From 93a17a1c818f18571cc0b88909480a909144bc2f Mon Sep 17 00:00:00 2001
From: simonzhangsz <simonzhangsz@outlook.com>
Date: Sat, 25 Nov 2023 17:41:20 +0800
Subject: [PATCH] fix: add new authenrization header

---
 restagent/restagent.go | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/restagent/restagent.go b/restagent/restagent.go
index 25d55030..540f7825 100644
--- a/restagent/restagent.go
+++ b/restagent/restagent.go
@@ -19,6 +19,7 @@ import (
 	"ems.agt/lib/routes"
 	"ems.agt/restagent/config"
 	"ems.agt/src"
+	"ems.agt/src/framework/middleware"
 	libSession "ems.agt/src/lib_features/session"
 	"github.com/gin-gonic/gin"
 )
@@ -73,7 +74,8 @@ func HttpListen(addr string, router http.Handler) {
 	}
 }
 
-func HttpListenTLS(addr, certFile, keyFile string, router http.Handler) {
+func HttpListenTLS(addr, caFile, certFile, keyFile string, router http.Handler) {
+	HttpListenConfigTLS(addr, caFile, certFile, keyFile, router)
 	err := http.ListenAndServeTLS(addr, certFile, keyFile, router)
 	if err != nil {
 		fmt.Println("ListenAndServeTLS err:", err)
@@ -92,6 +94,7 @@ func HttpListenConfigTLS(addr, caFile, certFile, keyFile string, router http.Han
 
 	// 创建自定义的TLS配置
 	tlsConfig := &tls.Config{
+		MinVersion: 1,
 		ClientCAs:  caCertPool,
 		ClientAuth: tls.RequireAndVerifyClientCert,
 	}
@@ -110,7 +113,8 @@ func HttpListenConfigTLS(addr, caFile, certFile, keyFile string, router http.Han
 	}
 }
 
-func HttpListenWebServerTLS(addr, certFile, keyFile string) {
+func HttpListenWebServerTLS(addr, caFile, certFile, keyFile string) {
+	HttpListenConfigTLS(addr, caFile, certFile, keyFile, nil)
 	err := http.ListenAndServeTLS(addr, certFile, keyFile, nil)
 	if err != nil {
 		fmt.Println("ListenAndServeTLS err:", err)
@@ -173,6 +177,7 @@ func main() {
 
 	// 默认路由组
 	defaultUriGroup := app.Group(config.DefaultUriPrefix)
+	defaultUriGroup.Use(middleware.PreAuthorize(nil))
 	defaultUriGroup.Use(libSession.SessionHeader())
 	defaultUriGroup.Any("/*any", gin.WrapH(routes.NewRouter()))
 	// 可配置前缀路由组
@@ -188,7 +193,7 @@ func main() {
 		if rest.IPv4 != "" {
 			listen := rest.IPv4 + ":" + strconv.Itoa(int(rest.Port))
 			if strings.ToLower(rest.Scheme) == "https" {
-				go HttpListenTLS(listen, rest.CertFile, rest.KeyFile, app)
+				go HttpListenTLS(listen, rest.CaFile, rest.CertFile, rest.KeyFile, app)
 			} else {
 				go HttpListen(listen, app)
 			}
@@ -198,7 +203,7 @@ func main() {
 		if rest.IPv6 != "" {
 			listenv6 := "[" + rest.IPv6 + "]" + ":" + strconv.Itoa(int(rest.Port))
 			if strings.ToLower(rest.Scheme) == "https" {
-				go HttpListenTLS(listenv6, rest.CertFile, rest.KeyFile, app)
+				go HttpListenTLS(listenv6, rest.CaFile, rest.CertFile, rest.KeyFile, app)
 			} else {
 				go HttpListen(listenv6, app)
 			}
@@ -210,7 +215,7 @@ func main() {
 		http.Handle("/", fs)
 		for _, listen := range conf.WebServer.Listen {
 			if strings.ToLower(listen.Scheme) == "https" {
-				go HttpListenWebServerTLS(listen.Addr, listen.CertFile, listen.KeyFile)
+				go HttpListenWebServerTLS(listen.Addr, listen.CaFile, listen.CertFile, listen.KeyFile)
 			} else {
 				go HttpListenWebServer(listen.Addr)
 			}