chore: update middleware skipper (#887)

* chore: update middleware skipper * chore: update

chore: update middleware skipper (#887)
* chore: update middleware skipper * chore: update
a797280e · boojack · GitHub · 293f88e4 · 293f88e4 · a797280e
Unverified Commit a797280e authored Jan 01, 2023 by boojack Committed by GitHub Jan 01, 2023
13 changed files
--- a/.github/workflows/backend-tests-default.yml
+++ b/.github/workflows/backend-tests-default.yml
-name: Default Backend Test
-on:
-  pull_request:
-    branches:
-      - main
-      - "release/*.*.*"
-    paths:
-      - "web/**"
-jobs:
-  go-static-checks:
-    runs-on: ubuntu-latest
-    steps:
-      - run: 'echo "Not required"'
-  go-tests:
-    runs-on: ubuntu-latest
-    steps:
-      - run: 'echo "Not required"'
--- a/.github/workflows/backend-tests.yml
+++ b/.github/workflows/backend-tests.yml
@@ -5,8 +5,6 @@ on:
    branches:
      - main
      - "release/*.*.*"
-    paths-ignore:
-      - "web/**"
 jobs:
  go-static-checks:

--- a/.github/workflows/frontend-tests-default.yml
+++ b/.github/workflows/frontend-tests-default.yml
-name: Default Frontend Test
-on:
-  pull_request:
-    branches:
-      - main
-      - "release/*.*.*"
-    paths-ignore:
-      - "web/**"
-jobs:
-  eslint-checks:
-    runs-on: ubuntu-latest
-    steps:
-      - run: 'echo "Not required"'
-  jest-tests:
-    runs-on: ubuntu-latest
-    steps:
-      - run: 'echo "Not required"'
-  frontend-build:
-    runs-on: ubuntu-latest
-    steps:
-      - run: 'echo "Not required"'
--- a/.github/workflows/frontend-tests.yml
+++ b/.github/workflows/frontend-tests.yml
@@ -5,8 +5,6 @@ on:
    branches:
      - main
      - "release/*.*.*"
-    paths:
-      - "web/**"
 jobs:
  eslint-checks:

--- a/api/auth.go
+++ b/api/auth.go
 package api
-type Signin struct {
+type SignIn struct {
 	Username string `json:"username"`
 	Password string `json:"password"`
 }
-type Signup struct {
+type SignUp struct {
 	Username string `json:"username"`
 	Password string `json:"password"`
 	Role     Role   `json:"role"`

--- a/server/acl.go
+++ b/server/acl.go
@@ -15,6 +15,7 @@ import (
 var (
 	userIDContextKey = "user-id"
+	sessionName      = "memos_session"
 )
 func getUserIDContextKey() string {
@@ -22,7 +23,7 @@ func getUserIDContextKey() string {
 }
 func setUserSession(ctx echo.Context, user *api.User) error {
-	sess, _ := session.Get("memos_session", ctx)
+	sess, _ := session.Get(sessionName, ctx)
 	sess.Options = &sessions.Options{
 		Path:     "/",
 		MaxAge:   3600 * 24 * 30,
@@ -38,7 +39,7 @@ func setUserSession(ctx echo.Context, user *api.User) error {
 }
 func removeUserSession(ctx echo.Context) error {
-	sess, _ := session.Get("memos_session", ctx)
+	sess, _ := session.Get(sessionName, ctx)
 	sess.Options = &sessions.Options{
 		Path:     "/",
 		MaxAge:   0,
@@ -57,32 +58,11 @@ func aclMiddleware(s *Server, next echo.HandlerFunc) echo.HandlerFunc {
 		ctx := c.Request().Context()
 		path := c.Path()
-		// Skip auth.
+		if s.DefaultAuthSkipper(c) {
-		if common.HasPrefixes(path, "/api/auth") {
 			return next(c)
 		}
-		{
+		sess, _ := session.Get(sessionName, c)
-			// If there is openId in query string and related user is found, then skip auth.
-			openID := c.QueryParam("openId")
-			if openID != "" {
-				userFind := &api.UserFind{
-					OpenID: &openID,
-				}
-				user, err := s.Store.FindUser(ctx, userFind)
-				if err != nil && common.ErrorCode(err) != common.NotFound {
-					return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user by open_id").SetInternal(err)
-				}
-				if user != nil {
-					// Stores userID into context.
-					c.Set(getUserIDContextKey(), user.ID)
-					return next(c)
-				}
-			}
-		}
-		{
-			sess, _ := session.Get("memos_session", c)
 		userIDValue := sess.Values[userIDContextKey]
 		if userIDValue != nil {
 			userID, _ := strconv.Atoi(fmt.Sprintf("%v", userIDValue))
@@ -100,18 +80,11 @@ func aclMiddleware(s *Server, next echo.HandlerFunc) echo.HandlerFunc {
 				c.Set(getUserIDContextKey(), userID)
 			}
 		}
-		}
-		if common.HasPrefixes(path, "/api/ping", "/api/status", "/api/user/:id", "/api/memo/all", "/api/memo/:memoId", "/api/memo/amount") && c.Request().Method == http.MethodGet {
+		if common.HasPrefixes(path, "/api/ping", "/api/status", "/api/user/:id", "/api/memo") && c.Request().Method == http.MethodGet {
 			return next(c)
 		}
-		if common.HasPrefixes(path, "/api/memo", "/api/tag", "/api/shortcut") && c.Request().Method == http.MethodGet {
-			if _, err := strconv.Atoi(c.QueryParam("creatorId")); err == nil {
-				return next(c)
-			}
-		}
 		userID := c.Get(getUserIDContextKey())
 		if userID == nil {
 			return echo.NewHTTPError(http.StatusUnauthorized, "Missing user in session")

