package middleware
import (
"gugegin/tools"
"net/http"
"time"
"github.com/gin-gonic/gin"
)
//Nonce 存放随机字符串,防止重复访问
var Nonce = make(map[string]string)
//Ban 存放封禁用户,向该用户发出通知
var Ban = make(map[string]string)
// IsLegitimate 检查是否合法用户,根据接收到的时间戳判断访问时间是否是5分支之内,根据nonce判断是否同一请求重复访问
// IsLegitimate 检查1 时间戳 检查2 nonce 检查3 token
func IsLegitimate() gin.HandlerFunc {
return func(c *gin.Context) {
// 检查时间戳
timestamp := c.GetHeader("timestamp")
if tools.TimeDifference(timestamp) >= 5 { //请求超过5分钟
c.JSON(http.StatusUnauthorized, gin.H{
"message": "请求超时",
})
c.Abort()
return
}
// 检查随机字符串
receiveNonce := c.GetHeader("nonce")
for _, v := range Nonce {
if v == receiveNonce {
c.JSON(http.StatusUnauthorized, gin.H{
"message": "重复请求",
})
c.Abort()
return
} else {
Nonce[receiveNonce] = receiveNonce
}
}
// 检查token
token := c.GetHeader("token")
if !CheckToken(token) {
c.JSON(http.StatusUnauthorized, gin.H{
"message": "访问未授权",
})
c.Abort()
return
}
//检查是否封号
uid := c.GetHeader("uid")
if uid == "" {
c.JSON(http.StatusUnauthorized, gin.H{
"message": "非法用户",
})
c.Abort()
return
} else {
for _, v := range Ban {
if uid == v {
c.JSON(http.StatusUnauthorized, gin.H{
"message": "该账号已被系统管理员封禁",
})
c.Abort()
return
}
}
}
c.Next()
}
}
// RegularCleaning 定时清理随机数map,避免占用太多内存,每隔 5 小时执行一次
func RegularCleaning() {
time.AfterFunc(5*time.Hour, RegularCleaning)
for k, v := range Nonce {
if tools.TimeDifference(v) >= 60*5 {
delete(Nonce, k)
}
}
}
golang拦截
阅读 61
2022-07-13
相关推荐
精彩评论(0)
0 0 举报