特定路由的大猩猩中间件身份验证不起作用
我为API编写http路由器,有些路由需要身份验证,而有些则不需要。
我不想要求在每个路由上进行身份验证,所以我将它们分开。
但有一个问题:
POST /帐户< - 这是帐户注册终结点,不需要身份验证
删除 /account < - 这确实需要身份验证才能删除当前帐户
我不知道如何正确地分离它们,而且我目前试图使中间件对两者不同的尝试也失败了:
package httpServer
import (
"log"
"net/http"
"httpServer/handlers"
"httpServer/middlewares"
"github.com/gorilla/mux"
"github.com/justinas/alice"
)
func Init() {
log.Println("Initializing http routes...")
defaultmiddlewares := alice.New(middlewares.Logger, middlewares.Recover)
authmiddlewares := alice.New(middlewares.Authenticator)
var mainRouter = mux.NewRouter()
var authRouter = mux.NewRouter()
// No auth required to call this
mainRouter.HandleFunc("/health", handlers.HealthGet).Methods("GET") // Get API health
// authrouter should be a extension of main router (i think)
mainRouter.Handle("/", authmiddlewares.Then(authRouter))
// Authentication is not required for this
mainRouter.HandleFunc("/account", handlers.AccountPost).Methods("POST") // Create an account
// Authentication is required for this
authRouter.HandleFunc("/account", handlers.AccountDelete).Methods("DELETE") // Delete my account
// WebSocket endpoint:
authRouter.HandleFunc("/ws", handlers.UpgradeWs)
authRouter.HandleFunc("/ws/", handlers.UpgradeWs) // If i dont add this it doesnt work??
// Register mainRouter
http.Handle("/", defaultmiddlewares.Then(mainRouter))
}
对 GET /运行状况的调用刚刚好:
但是对 DELETE /account 的调用失败,并显示 404 未找到:
(同样在 Init() 函数的末尾,我注册了一个 websocket 端点,由于某种原因,如果我不注册这两个端点,它就无法连接?
1回答
-
开满天机
您初始化了两个路由器,并且只启动了 。 绑定到 。这不是开始和倾听。这就是404来的原因。mainRouterauthRouter mainRouterDELETE /accountauthRouter 您可以将自定义中间件实现写入大猩猩/多路复用器中间件接口,并与路由器一起使用。示例代码如下所示gorilla/muxfunc Init() { log.Println("Initializing http routes...") r := mux.NewRouter() middleware := Middleware{ // inject any dependency if you need } r.Use(middleware.MiddlewareFunc) // No auth required to call this r.HandleFunc("/health", handlers.HealthGet).Methods("GET") // Get API health // authrouter should be a extension of main router (i think) r.Handle("/", authmiddlewares.Then(authRouter)) // Authentication is not required for this r.HandleFunc("/account", handlers.AccountPost).Methods("POST") // Create an account // Authentication is required for this r.HandleFunc("/account", handlers.AccountDelete).Methods("DELETE") // Delete my account http.ListenAndServe(":8080", r)}// Middleware your custom middleware implementationtype Middleware struct {}func (m Middleware) MiddlewareFunc(handler http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // you can check request method and paths and you can do authentications here //eg := method = DELETE and path = /account, do authentication handler.ServeHTTP(w, r) })}00
相关分类