SRM system
blame | 历史 | 原始文档
liujiandao
2024-03-29 423b67277209a947186ee5ec936bf450d8d9967b 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

package middleware


 


import (


    "github.com/gin-gonic/gin"


    "net/http"


    "srm/config"


    "srm/global"


)


 


// Cors 直接放行所有跨域请求并放行所有 OPTIONS 方法


func Cors() gin.HandlerFunc {


    return func(c *gin.Context) {


        method := c.Request.Method


        origin := c.Request.Header.Get("Origin")


        c.Header("Access-Control-Allow-Origin", origin)


        c.Header("Access-Control-Allow-Headers", "Content-Type,AccessToken,X-CSRF-Token, Authorization, Token,X-Token,X-User-Id")


        c.Header("Access-Control-Allow-Methods", "POST, GET, OPTIONS,DELETE,PUT")


        c.Header("Access-Control-Expose-Headers", "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type, New-Token, New-Expires-At")


        c.Header("Access-Control-Allow-Credentials", "true")


 


        // 放行所有OPTIONS方法


        if method == "OPTIONS" {


            c.AbortWithStatus(http.StatusNoContent)


        }


        // 处理请求


        c.Next()


    }


}


 


// CorsByRules 按照配置处理跨域请求


func CorsByRules() gin.HandlerFunc {


    // 放行全部


    if global.GVA_CONFIG.Cors.Mode == "allow-all" {


        return Cors()


    }


    return func(c *gin.Context) {


        whitelist := checkCors(c.GetHeader("origin"))


 


        // 通过检查, 添加请求头


        if whitelist != nil {


            c.Header("Access-Control-Allow-Origin", whitelist.AllowOrigin)


            c.Header("Access-Control-Allow-Headers", whitelist.AllowHeaders)


            c.Header("Access-Control-Allow-Methods", whitelist.AllowMethods)


            c.Header("Access-Control-Expose-Headers", whitelist.ExposeHeaders)


            if whitelist.AllowCredentials {


                c.Header("Access-Control-Allow-Credentials", "true")


            }


        }


 


        // 严格白名单模式且未通过检查,直接拒绝处理请求


        if whitelist == nil && global.GVA_CONFIG.Cors.Mode == "strict-whitelist" && !(c.Request.Method == "GET" && c.Request.URL.Path == "/health") {


            c.AbortWithStatus(http.StatusForbidden)


        } else {


            // 非严格白名单模式,无论是否通过检查均放行所有 OPTIONS 方法


            if c.Request.Method == http.MethodOptions {


                c.AbortWithStatus(http.StatusNoContent)


            }


        }


 


        // 处理请求


        c.Next()


    }


}


 


func checkCors(currentOrigin string) *config.CORSWhitelist {


    for _, whitelist := range global.GVA_CONFIG.Cors.Whitelist {


        // 遍历配置中的跨域头,寻找匹配项


        if currentOrigin == whitelist.AllowOrigin {


            return &whitelist


        }


    }


    return nil


}