| 51 | } |
| 52 | |
| 53 | func InitV2Router() http.Handler { |
| 54 | appManagement := v2Route.NewCasaOS() |
| 55 | |
| 56 | e := echo.New() |
| 57 | |
| 58 | e.Use((echo_middleware.CORSWithConfig(echo_middleware.CORSConfig{ |
| 59 | AllowOrigins: []string{"*"}, |
| 60 | AllowMethods: []string{echo.POST, echo.GET, echo.OPTIONS, echo.PUT, echo.DELETE}, |
| 61 | AllowHeaders: []string{echo.HeaderAuthorization, echo.HeaderContentLength, echo.HeaderXCSRFToken, echo.HeaderContentType, echo.HeaderAccessControlAllowOrigin, echo.HeaderAccessControlAllowHeaders, echo.HeaderAccessControlAllowMethods, echo.HeaderConnection, echo.HeaderOrigin, echo.HeaderXRequestedWith}, |
| 62 | ExposeHeaders: []string{echo.HeaderContentLength, echo.HeaderAccessControlAllowOrigin, echo.HeaderAccessControlAllowHeaders}, |
| 63 | MaxAge: 172800, |
| 64 | AllowCredentials: true, |
| 65 | }))) |
| 66 | |
| 67 | e.Use(echo_middleware.Gzip()) |
| 68 | |
| 69 | e.Use(echo_middleware.Logger()) |
| 70 | |
| 71 | e.Use(echo_middleware.JWTWithConfig(echo_middleware.JWTConfig{ |
| 72 | Skipper: func(c echo.Context) bool { |
| 73 | return c.RealIP() == "::1" || c.RealIP() == "127.0.0.1" |
| 74 | // return true |
| 75 | }, |
| 76 | ParseTokenFunc: func(token string, c echo.Context) (interface{}, error) { |
| 77 | valid, claims, err := jwt.Validate(token, func() (*ecdsa.PublicKey, error) { return external.GetPublicKey(config.CommonInfo.RuntimePath) }) |
| 78 | if err != nil || !valid { |
| 79 | return nil, echo.ErrUnauthorized |
| 80 | } |
| 81 | c.Request().Header.Set("user_id", strconv.Itoa(claims.ID)) |
| 82 | |
| 83 | return claims, nil |
| 84 | }, |
| 85 | TokenLookupFuncs: []echo_middleware.ValuesExtractor{ |
| 86 | func(ctx echo.Context) ([]string, error) { |
| 87 | if len(ctx.Request().Header.Get(echo.HeaderAuthorization)) > 0 { |
| 88 | return []string{ctx.Request().Header.Get(echo.HeaderAuthorization)}, nil |
| 89 | } |
| 90 | return []string{ctx.QueryParam("token")}, nil |
| 91 | }, |
| 92 | }, |
| 93 | })) |
| 94 | |
| 95 | // e.Use(func(next echo.HandlerFunc) echo.HandlerFunc { |
| 96 | // return func(c echo.Context) error { |
| 97 | // switch c.Request().Header.Get(echo.HeaderContentType) { |
| 98 | // case common.MIMEApplicationYAML: // in case request contains a compose content in YAML |
| 99 | // return middleware.OapiRequestValidatorWithOptions(_swagger, &middleware.Options{ |
| 100 | // Options: openapi3filter.Options{ |
| 101 | // AuthenticationFunc: openapi3filter.NoopAuthenticationFunc, |
| 102 | // // ExcludeRequestBody: true, |
| 103 | // // ExcludeResponseBody: true, |
| 104 | // }, |
| 105 | // })(next)(c) |
| 106 | |
| 107 | // default: |
| 108 | // return middleware.OapiRequestValidatorWithOptions(_swagger, &middleware.Options{ |
| 109 | // Options: openapi3filter.Options{ |
| 110 | // AuthenticationFunc: openapi3filter.NoopAuthenticationFunc, |