token校验增加白名单

2024-05-30 17:50:33 +08:00 · 2024-05-30 17:50:33 +08:00 · fb387614d4
commit fb387614d4
parent a3875f0110
2 changed files with 17 additions and 2 deletions
--- a/api/src/router.rs
+++ b/api/src/router.rs
@ -8,9 +8,10 @@ use tower_http::trace::TraceLayer;
 pub(crate) fn init() -> Router {
    let open = Router::new().route("/", get(|| async { "hello" }));
-    let auth = Router::new()
+    let auth: Router = Router::new()
        .route("/account/google", post(controller::account::authenticate_google))
-        .route("/feedback", post(controller::feedback::add_feedback).get(controller::feedback::get_feedback_list_by_page));
+        .route("/feedback", post(controller::feedback::add_feedback).get(controller::feedback::get_feedback_list_by_page))
        .layer(axum::middleware::from_fn(library::middleware::req_token::authenticate_access_token));
    Router::new()
        .nest("/", open)
--- a/library/src/middleware/req_token.rs
+++ b/library/src/middleware/req_token.rs
@ -4,8 +4,22 @@ use jsonwebtoken::{decode, DecodingKey, Validation};
 use crate::{cache::login_cache::LOGIN_CACHE, config, token::Claims};
 const WHITE_LIST: &[(&str, &str)] = &[
    ("GET", "/api/v1/users/:id"),
    ("POST", "/api/v1/orders"),
    ("GET", "/feedback")
 ];
 pub async fn authenticate_access_token(mut req: Request, next: Next) -> Response {
    // 获取请求的url和method，然后判断是否在白名单中，如果在白名单中，则直接返回next(req)，否则继续执行下面的代码
    let method = req.method().clone().to_string();
    let uri = req.uri().path_and_query().unwrap().to_string();
    if WHITE_LIST.into_iter().find(|item| {
        return item.0 == method && item.1 == uri;
    }).is_some() {
        return next.run(req).await;
    }
    let auth_header = req.headers().get(header::AUTHORIZATION);
    let token = match auth_header {
        Some(header_value) => {