support api proxy for amap

2026-05-14 06:57:35 +08:00 · 2023-06-18 09:38:21 +08:00
parent 4f2b9d39da
commit fa68621b41
21 changed files with 289 additions and 94 deletions
@@ -0,0 +1,60 @@
+package api
+
+import (
+	"fmt"
+	"net/http"
+	"net/http/httputil"
+	"net/url"
+	"strings"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+const amapCustomMapStylesUrl = "https://webapi.amap.com/v4/map/styles"
+const amapOverseasMapUrl = "https://fmap01.amap.com/v3/vectormap"
+const amapRestApiUrl = "https://restapi.amap.com/"
+
+// AmapApiProxy represents amap api proxy
+type AmapApiProxy struct {
+}
+
+// Initialize a amap api proxy singleton instance
+var (
+	AmapApis = &AmapApiProxy{}
+)
+
+// AmapApiProxyHandler returns amap api response
+func (p *AmapApiProxy) AmapApiProxyHandler(c *core.Context) *httputil.ReverseProxy {
+	var targetUrl string
+
+	if strings.HasPrefix(c.Request.RequestURI, "/_AMapService/v4/map/styles") {
+		targetUrl = amapCustomMapStylesUrl + strings.TrimPrefix(c.Request.URL.Path, "/_AMapService/v4/map/styles")
+	} else if strings.HasPrefix(c.Request.RequestURI, "/_AMapService/v3/vectormap") {
+		targetUrl = amapOverseasMapUrl + strings.TrimPrefix(c.Request.URL.Path, "/_AMapService/v3/vectormap")
+	} else {
+		targetUrl = amapRestApiUrl + strings.TrimPrefix(c.Request.URL.Path, "/_AMapService/")
+	}
+
+	director := func(req *http.Request) {
+		targetRawUrl := fmt.Sprintf("%s?%s&jscode=%s", targetUrl, req.URL.RawQuery, settings.Container.Current.AmapApplicationSecret)
+		targetUrl, _ := url.Parse(targetRawUrl)
+
+		oldCookies := req.Cookies()
+		req.Header.Del("Cookie")
+
+		for i := 0; i < len(oldCookies); i++ {
+			if strings.HasPrefix(oldCookies[i].Name, "ebk_") {
+				continue
+			}
+
+			req.AddCookie(oldCookies[i])
+		}
+
+		req.URL = targetUrl
+		req.RequestURI = req.URL.RequestURI()
+		req.Host = targetUrl.Host
+	}
+
+	return &httputil.ReverseProxy{Director: director}
+}
@@ -74,6 +74,10 @@ func (a *AuthorizationsApi) AuthorizeHandler(c *core.Context) (interface{}, *err
 		return nil, errs.ErrTokenGenerating
 	}

+	if !twoFactorEnable {
+		c.SetTextualToken(token)
+	}
+
 	c.SetTokenClaims(claims)

 	log.InfofWithRequestId(c, "[authorizations.AuthorizeHandler] user \"uid:%d\" has logined, token type is %d, token will be expired at %d", user.Uid, claims.Type, claims.ExpiresAt)
@@ -126,6 +130,7 @@ func (a *AuthorizationsApi) TwoFactorAuthorizeHandler(c *core.Context) (interfac
 		return nil, errs.ErrTokenGenerating
 	}

+	c.SetTextualToken(token)
 	c.SetTokenClaims(claims)

 	log.InfofWithRequestId(c, "[authorizations.TwoFactorAuthorizeHandler] user \"uid:%d\" has authorized two factor via passcode, token will be expired at %d", user.Uid, claims.ExpiresAt)
@@ -184,6 +189,7 @@ func (a *AuthorizationsApi) TwoFactorAuthorizeByRecoveryCodeHandler(c *core.Cont
 		return nil, errs.ErrTokenGenerating
 	}

+	c.SetTextualToken(token)
 	c.SetTokenClaims(claims)

 	log.InfofWithRequestId(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] user \"uid:%d\" has authorized two factor via recovery code \"%s\", token will be expired at %d", user.Uid, credential.RecoveryCode, claims.ExpiresAt)
@@ -7,7 +7,6 @@ import (
 	"net/url"

 	"github.com/mayswind/ezbookkeeping/pkg/core"
-	"github.com/mayswind/ezbookkeeping/pkg/errs"
 )

 const openStreetMapTileImageUrlFormat = "https://tile.openstreetmap.org/%s/%s/%s" // https://tile.openstreetmap.org/{z}/{x}/{y}.png
@@ -22,7 +21,7 @@ var (
 )

