
         let furl = ""
         if (customUrl == "" || customUrl == undefined) {
             furl = fullUrl()
@@ -87,9 +91,13 @@ <h1 class="display-6 fw-bold mb-4">List</h1>
             if (confirm(path+" => "+to +"\nConfirm to delete?") == true) {
 
                 var settings = {
-                    "url": customUrl+"/admin/api/delete?session="+session+"&path=" + path,
+                    "url": customUrl+"/admin/api/delete?path=" + path,
                     "method": "GET",
                     "timeout": 0,
+                    "headers": {
+                        "type": auth.type,
+                        "session": auth.session
+                    },
                     async: false,
                     error: function (xhr, status, error) {
                         // 获取状态码
@@ -165,9 +173,13 @@ <h1 class="display-6 fw-bold mb-4">List</h1>
 
             // http
             var settings = {
-                "url": customUrl+"/admin/api/getLinkList?session="+session+"&page="+list_this_page+"&pageSize=20"+searchAdd,
+                "url": customUrl+"/admin/api/getLinkList?page="+list_this_page+"&pageSize=20"+searchAdd,
                 "method": "GET",
                 "timeout": 0,
+                "headers": {
+                    "type": auth.type,
+                    "session": auth.session
+                },
                 async: false,
                 error: function (xhr, status, error) {
                     // 获取状态码
@@ -241,13 +253,18 @@ <h1 class="display-6 fw-bold mb-4">List</h1>
                 return;
             }
 
+            const myHeaders = new Headers();
+            myHeaders.append("type", auth.type);
+            myHeaders.append("session", auth.session);
+
             var requestOptions = {
             method: 'GET',
+            headers: myHeaders,
             redirect: 'follow'
             };
 
             return new Promise((resolve, reject) => {
-                fetch(customUrl+"/admin/api/edit?session="+session+"&path="+path+"&newPath="+btoa(newPath), requestOptions)
+                fetch(customUrl+"/admin/api/edit?path="+path+"&newPath="+btoa(newPath), requestOptions)
                 .then(response => response.text())
                 .then(result => {
                     const data = JSON.parse(result)

diff --git a/api/main.js b/api/main.js
@@ -1,5 +1,5 @@
-// 芙桜竹 2023
-// Github fuingzu
+// 芙桜竹 2024
+// Github lilac-milena
 // Website muna.uk
 // LastUpdate: V4.28-P ITAP7
 
@@ -110,7 +110,6 @@ class MunakaDatabaseFunctionsClass {
         return true
     }
     async auth(session) { // 如需修改权限验证方式请修改此函数
-        var session = JSON.parse(session)
         switch (session.type) {
             case "session":
                 if (session.session == AdminSession) {
@@ -245,7 +244,10 @@ app.all('*', function (req, res, next) {
 app.get("/admin/api/*", async (req, res) => {
     let path = req.query.path
     let to = req.query.to
-    let session = req.query.session
+    let session = {
+        type: req.headers.type,
+        session: req.headers.session
+    }
 
     let apiPath = req.path