From a5b7db10e1ceb247fa12abceccf71d54a2cf6211 Mon Sep 17 00:00:00 2001
From: UUBulb <35923940+uubulb@users.noreply.github.com>
Date: Wed, 29 Jan 2025 19:27:57 +0800
Subject: [PATCH] feat: option to force authorization for vistor routes (#971)

---
 cmd/dashboard/controller/controller.go | 16 ++++++++++------
 cmd/dashboard/controller/jwt.go        |  2 +-
 model/config.go                        |  3 ++-
 3 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/cmd/dashboard/controller/controller.go b/cmd/dashboard/controller/controller.go
index 61db296..c3f853c 100644
--- a/cmd/dashboard/controller/controller.go
+++ b/cmd/dashboard/controller/controller.go
@@ -60,7 +60,15 @@ func routers(r *gin.Engine, frontendDist fs.FS) {
 	api.POST("/login", authMiddleware.LoginHandler)
 	api.GET("/oauth2/:provider", commonHandler(oauth2redirect))
 
-	optionalAuth := api.Group("", optionalAuthMiddleware(authMiddleware))
+	fallbackAuthMw := fallbackAuthMiddleware(authMiddleware)
+	fallbackAuth := api.Group("", fallbackAuthMw)
+	fallbackAuth.GET("/setting", commonHandler(listConfig))
+	fallbackAuth.GET("/oauth2/callback", commonHandler(oauth2callback(authMiddleware)))
+
+	authMw := authMiddleware.MiddlewareFunc()
+	optionalAuthMw := utils.IfOr(singleton.Conf.ForceAuth, authMw, fallbackAuthMw)
+
+	optionalAuth := api.Group("", optionalAuthMw)
 	optionalAuth.GET("/ws/server", commonHandler(serverStream))
 	optionalAuth.GET("/server-group", commonHandler(listServerGroup))
 
@@ -68,11 +76,7 @@ func routers(r *gin.Engine, frontendDist fs.FS) {
 	optionalAuth.GET("/service/:id", commonHandler(listServiceHistory))
 	optionalAuth.GET("/service/server", commonHandler(listServerWithServices))
 
-	optionalAuth.GET("/oauth2/callback", commonHandler(oauth2callback(authMiddleware)))
-
-	optionalAuth.GET("/setting", commonHandler(listConfig))
-
-	auth := api.Group("", authMiddleware.MiddlewareFunc())
+	auth := api.Group("", authMw)
 
 	auth.GET("/refresh-token", authMiddleware.RefreshHandler)
 
diff --git a/cmd/dashboard/controller/jwt.go b/cmd/dashboard/controller/jwt.go
index d80bd66..337fec7 100644
--- a/cmd/dashboard/controller/jwt.go
+++ b/cmd/dashboard/controller/jwt.go
@@ -148,7 +148,7 @@ func refreshResponse(c *gin.Context, code int, token string, expire time.Time) {
 	})
 }
 
-func optionalAuthMiddleware(mw *jwt.GinJWTMiddleware) func(c *gin.Context) {
+func fallbackAuthMiddleware(mw *jwt.GinJWTMiddleware) func(c *gin.Context) {
 	return func(c *gin.Context) {
 		claims, err := mw.GetClaimsFromJWT(c)
 		if err != nil {
diff --git a/model/config.go b/model/config.go
index 4072f24..f7ec925 100644
--- a/model/config.go
+++ b/model/config.go
@@ -48,7 +48,8 @@ type Config struct {
 	ListenHost     string `mapstructure:"listen_host" json:"listen_host,omitempty"`
 	InstallHost    string `mapstructure:"install_host" json:"install_host,omitempty"`
 	TLS            bool   `mapstructure:"tls" json:"tls,omitempty"`
-	Location       string `mapstructure:"location" json:"location,omitempty"` // 时区，默认为 Asia/Shanghai
+	Location       string `mapstructure:"location" json:"location,omitempty"`     // 时区，默认为 Asia/Shanghai
+	ForceAuth      bool   `mapstructure:"force_auth" json:"force_auth,omitempty"` // 强制要求认证
 
 	EnablePlainIPInNotification bool `mapstructure:"enable_plain_ip_in_notification" json:"enable_plain_ip_in_notification,omitempty"` // 通知信息IP不打码