 // OpenStreetMapTileImageProxyHandler returns open street map tile image
-func (p *MapImageProxy) OpenStreetMapTileImageProxyHandler(c *core.Context) (*httputil.ReverseProxy, *errs.Error) {
+func (p *MapImageProxy) OpenStreetMapTileImageProxyHandler(c *core.Context) *httputil.ReverseProxy {
 	director := func(req *http.Request) {
 		zoomLevel := c.Param("zoomLevel")
 		coordinateX := c.Param("coordinateX")
@@ -36,5 +35,5 @@ func (p *MapImageProxy) OpenStreetMapTileImageProxyHandler(c *core.Context) (*ht
 		req.Host = imageUrl.Host
 	}

-	return &httputil.ReverseProxy{Director: director}, nil
+	return &httputil.ReverseProxy{Director: director}
 }
@@ -191,6 +191,7 @@ func (a *TokensApi) TokenRefreshHandler(c *core.Context) (interface{}, *errs.Err
 		CreatedUnixTime: oldTokenClaims.IssuedAt,
 	}

+	c.SetTextualToken(token)
 	c.SetTokenClaims(claims)

 	log.InfofWithRequestId(c, "[token.TokenRefreshHandler] user \"uid:%d\" token refreshed, new token will be expired at %d", user.Uid, claims.ExpiresAt)
@@ -195,6 +195,7 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorEnableConfirmHandler(c *core.Conte
 		return confirmResp, nil
 	}

+	c.SetTextualToken(token)
 	c.SetTokenClaims(claims)

 	log.InfofWithRequestId(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] user \"uid:%d\" token refreshed, new token will be expired at %d", user.Uid, claims.ExpiresAt)
@@ -85,6 +85,7 @@ func (a *UsersApi) UserRegisterHandler(c *core.Context) (interface{}, *errs.Erro
 	}

 	authResp.Token = token
+	c.SetTextualToken(token)
 	c.SetTokenClaims(claims)

 	log.InfofWithRequestId(c, "[users.UserRegisterHandler] user \"uid:%d\" has logined, token will be expired at %d", user.Uid, claims.ExpiresAt)
@@ -272,6 +273,7 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.Context) (interface{}, *errs
 		}

 		resp.NewToken = token
+		c.SetTextualToken(token)
 		c.SetTokenClaims(claims)

 		log.InfofWithRequestId(c, "[users.UserUpdateProfileHandler] user \"uid:%d\" token refreshed, new token will be expired at %d", user.Uid, claims.ExpiresAt)
@@ -9,6 +9,7 @@ import (
 )

 const requestIdFieldKey = "REQUEST_ID"
+const textualTokenFieldKey = "TOKEN_STRING"
 const tokenClaimsFieldKey = "TOKEN_CLAIMS"
 const responseErrorFieldKey = "RESPONSE_ERROR"

@@ -37,7 +38,23 @@ func (c *Context) GetRequestId() string {
 	return requestId.(string)
 }

-// SetTokenClaims sets the given user token id to context
+// SetTextualToken sets the given user token to context
+func (c *Context) SetTextualToken(token string) {
+	c.Set(textualTokenFieldKey, token)
+}
+
+// GetTextualToken returns the current user textual token
+func (c *Context) GetTextualToken() string {
+	token, exists := c.Get(textualTokenFieldKey)
+
+	if !exists {
+		return ""
+	}
+
+	return token.(string)
+}
+
+// SetTokenClaims sets the given user token to context
 func (c *Context) SetTokenClaims(claims *UserTokenClaims) {
 	c.Set(tokenClaimsFieldKey, claims)
 }
@@ -16,4 +16,4 @@ type ApiHandlerFunc func(*Context) (interface{}, *errs.Error)
 type DataHandlerFunc func(*Context) ([]byte, string, *errs.Error)

 // ProxyHandlerFunc represents the reverse proxy handler function
-type ProxyHandlerFunc func(*Context) (*httputil.ReverseProxy, *errs.Error)
+type ProxyHandlerFunc func(*Context) *httputil.ReverseProxy
@@ -0,0 +1,19 @@
+package middlewares
+
+import (
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+const tokenCookieParam = "ebk_auth_token"
+
+// AmapApiProxyAuthCookie adds amap api proxy auth cookie to cookies in response
+func AmapApiProxyAuthCookie(c *core.Context, config *settings.Config) {
+	token := c.GetTextualToken()
+
+	if token != "" {
+		c.SetCookie(tokenCookieParam, token, int(config.TokenExpiredTime), "/_AMapService", "", false, true)
+	} else {
+		c.SetCookie(tokenCookieParam, "", -1, "/_AMapService", "", false, true)
+	}
+}
@@ -17,58 +17,24 @@ type TokenSourceType byte
 const (
 	TOKEN_SOURCE_TYPE_HEADER   TokenSourceType = 1
 	TOKEN_SOURCE_TYPE_ARGUMENT TokenSourceType = 2
+	TOKEN_SOURCE_TYPE_COOKIE   TokenSourceType = 3
 )

 const tokenQueryStringParam = "token"