--- a/server/auth.go
+++ b/server/auth.go
@@ -16,7 +16,7 @@ import (
 func (s *Server) registerAuthRoutes(g *echo.Group) {
 	g.POST("/auth/signin", func(c echo.Context) error {
 		ctx := c.Request().Context()
-		signin := &api.Signin{}
+		signin := &api.SignIn{}
 		if err := json.NewDecoder(c.Request().Body).Decode(signin); err != nil {
 			return echo.NewHTTPError(http.StatusBadRequest, "Malformatted signin request").SetInternal(err)
 		}
@@ -56,7 +56,7 @@ func (s *Server) registerAuthRoutes(g *echo.Group) {
 	g.POST("/auth/signup", func(c echo.Context) error {
 		ctx := c.Request().Context()
-		signup := &api.Signup{}
+		signup := &api.SignUp{}
 		if err := json.NewDecoder(c.Request().Body).Decode(signup); err != nil {
 			return echo.NewHTTPError(http.StatusBadRequest, "Malformatted signup request").SetInternal(err)
 		}
@@ -130,14 +130,14 @@ func (s *Server) registerAuthRoutes(g *echo.Group) {
 		return nil
 	})
-	g.POST("/auth/logout", func(c echo.Context) error {
+	g.POST("/auth/signout", func(c echo.Context) error {
 		ctx := c.Request().Context()
 		err := removeUserSession(c)
 		if err != nil {
-			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to set logout session").SetInternal(err)
+			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to set sign out session").SetInternal(err)
 		}
 		s.Collector.Collect(ctx, &metric.Metric{
-			Name: "user logout",
+			Name: "user signout",
 		})
 		return c.JSON(http.StatusOK, true)

