过滤路由器中的模式

huangapple go评论87阅读模式
英文:

Filter patterns in router

问题

对于每个用户,Beego 应用程序会在 /static/users/ 目录下创建一个目录,形式为:/static/users/USER_ID/private/static/users/USER_ID/public,其中 USER_ID 是每个用户的 ID。

我想要保护私有文件,只有拥有这些文件的用户才能通过过滤器访问。

路由器中的模式如下:

beego.InsertFilter("/static/users/:userId([0-9]+)/private/*", beego.BeforeRouter, controllers.ProtectPrivateUploads)

过滤器函数如下:

var ProtectPrivateUploads = func(ctx *context.Context) { fmt.Println("Protecting content") }

相关的 URL 的形式如下:

domain.com/static/users/USERID/private/123135645.png

问题是过滤器函数根本没有被调用,所以我认为我在路由器中的模式上可能做错了什么。

欢迎提出任何想法。

英文:

For each user, the Beego app creates a directory under /static/users/ in the form of: /static/users/USER_ID/private and /static/users/USER_ID/public, where USER_ID the ID of each user.

I want to protect the private files so that only the user owning them to be able to access with the use of Filters.

The pattern in router is the following:

beego.InsertFilter("/static/users/:userId([0-9]+)/private/*", beego.BeforeRouter, controllers.ProtectPrivateUploads)

and the filter function is the following:

var ProtectPrivateUploads = func(ctx *context.Context) {
fmt.Println("Protecting content")
}

the relevant URL has the following form:

domain.com/static/users/USERID/private/123135645.png

The problem is that the filter function does not get called at all so I am assuming that I must have done something wrong with the pattern in the router.

Any ideas would be welcomed.

答案1

得分: 2

似乎在beego.BeforeStatic的过滤器中还有另一个插入点,但在http://beego.me/docs/mvc/controller/filter.md中没有记录。

通过查看https://github.com/astaxie/beego/blob/master/router.go中的代码,可以确定触发过滤器的接受位置如下:

const (
    // 默认的过滤器执行位置
    BeforeStatic = iota
    BeforeRouter
    BeforeExec
    AfterExec
    FinishRouter
)

因此,要触发静态文件过滤器的有效调用可以是:

beego.InsertFilter("/static/users/:userId([0-9]+)/private/*", beego.BeforeStatic, controllers.ProtectPrivateUploads)

更新

可以使用以下函数获取beego.BeforeRouter路由位置的会话对象:

sess,_ := beego.GlobalSessions.SessionStart(ctx.ResponseWriter, ctx.Request)

因此,保护/static/ URL下内容的有效路由器和过滤器如下:

路由器:

beego.InsertFilter("/static/users/:id([0-9]+)/private/*", beego.BeforeStatic, controllers.ProtectPrivateUploads)

过滤器:

var ProtectPrivateUploads = func(ctx *context.Context) {
    sess,_ := beego.GlobalSessions.SessionStart(ctx.ResponseWriter, ctx.Request)
    defer sess.SessionRelease(ctx.ResponseWriter)
    ses := sess.Get("sessionid")
    if ses != nil {
       // 从会话中获取用户ID,并检查用户是否可以访问请求的URL
}
英文:

It seems that there is another point of insert for filters beego.BeforeStatic but it is not documented at http://beego.me/docs/mvc/controller/filter.md

by looking the code at https://github.com/astaxie/beego/blob/master/router.go, these are the accepted positions when one can trigger the filter:

const (
    // default filter execution points
    BeforeStatic = iota
    BeforeRouter
    BeforeExec
    AfterExec
    FinishRouter
)

so a valid call in order to trigger a filter for static files could be:

beego.InsertFilter("/static/users/:userId([0-9]+)/private/*", beego.BeforeStatic, controllers.ProtectPrivateUploads)

Update

The session object for the beego.BeforeRouter router position can be obtained using the following function:

sess,_ := beego.GlobalSessions.SessionStart(ctx.ResponseWriter, ctx.Request)

as a result a valid router and filter to protect content under /static/ url would be:

router:

beego.InsertFilter("/static/users/:id([0-9]+)/private/*", beego.BeforeStatic, controllers.ProtectPrivateUploads)

filter:

var ProtectPrivateUploads = func(ctx *context.Context) {
    sess,_ := beego.GlobalSessions.SessionStart(ctx.ResponseWriter, ctx.Request)
    defer sess.SessionRelease(ctx.ResponseWriter)
    ses := sess.Get("sessionid")
    if ses != nil {
       // get user's id from the session and check if the user can access the requested URL
}

huangapple
  • 本文由 发表于 2015年3月18日 16:05:49
  • 转载请务必保留本文链接:https://go.coder-hub.com/29116862.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定