英文:
show static image based on users in golang gin
问题
我正在使用Gin框架。我有一个包含一些课程信息的数据库。用户可以注册课程并访问内容。内容包括图片、视频和音频。
我在数据库中存储这些内容的相对路径,例如:
Content\Courses\CourseOne\Unit_1\image.jpg
然后在Gin中将其转换为实际路径:
route := gin.Default()
route.Static("/Content","./Media")
一切都正常工作,但是我想在访问内容之前对用户进行身份验证。在上述方式中,所有用户都可以通过更改所需模式的地址来访问任何数据。但是我希望只有注册了课程的用户才能访问数据,否则返回404错误。
我该如何实现这个功能?
编辑
由于要求解释身份验证的实现方式:
我使用JWT进行身份验证。每个用户都有一个HashID。我有一个名为UserCourses的表,用户购买课程后会将用户信息插入该表。
这是我的课程路由:
route.GET("api/v1/courses", handler.GetCourses)
这是我的处理程序:
func GetCourses(context *gin.Context) {
hashID, status, err := repository.GetToken(context)
if err != nil {
context.IndentedJSON(status, err)
return
}
courses := make([]model.CourseAPI, 0)
userInfo := model.Users{HashID: hashID}
err = repository.DatabaseInstance.GetCourses(&courses, &userInfo)
if err != nil {
context.IndentedJSON(http.StatusServiceUnavailable, err)
return
}
context.IndentedJSON(http.StatusOK, gin.H{"courses": courses})
}
JWT令牌由客户端在标头中传递。我获取令牌并对其进行验证。令牌包含用户的HashID,我在UserCourses表中检查该HashID。除了课程信息之外,还有一个名为isRegistered的变量。如果HashID在UserCourses表中注册了任何课程,那么该课程的isRegistered变为true,否则为false。
英文:
I'm using the Gin framework. I have a database that contains some course info. Users can register in the courses and access the contents. The contents are image, video, and audio.
I store the relative location of these contents in my database like this:
Content\Courses\CourseOne\Unit_1\image.jpg
and change it to the actual location in gin:
route := gin.Default()
route.Static("/Content","./Media")
Everything works fine, but I am looking for a way to authenticate users before accessing the contents. In the above-mentioned way, all users can access any data by changing the desired pattern's address. But I want if the user is registered in the course, be able to access data, otherwise, get a 404 error.
how can I do that?
Edit
since it was asked to explain the implementation of authentication:
I used JWT for authentication. so each user has a HashID.
I have a table called UserCourses and the user info would be inserted after purchasing a course.
this is my course route:
route.GET("api/v1/courses", handler.GetCourses)
and my handler:
func GetCourses(context *gin.Context) {
hashID, status, err := repository.GetToken(context)
if err != nil {
context.IndentedJSON(status, err)
return
}
courses := make([]model.CourseAPI, 0)
userInfo := model.Users{HashID: hashID}
err = repository.DatabaseInstance.GetCourses(&courses, &userInfo)
if err != nil {
context.IndentedJSON(http.StatusServiceUnavailable, err)
return
}
context.IndentedJSON(http.StatusOK, gin.H{"courses": courses})
}
The JWT token is passed by the client in the header. so I get the token and validate it. The token contains the user HashID and I check for that HashID in the UserCourses table. besides the course info, there is a variable called isRegistered.if the HashID was registered for any course in UserCourses table,the isRegistered become true for that course otherwise false.
答案1
得分: 2
你可以通过创建路由组并应用身份验证中间件来实现。
r = gin.Default()
// 公共路由
r.GET("public", publicHandler)
// 路由组
auth = r.Group("/")
// 在路由组内使用身份验证中间件
auth.Use(AuthMiddleware())
// 在身份验证中间件之前运行的路由
auth.Static("/Content","./Media")
英文:
You can create group route and apply authentication middleware through it
r = gin.Default()
// public routes
r.GET("public", publicHandler)
// routes group
auth = r.Group("/")
// authentication middleware within group
auth.Use(AuthMiddleware())
// route before which auth middleware will be run
auth.Static("/Content","./Media")
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论