特定路由的大猩猩中间件身份验证不起作用
Gorilla middleware authentication for specific routes not working
我正在为 API 编写一个 http 路由器,有些路由需要身份验证,有些则不需要。
我不想在每条路由上都要求验证,所以我把它们分开了。
但是有一个问题:
POST /account <-- 这是一个帐户注册端点,不需要身份验证
DELETE /account <-- 这确实需要身份验证才能删除当前帐户
我不知道如何正确地将它们分开,而且我目前尝试使两者的中间件不同的尝试失败了:
package httpServer
import (
"log"
"net/http"
"httpServer/handlers"
"httpServer/middlewares"
"github.com/gorilla/mux"
"github.com/justinas/alice"
)
func Init() {
log.Println("Initializing http routes...")
defaultmiddlewares := alice.New(middlewares.Logger, middlewares.Recover)
authmiddlewares := alice.New(middlewares.Authenticator)
var mainRouter = mux.NewRouter()
var authRouter = mux.NewRouter()
// No auth required to call this
mainRouter.HandleFunc("/health", handlers.HealthGet).Methods("GET") // Get API health
// authrouter should be a extension of main router (i think)
mainRouter.Handle("/", authmiddlewares.Then(authRouter))
// Authentication is not required for this
mainRouter.HandleFunc("/account", handlers.AccountPost).Methods("POST") // Create an account
// Authentication is required for this
authRouter.HandleFunc("/account", handlers.AccountDelete).Methods("DELETE") // Delete my account
// WebSocket endpoint:
authRouter.HandleFunc("/ws", handlers.UpgradeWs)
authRouter.HandleFunc("/ws/", handlers.UpgradeWs) // If i dont add this it doesnt work??
// Register mainRouter
http.Handle("/", defaultmiddlewares.Then(mainRouter))
}
调用 GET /health 就好了:
但是调用 DELETE /account 失败并显示 404 Not Found:
(也在接近 Init() 函数的末尾时,我注册了一个 websocket 端点,出于某种原因,如果我不注册这两个端点,它将无法连接?)
您初始化了两个路由器 mainRouter
和 authRouter
,并且只启动了 mainRouter
。 DELETE /account
绑定到 authRouter
。那不是开始和听。这就是为什么404来了。
并且您可以将自定义中间件实现写入 gorilla/mux Middleware interface 并与 gorilla/mux
路由器一起使用。示例代码如下
func Init() {
log.Println("Initializing http routes...")
r := mux.NewRouter()
middleware := Middleware{
// inject any dependency if you need
}
r.Use(middleware.MiddlewareFunc)
// No auth required to call this
r.HandleFunc("/health", handlers.HealthGet).Methods("GET") // Get API health
// authrouter should be a extension of main router (i think)
r.Handle("/", authmiddlewares.Then(authRouter))
// Authentication is not required for this
r.HandleFunc("/account", handlers.AccountPost).Methods("POST") // Create an account
// Authentication is required for this
r.HandleFunc("/account", handlers.AccountDelete).Methods("DELETE") // Delete my account
http.ListenAndServe(":8080", r)
}
// Middleware your custom middleware implementation
type Middleware struct {}
func (m Middleware) MiddlewareFunc(handler http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// you can check request method and paths and you can do authentications here
//eg := method = DELETE and path = /account, do authentication
handler.ServeHTTP(w, r)
})
}
我正在为 API 编写一个 http 路由器,有些路由需要身份验证,有些则不需要。
我不想在每条路由上都要求验证,所以我把它们分开了。
但是有一个问题:
POST /account <-- 这是一个帐户注册端点,不需要身份验证
DELETE /account <-- 这确实需要身份验证才能删除当前帐户
我不知道如何正确地将它们分开,而且我目前尝试使两者的中间件不同的尝试失败了:
package httpServer
import (
"log"
"net/http"
"httpServer/handlers"
"httpServer/middlewares"
"github.com/gorilla/mux"
"github.com/justinas/alice"
)
func Init() {
log.Println("Initializing http routes...")
defaultmiddlewares := alice.New(middlewares.Logger, middlewares.Recover)
authmiddlewares := alice.New(middlewares.Authenticator)
var mainRouter = mux.NewRouter()
var authRouter = mux.NewRouter()
// No auth required to call this
mainRouter.HandleFunc("/health", handlers.HealthGet).Methods("GET") // Get API health
// authrouter should be a extension of main router (i think)
mainRouter.Handle("/", authmiddlewares.Then(authRouter))
// Authentication is not required for this
mainRouter.HandleFunc("/account", handlers.AccountPost).Methods("POST") // Create an account
// Authentication is required for this
authRouter.HandleFunc("/account", handlers.AccountDelete).Methods("DELETE") // Delete my account
// WebSocket endpoint:
authRouter.HandleFunc("/ws", handlers.UpgradeWs)
authRouter.HandleFunc("/ws/", handlers.UpgradeWs) // If i dont add this it doesnt work??
// Register mainRouter
http.Handle("/", defaultmiddlewares.Then(mainRouter))
}
调用 GET /health 就好了:
(也在接近 Init() 函数的末尾时,我注册了一个 websocket 端点,出于某种原因,如果我不注册这两个端点,它将无法连接?)
您初始化了两个路由器 mainRouter
和 authRouter
,并且只启动了 mainRouter
。 DELETE /account
绑定到 authRouter
。那不是开始和听。这就是为什么404来了。
并且您可以将自定义中间件实现写入 gorilla/mux Middleware interface 并与 gorilla/mux
路由器一起使用。示例代码如下
func Init() {
log.Println("Initializing http routes...")
r := mux.NewRouter()
middleware := Middleware{
// inject any dependency if you need
}
r.Use(middleware.MiddlewareFunc)
// No auth required to call this
r.HandleFunc("/health", handlers.HealthGet).Methods("GET") // Get API health
// authrouter should be a extension of main router (i think)
r.Handle("/", authmiddlewares.Then(authRouter))
// Authentication is not required for this
r.HandleFunc("/account", handlers.AccountPost).Methods("POST") // Create an account
// Authentication is required for this
r.HandleFunc("/account", handlers.AccountDelete).Methods("DELETE") // Delete my account
http.ListenAndServe(":8080", r)
}
// Middleware your custom middleware implementation
type Middleware struct {}
func (m Middleware) MiddlewareFunc(handler http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// you can check request method and paths and you can do authentications here
//eg := method = DELETE and path = /account, do authentication
handler.ServeHTTP(w, r)
})
}