🔒️ 增强 ping 历史 API 鉴权

pkg/mygin/auth.go

@@ -6,25 +6,28 @@ import (
 	"time"
 
 	"github.com/gin-gonic/gin"
+	"github.com/nicksnyder/go-i18n/v2/i18n"
+	"golang.org/x/crypto/bcrypt"
 
 	"github.com/naiba/nezha/model"
 	"github.com/naiba/nezha/service/singleton"
 )
 
 type AuthorizeOption struct {
-	Guest    bool
-	Member   bool
-	IsPage   bool
-	AllowAPI bool
-	Msg      string
-	Redirect string
-	Btn      string
+	GuestOnly            bool
+	MemberOnly           bool
+	ValidateViewPassword bool
+	IsPage               bool
+	AllowAPI             bool
+	Msg                  string
+	Redirect             string
+	Btn                  string
 }
 
 func Authorize(opt AuthorizeOption) func(*gin.Context) {
 	return func(c *gin.Context) {
 		var code = http.StatusForbidden
-		if opt.Guest {
+		if opt.GuestOnly {
 			code = http.StatusBadRequest
 		}
 
@@ -67,15 +70,32 @@ func Authorize(opt AuthorizeOption) func(*gin.Context) {
 				}
 			}
 		}
+
 		// 已登录且只能游客访问
-		if isLogin && opt.Guest {
+		if isLogin && opt.GuestOnly {
 			ShowErrorPage(c, commonErr, opt.IsPage)
 			return
 		}
+
 		// 未登录且需要登录
-		if !isLogin && opt.Member {
+		if !isLogin && opt.MemberOnly {
 			ShowErrorPage(c, commonErr, opt.IsPage)
 			return
 		}
+
+		// 验证查看密码
+		if opt.ValidateViewPassword && singleton.Conf.Site.ViewPassword != "" {
+			viewPassword, _ := c.Cookie(singleton.Conf.Site.CookieName + "-vp")
+			if err := bcrypt.CompareHashAndPassword([]byte(viewPassword), []byte(singleton.Conf.Site.ViewPassword)); err != nil {
+				c.HTML(http.StatusOK, GetPreferredTheme(c, "/viewpassword"), CommonEnvironment(c, gin.H{
+					"Title":      singleton.Localizer.MustLocalize(&i18n.LocalizeConfig{MessageID: "VerifyPassword"}),
+					"CustomCode": singleton.Conf.Site.CustomCode,
+				}))
+				c.Abort()
+				return
+			}
+
+			c.Set(model.CtxKeyViewPasswordVerified, true)
+		}
 	}
 }