-// JWTAuthorization verifies whether current request is valid by jwt token
+// JWTAuthorization verifies whether current request is valid by jwt token in header
 func JWTAuthorization(c *core.Context) {
-	claims, err := getTokenClaims(c, TOKEN_SOURCE_TYPE_HEADER)
-
-	if err != nil {
-		utils.PrintJsonErrorResult(c, err)
-		return
-	}
-
-	if claims.Type == core.USER_TOKEN_TYPE_REQUIRE_2FA {
-		log.WarnfWithRequestId(c, "[authorization.JWTAuthorization] user \"uid:%d\" token requires 2fa", claims.Uid)
-		utils.PrintJsonErrorResult(c, errs.ErrCurrentTokenRequire2FA)
-		return
-	}
-
-	if claims.Type != core.USER_TOKEN_TYPE_NORMAL {
-		log.WarnfWithRequestId(c, "[authorization.JWTAuthorization] user \"uid:%d\" token type is invalid", claims.Uid)
-		utils.PrintJsonErrorResult(c, errs.ErrCurrentInvalidTokenType)
-		return
-	}
-
-	c.SetTokenClaims(claims)
-	c.Next()
+	jwtAuthorization(c, TOKEN_SOURCE_TYPE_HEADER)
 }

-// JWTAuthorizationByQueryString verifies whether current request is valid by jwt token
+// JWTAuthorizationByQueryString verifies whether current request is valid by jwt token in query string
 func JWTAuthorizationByQueryString(c *core.Context) {
-	claims, err := getTokenClaims(c, TOKEN_SOURCE_TYPE_ARGUMENT)
+	jwtAuthorization(c, TOKEN_SOURCE_TYPE_ARGUMENT)
+}

-	if err != nil {
-		utils.PrintJsonErrorResult(c, err)
-		return
-	}
-
-	if claims.Type == core.USER_TOKEN_TYPE_REQUIRE_2FA {
-		log.WarnfWithRequestId(c, "[authorization.JWTAuthorizationByQueryString] user \"uid:%d\" token requires 2fa", claims.Uid)
-		utils.PrintJsonErrorResult(c, errs.ErrCurrentTokenRequire2FA)
-		return
-	}
-
-	if claims.Type != core.USER_TOKEN_TYPE_NORMAL {
-		log.WarnfWithRequestId(c, "[authorization.JWTAuthorizationByQueryString] user \"uid:%d\" token type is invalid", claims.Uid)
-		utils.PrintJsonErrorResult(c, errs.ErrCurrentInvalidTokenType)
-		return
-	}
-
-	c.SetTokenClaims(claims)
-	c.Next()
+// JWTAuthorizationByCookie verifies whether current request is valid by jwt token in cookie
+func JWTAuthorizationByCookie(c *core.Context) {
+	jwtAuthorization(c, TOKEN_SOURCE_TYPE_COOKIE)
 }

 // JWTTwoFactorAuthorization verifies whether current request is valid by 2fa passcode
@@ -90,6 +56,30 @@ func JWTTwoFactorAuthorization(c *core.Context) {
 	c.Next()
 }

+func jwtAuthorization(c *core.Context, source TokenSourceType) {
+	claims, err := getTokenClaims(c, source)
+
+	if err != nil {
+		utils.PrintJsonErrorResult(c, err)
+		return
+	}
+
+	if claims.Type == core.USER_TOKEN_TYPE_REQUIRE_2FA {
+		log.WarnfWithRequestId(c, "[authorization.jwtAuthorization] user \"uid:%d\" token requires 2fa", claims.Uid)
+		utils.PrintJsonErrorResult(c, errs.ErrCurrentTokenRequire2FA)
+		return
+	}
+
+	if claims.Type != core.USER_TOKEN_TYPE_NORMAL {
+		log.WarnfWithRequestId(c, "[authorization.jwtAuthorization] user \"uid:%d\" token type is invalid", claims.Uid)
+		utils.PrintJsonErrorResult(c, errs.ErrCurrentInvalidTokenType)
+		return
+	}
+
+	c.SetTokenClaims(claims)
+	c.Next()
+}
+
 func getTokenClaims(c *core.Context, source TokenSourceType) (*core.UserTokenClaims, *errs.Error) {
 	token, claims, err := parseToken(c, source)

