英文:
Filter patterns in router
问题
对于每个用户,Beego 应用程序会在 /static/users/
目录下创建一个目录,形式为:/static/users/USER_ID/private
和 /static/users/USER_ID/public
,其中 USER_ID 是每个用户的 ID。
我想要保护私有文件,只有拥有这些文件的用户才能通过过滤器访问。
路由器中的模式如下:
beego.InsertFilter("/static/users/:userId([0-9]+)/private/*", beego.BeforeRouter, controllers.ProtectPrivateUploads)
过滤器函数如下:
var ProtectPrivateUploads = func(ctx *context.Context) { fmt.Println("Protecting content") }
相关的 URL 的形式如下:
domain.com/static/users/USERID/private/123135645.png
问题是过滤器函数根本没有被调用,所以我认为我在路由器中的模式上可能做错了什么。
欢迎提出任何想法。
英文:
For each user, the Beego app creates a directory under /static/users/
in the form of: /static/users/USER_ID/private
and /static/users/USER_ID/public
, where USER_ID the ID of each user.
I want to protect the private files so that only the user owning them to be able to access with the use of Filters.
The pattern in router is the following:
beego.InsertFilter("/static/users/:userId([0-9]+)/private/*", beego.BeforeRouter, controllers.ProtectPrivateUploads)
and the filter function is the following:
var ProtectPrivateUploads = func(ctx *context.Context) {
fmt.Println("Protecting content")
}
the relevant URL has the following form:
domain.com/static/users/USERID/private/123135645.png
The problem is that the filter function does not get called at all so I am assuming that I must have done something wrong with the pattern in the router.
Any ideas would be welcomed.
答案1
得分: 2
似乎在beego.BeforeStatic
的过滤器中还有另一个插入点,但在http://beego.me/docs/mvc/controller/filter.md中没有记录。
通过查看https://github.com/astaxie/beego/blob/master/router.go中的代码,可以确定触发过滤器的接受位置如下:
const (
// 默认的过滤器执行位置
BeforeStatic = iota
BeforeRouter
BeforeExec
AfterExec
FinishRouter
)
因此,要触发静态文件过滤器的有效调用可以是:
beego.InsertFilter("/static/users/:userId([0-9]+)/private/*", beego.BeforeStatic, controllers.ProtectPrivateUploads)
更新
可以使用以下函数获取beego.BeforeRouter
路由位置的会话对象:
sess,_ := beego.GlobalSessions.SessionStart(ctx.ResponseWriter, ctx.Request)
因此,保护/static/
URL下内容的有效路由器和过滤器如下:
路由器:
beego.InsertFilter("/static/users/:id([0-9]+)/private/*", beego.BeforeStatic, controllers.ProtectPrivateUploads)
过滤器:
var ProtectPrivateUploads = func(ctx *context.Context) {
sess,_ := beego.GlobalSessions.SessionStart(ctx.ResponseWriter, ctx.Request)
defer sess.SessionRelease(ctx.ResponseWriter)
ses := sess.Get("sessionid")
if ses != nil {
// 从会话中获取用户ID,并检查用户是否可以访问请求的URL
}
英文:
It seems that there is another point of insert for filters beego.BeforeStatic
but it is not documented at http://beego.me/docs/mvc/controller/filter.md
by looking the code at https://github.com/astaxie/beego/blob/master/router.go, these are the accepted positions when one can trigger the filter:
const (
// default filter execution points
BeforeStatic = iota
BeforeRouter
BeforeExec
AfterExec
FinishRouter
)
so a valid call in order to trigger a filter for static files could be:
beego.InsertFilter("/static/users/:userId([0-9]+)/private/*", beego.BeforeStatic, controllers.ProtectPrivateUploads)
Update
The session object for the beego.BeforeRouter
router position can be obtained using the following function:
sess,_ := beego.GlobalSessions.SessionStart(ctx.ResponseWriter, ctx.Request)
as a result a valid router and filter to protect content under /static/
url would be:
router:
beego.InsertFilter("/static/users/:id([0-9]+)/private/*", beego.BeforeStatic, controllers.ProtectPrivateUploads)
filter:
var ProtectPrivateUploads = func(ctx *context.Context) {
sess,_ := beego.GlobalSessions.SessionStart(ctx.ResponseWriter, ctx.Request)
defer sess.SessionRelease(ctx.ResponseWriter)
ses := sess.Get("sessionid")
if ses != nil {
// get user's id from the session and check if the user can access the requested URL
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论