From b5788cd8b5aa183c7b55ef68abb01693d11af94f Mon Sep 17 00:00:00 2001 From: jdysya <1912377458@qq.com> Date: Sun, 16 Feb 2025 10:19:29 +0800 Subject: [PATCH] =?UTF-8?q?feat(auth):=20=E4=BC=98=E5=8C=96=E9=80=80?= =?UTF-8?q?=E5=87=BA=E7=99=BB=E5=BD=95=E5=8A=9F=E8=83=BD=E5=B9=B6=E9=9B=86?= =?UTF-8?q?=E6=88=90=E9=85=8D=E7=BD=AE=E4=B8=AD=E5=BF=83?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 在退出登录时使用配置中心的 session 选项 - 清除用户 session 数据并保存更改 - 将 session 配置移至 config 包,提高可维护性 --- gateway/config/session.go | 30 ++++++++++++++++++++++++++++++ gateway/handlers/auth.go | 9 +++++++++ gateway/main.go | 12 ++---------- 3 files changed, 41 insertions(+), 10 deletions(-) create mode 100644 gateway/config/session.go diff --git a/gateway/config/session.go b/gateway/config/session.go new file mode 100644 index 0000000..498ec42 --- /dev/null +++ b/gateway/config/session.go @@ -0,0 +1,30 @@ +package config + +import ( + "net/http" + + "github.com/gin-contrib/sessions" + "github.com/gin-contrib/sessions/cookie" +) + +// InitSessionStore 初始化session存储 +func InitSessionStore() sessions.Store { + store := cookie.NewStore([]byte("secret")) + store.Options(sessions.Options{ + MaxAge: 86400 * 7, + HttpOnly: true, + Secure: false, // 如果是HTTPS需要设为true + SameSite: http.SameSiteLaxMode, // 允许跨站携带cookie + }) + return store +} + +// 退出登录时立即使客户端cookie过期 +func GetLogoutSessionOptions() sessions.Options { + return sessions.Options{ + Path: "/", // cookie的路径 + MaxAge: -1, // 立即使cookie过期 + Secure: false, // 如果是HTTPS需要设为true + HttpOnly: true, // 防止JS访问 + } +} diff --git a/gateway/handlers/auth.go b/gateway/handlers/auth.go index 7d29de5..90217fa 100644 --- a/gateway/handlers/auth.go +++ b/gateway/handlers/auth.go @@ -6,6 +6,7 @@ import ( "strconv" "strings" + "gateway/config" "gateway/models" "gateway/utils" @@ -138,12 +139,20 @@ func PostRegister(db *gorm.DB) gin.HandlerFunc { func Logout(c *gin.Context) { session := sessions.Default(c) + + // 使用配置中的session选项 + session.Options(config.GetLogoutSessionOptions()) + + // 清除session数据 session.Clear() + + // 保存更改 if err := session.Save(); err != nil { utils.Logger.Errorf("退出登录失败: %v", err) c.HTML(http.StatusInternalServerError, "error.html", gin.H{"error": "退出登录失败"}) return } + c.Redirect(http.StatusSeeOther, "/login") } diff --git a/gateway/main.go b/gateway/main.go index 3988af2..9ae864d 100644 --- a/gateway/main.go +++ b/gateway/main.go @@ -1,15 +1,13 @@ package main import ( - "net/http" - + "gateway/config" "gateway/handlers" "gateway/middleware" "gateway/models" "gateway/utils" "github.com/gin-contrib/sessions" - "github.com/gin-contrib/sessions/cookie" "github.com/gin-gonic/gin" "github.com/jinzhu/gorm" _ "github.com/jinzhu/gorm/dialects/sqlite" @@ -36,13 +34,7 @@ func main() { r.LoadHTMLGlob("templates/*") // 配置 Session 中间件 - store := cookie.NewStore([]byte("secret")) - store.Options(sessions.Options{ - MaxAge: 86400 * 7, - HttpOnly: true, - Secure: false, // 如果是HTTPS需要设为true - SameSite: http.SameSiteLaxMode, // 允许跨站携带cookie - }) + store := config.InitSessionStore() r.Use(sessions.Sessions("mysession", store)) // 路由配置