12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273 |
- package middleware
- import (
- "github.com/gin-gonic/gin"
- "lcfns/config"
- "lcfns/global"
- "net/http"
- )
- // Cors 直接放行所有跨域请求并放行所有 OPTIONS 方法
- func Cors() gin.HandlerFunc {
- return func(c *gin.Context) {
- method := c.Request.Method
- origin := c.Request.Header.Get("Origin")
- c.Header("Access-Control-Allow-Origin", origin)
- c.Header("Access-Control-Allow-Headers", "Content-Type,AccessToken,X-CSRF-Token, Authorization, Token,X-Token,X-User-Id")
- c.Header("Access-Control-Allow-Methods", "POST, GET, OPTIONS,DELETE,PUT")
- c.Header("Access-Control-Expose-Headers", "Content-Length, Access-Control-Allow-Origin, Access-Control-Allow-Headers, Content-Type, New-Token, New-Expires-At")
- c.Header("Access-Control-Allow-Credentials", "true")
- // 放行所有OPTIONS方法
- if method == "OPTIONS" {
- c.AbortWithStatus(http.StatusNoContent)
- }
- // 处理请求
- c.Next()
- }
- }
- // CorsByRules 按照配置处理跨域请求
- func CorsByRules() gin.HandlerFunc {
- // 放行全部
- if global.Config.Cors.Mode == "allow-all" {
- return Cors()
- }
- return func(c *gin.Context) {
- whitelist := checkCors(c.GetHeader("origin"))
- // 通过检查, 添加请求头
- if whitelist != nil {
- c.Header("Access-Control-Allow-Origin", whitelist.AllowOrigin)
- c.Header("Access-Control-Allow-Headers", whitelist.AllowHeaders)
- c.Header("Access-Control-Allow-Methods", whitelist.AllowMethods)
- c.Header("Access-Control-Expose-Headers", whitelist.ExposeHeaders)
- if whitelist.AllowCredentials {
- c.Header("Access-Control-Allow-Credentials", "true")
- }
- }
- // 严格白名单模式且未通过检查,直接拒绝处理请求
- if whitelist == nil && global.Config.Cors.Mode == "strict-whitelist" && !(c.Request.Method == "GET" && c.Request.URL.Path == "/health") {
- c.AbortWithStatus(http.StatusForbidden)
- } else {
- // 非严格白名单模式,无论是否通过检查均放行所有 OPTIONS 方法
- if c.Request.Method == http.MethodOptions {
- c.AbortWithStatus(http.StatusNoContent)
- }
- }
- // 处理请求
- c.Next()
- }
- }
- func checkCors(currentOrigin string) *config.CORSWhitelist {
- for _, whitelist := range global.Config.Cors.Whitelist {
- // 遍历配置中的跨域头,寻找匹配项
- if currentOrigin == whitelist.AllowOrigin {
- return &whitelist
- }
- }
- return nil
- }
|