From d989b0e7cb7729a5f1d8b127c0f4dc71c77d205d Mon Sep 17 00:00:00 2001
From: jdysya <1912377458@qq.com>
Date: Sun, 16 Feb 2025 22:02:47 +0800
Subject: [PATCH] =?UTF-8?q?refactor(gateway):=20=E4=BC=98=E5=8C=96=20URL?=
 =?UTF-8?q?=20=E5=A4=84=E7=90=86=E9=80=BB=E8=BE=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 移除了 PostLogin 中的 URL 解码步骤，直接使用 returnURL
- 在 StaticAuthMiddleware 中增加了 URL 解码，以确保准确匹配受保护 URL
- 优化了错误处理，提高了代码的健壮性
---
 gateway/handlers/auth.go          | 9 +--------
 gateway/middleware/static_auth.go | 7 ++++++-
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/gateway/handlers/auth.go b/gateway/handlers/auth.go
index 075b521..85688b5 100644
--- a/gateway/handlers/auth.go
+++ b/gateway/handlers/auth.go
@@ -2,7 +2,6 @@ package handlers
 
 import (
 	"net/http"
-	"net/url"
 	"strconv"
 	"strings"
 
@@ -58,13 +57,7 @@ func PostLogin(db *gorm.DB) gin.HandlerFunc {
 		}
 
 		if returnURL != "" {
-			decodedURL, err := url.QueryUnescape(returnURL)
-			if err != nil {
-				utils.Logger.Errorf("URL解码失败: %v", err)
-				c.Redirect(http.StatusSeeOther, "/")
-				return
-			}
-			c.Redirect(http.StatusSeeOther, decodedURL)
+			c.Redirect(http.StatusSeeOther, returnURL)
 			return
 		}
 
diff --git a/gateway/middleware/static_auth.go b/gateway/middleware/static_auth.go
index ac8240a..499194c 100644
--- a/gateway/middleware/static_auth.go
+++ b/gateway/middleware/static_auth.go
@@ -38,8 +38,13 @@ func StaticAuthMiddleware() gin.HandlerFunc {
 				needAuth = true
 			} else {
 				// 检查是否在受保护列表中
+				decodedPath, err := url.QueryUnescape(requestPath)
+				if err != nil {
+					c.AbortWithStatus(400)
+					return
+				}
 				for _, protectedURL := range protectedURLs {
-					if requestPath == protectedURL {
+					if decodedPath == protectedURL {
 						needAuth = true
 						break
 					}