--- a/server/common.go
+++ b/server/common.go
 package server
-func composeResponse(data interface{}) interface{} {
+import (
-	type R struct {
+	"github.com/labstack/echo/v4"
+	"github.com/usememos/memos/api"
+	"github.com/usememos/memos/common"
+)
+type response struct {
 	Data interface{} `json:"data"`
-	}
+}
-	return R{
+func composeResponse(data interface{}) response {
+	return response{
 		Data: data,
 	}
 }
+func (server *Server) DefaultAuthSkipper(c echo.Context) bool {
+	ctx := c.Request().Context()
+	path := c.Path()
+	// Skip auth.
+	if common.HasPrefixes(path, "/api/auth") {
+		return true
+	}
+	// If there is openId in query string and related user is found, then skip auth.
+	openID := c.QueryParam("openId")
+	if openID != "" {
+		userFind := &api.UserFind{
+			OpenID: &openID,
+		}
+		user, err := server.Store.FindUser(ctx, userFind)
+		if err != nil && common.ErrorCode(err) != common.NotFound {
+			return false
+		}
+		if user != nil {
+			// Stores userID into context.
+			c.Set(getUserIDContextKey(), user.ID)
+			return true
+		}
+	}
+	return false
+}
--- a/server/server.go
+++ b/server/server.go
@@ -4,8 +4,6 @@ import (
 	"fmt"
 	"time"
-	"github.com/usememos/memos/api"
-	"github.com/usememos/memos/common"
 	"github.com/usememos/memos/server/profile"
 	"github.com/usememos/memos/store"
@@ -43,8 +41,12 @@ func NewServer(profile *profile.Profile) *Server {
 			`"status":${status},"error":"${error}"}` + "\n",
 	}))
+	e.Use(middleware.Gzip())
 	e.Use(middleware.CSRFWithConfig(middleware.CSRFConfig{
-		Skipper:     s.OpenAPISkipper,
+		Skipper: func(c echo.Context) bool {
+			return s.DefaultAuthSkipper(c)
+		},
 		TokenLookup: "cookie:_csrf",
 	}))
@@ -92,35 +94,6 @@ func NewServer(profile *profile.Profile) *Server {
 	return s
 }
-func (server *Server) Run() error {
+func (s *Server) Run() error {
-	return server.e.Start(fmt.Sprintf(":%d", server.Profile.Port))
+	return s.e.Start(fmt.Sprintf(":%d", s.Profile.Port))
-}
-func (server *Server) OpenAPISkipper(c echo.Context) bool {
-	ctx := c.Request().Context()
-	path := c.Path()
-	// Skip auth.
-	if common.HasPrefixes(path, "/api/auth") {
-		return true
-	}
-	// If there is openId in query string and related user is found, then skip auth.
-	openID := c.QueryParam("openId")
-	if openID != "" {
-		userFind := &api.UserFind{
-			OpenID: &openID,
-		}
-		user, err := server.Store.FindUser(ctx, userFind)
-		if err != nil && common.ErrorCode(err) != common.NotFound {
-			return false
-		}
-		if user != nil {
-			// Stores userID into context.
-			c.Set(getUserIDContextKey(), user.ID)
-			return true
-		}
-	}
-	return false
 }
--- a/server/shortcut.go
+++ b/server/shortcut.go
@@ -91,10 +91,10 @@ func (s *Server) registerShortcutRoutes(g *echo.Group) {
 		if !ok {
 			return echo.NewHTTPError(http.StatusBadRequest, "Missing user id to find shortcut")
 		}
 		shortcutFind := &api.ShortcutFind{
 			CreatorID: &userID,
 		}
 		list, err := s.Store.FindShortcutList(ctx, shortcutFind)
 		if err != nil {
 			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to fetch shortcut list").SetInternal(err)

--- a/server/tag.go
+++ b/server/tag.go
@@ -6,7 +6,6 @@ import (
 	"net/http"
 	"regexp"
 	"sort"
-	"strconv"
 	"github.com/usememos/memos/api"
 	"github.com/usememos/memos/common"
@@ -49,19 +48,14 @@ func (s *Server) registerTagRoutes(g *echo.Group) {
 	g.GET("/tag", func(c echo.Context) error {
 		ctx := c.Request().Context()
-		tagFind := &api.TagFind{}
+		userID, ok := c.Get(getUserIDContextKey()).(int)
-		if userID, err := strconv.Atoi(c.QueryParam("creatorId")); err == nil {
-			tagFind.CreatorID = userID
-		}
-		if tagFind.CreatorID == 0 {
-			currentUserID, ok := c.Get(getUserIDContextKey()).(int)
 		if !ok {
 			return echo.NewHTTPError(http.StatusBadRequest, "Missing user id to find tag")
 		}
-			tagFind.CreatorID = currentUserID
-		}
+		tagFind := &api.TagFind{
+			CreatorID: userID,
+		}
 		tagList, err := s.Store.FindTagList(ctx, tagFind)
 		if err != nil {
 			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find tag list").SetInternal(err)

--- a/web/src/helpers/api.ts
+++ b/web/src/helpers/api.ts
@@ -34,7 +34,7 @@ export function signup(username: string, password: string, role: UserRole) {
 }
 export function signout() {
-  return axios.post("/api/auth/logout");
+  return axios.post("/api/auth/signout");
 }
 export function createUser(userCreate: UserCreate) {

--- a/web/src/pages/Auth.tsx
+++ b/web/src/pages/Auth.tsx
@@ -51,7 +51,7 @@ const Auth = () => {
    globalStore.setAppearance(appearance);
  };
-  const handleSigninBtnsClick = async () => {
+  const handleSignInBtnClick = async () => {
    if (actionBtnLoadingState.isLoading) {
      return;
    }
@@ -153,7 +153,7 @@ const Auth = () => {
                    <span className="mr-2 font-mono text-gray-200">/</span>
                  </>
                )}
-                <button className={`btn-primary ${actionBtnLoadingState.isLoading ? "requesting" : ""}`} onClick={handleSigninBtnsClick}>
+                <button className={`btn-primary ${actionBtnLoadingState.isLoading ? "requesting" : ""}`} onClick={handleSignInBtnClick}>
                  {t("common.sign-in")}
                </button>
              </>