lywsvip/nginx-ui
1
0
Fork 0
mirror of https://github.com/0xJacky/nginx-ui.git synced 2026-05-17 12:07:57 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
cursor/interface-conversion-error-36ec
nginx-ui/api/user/router.go
0xJacky fb37c94276 feat: implement short token endpoint for WebSocket authentication 
- Added `InitTokenRouter` to define the `/token/short` endpoint for issuing short tokens.
- Created `IssueShortToken` function to handle short token generation and response.
- Updated WebSocket middleware to require short token for authentication, preventing CSWSH attacks.
- Modified user store and login handling to integrate short token functionality.
- Enhanced documentation to reflect changes in WebSocket security requirements.
2026-04-02 00:06:04 +08:00

58 lines
1.7 KiB
Go
Raw Permalink Blame History

package user
import (
"github.com/0xJacky/Nginx-UI/internal/middleware"
"github.com/gin-gonic/gin"
)
func InitAuthRouter(r *gin.RouterGroup) {
r.POST("/login", middleware.EncryptedParams(), Login)
r.DELETE("/logout", Logout)
r.GET("/begin_passkey_login", BeginPasskeyLogin)
r.POST("/finish_passkey_login", FinishPasskeyLogin)
r.GET("/casdoor_uri", GetCasdoorUri)
r.POST("/casdoor_callback", CasdoorCallback)
r.GET("/oidc_uri", GetOIDCUri)
r.POST("/oidc_callback", OIDCCallback)
r.GET("/passkeys/config", GetPasskeyConfigStatus)
}
func InitTokenRouter(r *gin.RouterGroup) {
r.POST("/token/short", IssueShortToken)
}
func InitUserRouter(r *gin.RouterGroup) {
r.GET("/2fa_status", Get2FAStatus)
r.GET("/2fa_secure_session/status", SecureSessionStatus)
r.POST("/2fa_secure_session/otp", Start2FASecureSessionByOTP)
r.GET("/2fa_secure_session/passkey", BeginStart2FASecureSessionByPasskey)
r.POST("/2fa_secure_session/passkey", FinishStart2FASecureSessionByPasskey)
r.GET("/otp_secret", GenerateTOTP)
r.POST("/otp_enroll", EnrollTOTP)
r.GET("/begin_passkey_register", BeginPasskeyRegistration)
r.POST("/finish_passkey_register", FinishPasskeyRegistration)
r.GET("/passkeys", GetPasskeyList)
r.POST("/passkeys/:id", UpdatePasskey)
r.DELETE("/passkeys/:id", DeletePasskey)
o := r.Group("", middleware.RequireSecureSession())
{
o.GET("/otp_reset", ResetOTP)
o.GET("/recovery_codes", ViewRecoveryCodes)
o.GET("/recovery_codes_generate", GenerateRecoveryCodes)
}
r.GET("/user", GetCurrentUser)
r.POST("/user", middleware.RequireSecureSession(), UpdateCurrentUser)
r.POST("/user/password", middleware.RequireSecureSession(), UpdateCurrentUserPassword)
r.POST("/user/language", UpdateCurrentUserLanguage)
}
Reference in New Issue View Git Blame Copy Permalink