OMC/be.ems
1
0
Fork 0
Code Issues Releases 3 Activity

fix: add new authenrization header

Browse Source
This commit is contained in:
simonzhangsz
2023-11-25 17:41:20 +08:00
parent e36ef6a339
commit 93a17a1c81
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
restagent/restagent.go
View File

@@ -19,6 +19,7 @@ import (
"ems.agt/lib/routes" "ems.agt/lib/routes"
"ems.agt/restagent/config" "ems.agt/restagent/config"
"ems.agt/src" "ems.agt/src"
"ems.agt/src/framework/middleware"
libSession "ems.agt/src/lib_features/session" libSession "ems.agt/src/lib_features/session"
"github.com/gin-gonic/gin" "github.com/gin-gonic/gin"
) )
@@ -73,7 +74,8 @@ func HttpListen(addr string, router http.Handler) {
} }
} }
func HttpListenTLS(addr, certFile, keyFile string, router http.Handler) { func HttpListenTLS(addr, caFile, certFile, keyFile string, router http.Handler) {
HttpListenConfigTLS(addr, caFile, certFile, keyFile, router)
err := http.ListenAndServeTLS(addr, certFile, keyFile, router) err := http.ListenAndServeTLS(addr, certFile, keyFile, router)
if err != nil { if err != nil {
fmt.Println("ListenAndServeTLS err:", err) fmt.Println("ListenAndServeTLS err:", err)
@@ -92,6 +94,7 @@ func HttpListenConfigTLS(addr, caFile, certFile, keyFile string, router http.Han
// 创建自定义的TLS配置 // 创建自定义的TLS配置
tlsConfig := &tls.Config{ tlsConfig := &tls.Config{
MinVersion: 1,
ClientCAs: caCertPool, ClientCAs: caCertPool,
ClientAuth: tls.RequireAndVerifyClientCert, ClientAuth: tls.RequireAndVerifyClientCert,
} }
@@ -110,7 +113,8 @@ func HttpListenConfigTLS(addr, caFile, certFile, keyFile string, router http.Han
} }
} }
func HttpListenWebServerTLS(addr, certFile, keyFile string) { func HttpListenWebServerTLS(addr, caFile, certFile, keyFile string) {
HttpListenConfigTLS(addr, caFile, certFile, keyFile, nil)
err := http.ListenAndServeTLS(addr, certFile, keyFile, nil) err := http.ListenAndServeTLS(addr, certFile, keyFile, nil)
if err != nil { if err != nil {
fmt.Println("ListenAndServeTLS err:", err) fmt.Println("ListenAndServeTLS err:", err)
@@ -173,6 +177,7 @@ func main() {
// 默认路由组 // 默认路由组
defaultUriGroup := app.Group(config.DefaultUriPrefix) defaultUriGroup := app.Group(config.DefaultUriPrefix)
defaultUriGroup.Use(middleware.PreAuthorize(nil))
defaultUriGroup.Use(libSession.SessionHeader()) defaultUriGroup.Use(libSession.SessionHeader())
defaultUriGroup.Any("/*any", gin.WrapH(routes.NewRouter())) defaultUriGroup.Any("/*any", gin.WrapH(routes.NewRouter()))
// 可配置前缀路由组 // 可配置前缀路由组
@@ -188,7 +193,7 @@ func main() {
if rest.IPv4 != "" { if rest.IPv4 != "" {
listen := rest.IPv4 + ":" + strconv.Itoa(int(rest.Port)) listen := rest.IPv4 + ":" + strconv.Itoa(int(rest.Port))
if strings.ToLower(rest.Scheme) == "https" { if strings.ToLower(rest.Scheme) == "https" {
go HttpListenTLS(listen, rest.CertFile, rest.KeyFile, app) go HttpListenTLS(listen, rest.CaFile, rest.CertFile, rest.KeyFile, app)
} else { } else {
go HttpListen(listen, app) go HttpListen(listen, app)
} }
@@ -198,7 +203,7 @@ func main() {
if rest.IPv6 != "" { if rest.IPv6 != "" {
listenv6 := "[" + rest.IPv6 + "]" + ":" + strconv.Itoa(int(rest.Port)) listenv6 := "[" + rest.IPv6 + "]" + ":" + strconv.Itoa(int(rest.Port))
if strings.ToLower(rest.Scheme) == "https" { if strings.ToLower(rest.Scheme) == "https" {
go HttpListenTLS(listenv6, rest.CertFile, rest.KeyFile, app) go HttpListenTLS(listenv6, rest.CaFile, rest.CertFile, rest.KeyFile, app)
} else { } else {
go HttpListen(listenv6, app) go HttpListen(listenv6, app)
} }
@@ -210,7 +215,7 @@ func main() {
http.Handle("/", fs) http.Handle("/", fs)
for _, listen := range conf.WebServer.Listen { for _, listen := range conf.WebServer.Listen {
if strings.ToLower(listen.Scheme) == "https" { if strings.ToLower(listen.Scheme) == "https" {
go HttpListenWebServerTLS(listen.Addr, listen.CertFile, listen.KeyFile) go HttpListenWebServerTLS(listen.Addr, listen.CaFile, listen.CertFile, listen.KeyFile)
} else { } else {
go HttpListenWebServer(listen.Addr) go HttpListenWebServer(listen.Addr)
} }