@@ -114,6 +104,8 @@ func getTokenClaims(c *core.Context, source TokenSourceType) (*core.UserTokenCla
 func parseToken(c *core.Context, source TokenSourceType) (*jwt.Token, *core.UserTokenClaims, error) {
 	if source == TOKEN_SOURCE_TYPE_ARGUMENT {
 		return services.Tokens.ParseTokenByArgument(c, tokenQueryStringParam)
+	} else if source == TOKEN_SOURCE_TYPE_COOKIE {
+		return services.Tokens.ParseTokenByCookie(c, tokenCookieParam)
 	}

 	return services.Tokens.ParseTokenByHeader(c)
@@ -1,7 +1,9 @@
 package middlewares

 import (
+	"encoding/base64"
 	"fmt"
+	"net/url"
 	"strings"

 	"github.com/mayswind/ezbookkeeping/pkg/core"
@@ -19,27 +21,31 @@ func ServerSettingsCookie(config *settings.Config) core.MiddlewareHandlerFunc {
 			buildStringSetting("m", config.MapProvider),
 		}

-		if config.EnableMapDataFetchProxy {
+		if config.MapProvider == settings.OpenStreetMapProvider && config.EnableMapDataFetchProxy {
 			settingsArr = append(settingsArr, buildBooleanSetting("mp", config.EnableMapDataFetchProxy))
 		}

-		if config.GoogleMapAPIKey != "" {
-			settingsArr = append(settingsArr, buildStringSetting("gmak", config.GoogleMapAPIKey))
+		if config.MapProvider == settings.GoogleMapProvider && config.GoogleMapAPIKey != "" {
+			settingsArr = append(settingsArr, buildEncodedStringSetting("gmak", config.GoogleMapAPIKey))
 		}

-		if config.BaiduMapAK != "" {
-			settingsArr = append(settingsArr, buildStringSetting("bmak", config.BaiduMapAK))
+		if config.MapProvider == settings.BaiduMapProvider && config.BaiduMapAK != "" {
+			settingsArr = append(settingsArr, buildEncodedStringSetting("bmak", config.BaiduMapAK))
 		}

-		if config.AMapApplicationKey != "" {
-			settingsArr = append(settingsArr, buildStringSetting("amak", config.AMapApplicationKey))
+		if config.MapProvider == settings.AmapProvider && config.AmapApplicationKey != "" {
+			settingsArr = append(settingsArr, buildEncodedStringSetting("amak", config.AmapApplicationKey))
 		}

-		if config.AMapSecurityVerificationMethod != "" {
-			settingsArr = append(settingsArr, buildStringSetting("amsv", config.AMapSecurityVerificationMethod))
+		if config.MapProvider == settings.AmapProvider && config.AmapSecurityVerificationMethod != "" {
+			settingsArr = append(settingsArr, buildStringSetting("amsv", strings.Replace(config.AmapSecurityVerificationMethod, "_", "", -1)))

-			if config.AMapSecurityVerificationMethod == settings.AmapSecurityVerificationPlainMethod {
-				settingsArr = append(settingsArr, buildStringSetting("amas", config.AMapApplicationSecret))
+			if config.AmapSecurityVerificationMethod == settings.AmapSecurityVerificationExternalProxyMethod {
+				settingsArr = append(settingsArr, buildEncodedStringSetting("amep", config.AmapApiExternalProxyUrl))
+			}
+
+			if config.AmapSecurityVerificationMethod == settings.AmapSecurityVerificationPlainTextMethod {
+				settingsArr = append(settingsArr, buildEncodedStringSetting("amas", config.AmapApplicationSecret))
 			}
 		}

@@ -51,7 +57,13 @@ func ServerSettingsCookie(config *settings.Config) core.MiddlewareHandlerFunc {
 }

 func buildStringSetting(key string, value string) string {
-	return fmt.Sprintf("%s.%s", key, strings.Replace(value, ".", "-", -1))
+	return fmt.Sprintf("%s.%s", key, value)
+}
+
+func buildEncodedStringSetting(key string, value string) string {
+	urlEncodedValue := url.QueryEscape(value)
+	base64Value := base64.StdEncoding.EncodeToString([]byte(urlEncodedValue))
+	return fmt.Sprintf("%s.%s", key, base64Value)
 }

 func buildBooleanSetting(key string, value bool) string {
@@ -73,6 +73,11 @@ func (s *TokenService) ParseTokenByArgument(c *core.Context, tokenParameterName
 	return s.parseToken(c, request.ArgumentExtractor{tokenParameterName})
 }

+// ParseTokenByCookie returns the token model according to request data
+func (s *TokenService) ParseTokenByCookie(c *core.Context, tokenCookieName string) (*jwt.Token, *core.UserTokenClaims, error) {
+	return s.parseToken(c, utils.CookieExtractor{tokenCookieName})
+}
+
 // CreateToken generates a new normal token and saves to database
 func (s *TokenService) CreateToken(user *models.User, ctx *core.Context) (string, *core.UserTokenClaims, error) {
 	return s.createToken(user, core.USER_TOKEN_TYPE_NORMAL, s.getUserAgent(ctx), s.CurrentConfig().TokenExpiredTimeDuration)
@@ -72,7 +72,9 @@ const (

 // Amap security verification method
 const (
-	AmapSecurityVerificationPlainMethod string = "plain"
+	AmapSecurityVerificationInternalProxyMethod string = "internal_proxy"
+	AmapSecurityVerificationExternalProxyMethod string = "external_proxy"
+	AmapSecurityVerificationPlainTextMethod     string = "plain_text"
 )

 // Exchange rates data source types
@@ -186,9 +188,10 @@ type Config struct {
 	MapProvider                    string
 	GoogleMapAPIKey                string
 	BaiduMapAK                     string
-	AMapApplicationKey             string
-	AMapSecurityVerificationMethod string
-	AMapApplicationSecret          string
+	AmapApplicationKey             string
+	AmapSecurityVerificationMethod string
+	AmapApplicationSecret          string
+	AmapApiExternalProxyUrl        string
 	EnableMapDataFetchProxy        bool

 	// Exchange Rates
@@ -462,15 +465,20 @@ func loadMapConfiguration(config *Config, configFile *ini.File, sectionName stri
 	config.EnableMapDataFetchProxy = getConfigItemBoolValue(configFile, sectionName, "map_data_fetch_proxy", false)
 	config.GoogleMapAPIKey = getConfigItemStringValue(configFile, sectionName, "google_map_api_key")
 	config.BaiduMapAK = getConfigItemStringValue(configFile, sectionName, "baidu_map_ak")
-	config.AMapApplicationKey = getConfigItemStringValue(configFile, sectionName, "amap_application_key")
+	config.AmapApplicationKey = getConfigItemStringValue(configFile, sectionName, "amap_application_key")

-	if getConfigItemStringValue(configFile, sectionName, "amap_security_verification_method") == AmapSecurityVerificationPlainMethod {
-		config.AMapSecurityVerificationMethod = AmapSecurityVerificationPlainMethod
+	if getConfigItemStringValue(configFile, sectionName, "amap_security_verification_method") == AmapSecurityVerificationInternalProxyMethod {
+		config.AmapSecurityVerificationMethod = AmapSecurityVerificationInternalProxyMethod
+	} else if getConfigItemStringValue(configFile, sectionName, "amap_security_verification_method") == AmapSecurityVerificationExternalProxyMethod {
+		config.AmapSecurityVerificationMethod = AmapSecurityVerificationExternalProxyMethod
+	} else if getConfigItemStringValue(configFile, sectionName, "amap_security_verification_method") == AmapSecurityVerificationPlainTextMethod {
+		config.AmapSecurityVerificationMethod = AmapSecurityVerificationPlainTextMethod
 	} else {
 		return errs.ErrInvalidAmapSecurityVerificationMethod
 	}

-	config.AMapApplicationSecret = getConfigItemStringValue(configFile, sectionName, "amap_application_secret")
+	config.AmapApplicationSecret = getConfigItemStringValue(configFile, sectionName, "amap_application_secret")
+	config.AmapApiExternalProxyUrl = getConfigItemStringValue(configFile, sectionName, "amap_api_external_proxy_url")

 	return nil
 }
@@ -0,0 +1,20 @@
+package utils
+
+import (
+	"net/http"
+
+	"github.com/golang-jwt/jwt/v5/request"
+)
+
+// CookieExtractor extracts a token from request cookies
+type CookieExtractor []string
+
+func (e CookieExtractor) ExtractToken(req *http.Request) (string, error) {
+	for _, arg := range e {
+		if cookie, _ := req.Cookie(arg); cookie != nil {
+			return cookie.Value, nil
+		}
+	}
+
+	return "", request.ErrNoTokenInRequest
+}