修修复因为secure导致的登录失败问题

修复安装拦截器部分情况下失效的问题
2026-05-25 02:24:05 +08:00 · 2026-03-31 02:14:08 +08:00
parent 16b4f0a0be
commit 3293fc452a
5 changed files with 74 additions and 50 deletions
--- a/cmd/server.go
+++ b/cmd/server.go
@@ -71,6 +71,9 @@ func runServer(cmd *cobra.Command, args []string) {
 	}
 	if db != nil {
 		// 检查系统是否已安装
 		isInstalled := services.GetSettingsService().GetString("is_installed", "0")
 		if isInstalled == "1" {
 			// 执行自动迁移（确保表结构存在）
 			if err := database.AutoMigrate(); err != nil {
 				logrus.WithError(err).Fatal("数据库自动迁移失败")
@@ -89,6 +92,9 @@ func runServer(cmd *cobra.Command, args []string) {
 			// 启动日志清理定时任务
 			services.StartLogCleanupTask()
 		} else {
 			logrus.Info("系统尚未安装 (is_installed=0)，跳过核心组件初始化")
 		}
 	} else {
 		logrus.Info("系统处于未初始化状态，跳过数据库自动迁移和设置加载")
 	}
--- a/controllers/admin/auth.go
+++ b/controllers/admin/auth.go
@@ -131,6 +131,7 @@ func LoginHandler(c *gin.Context) {
 		"avatar":   user.Avatar,
 		"nickname": user.Nickname,
 		"username": user.Username,
 		"token":    token,
 	})
 }
@@ -308,9 +309,21 @@ func parseJWTToken(tokenString string) (*JWTClaims, error) {
 	return nil, fmt.Errorf("invalid token")
 }
-// getJWTCookie 获取JWT cookie的通用函数
+// getJWTCookie 获取JWT cookie的通用函数，支持从Cookie或Authorization Header中获取
 func getJWTCookie(c *gin.Context) (string, error) {
-	return c.Cookie("admin_session")
+	cookie, err := c.Cookie("admin_session")
 	if err == nil && cookie != "" {
 		return cookie, nil
 	}
 	// 如果Cookie中没有，尝试从Authorization Header中获取 (兼容前端在非HTTPS环境下无法设置Secure Cookie的情况)
 	authHeader := c.GetHeader("Authorization")
 	if authHeader != "" && strings.HasPrefix(authHeader, "Bearer ") {
 		token := strings.TrimPrefix(authHeader, "Bearer ")
 		return token, nil
 	}
 	return "", fmt.Errorf("未找到会话信息")
 }
 // validateAdminPasswordHash 验证管理员密码哈希的通用函数
@@ -367,13 +380,23 @@ func IsAdminAuthenticated(c *gin.Context) bool {
 // IsAdminAuthenticatedHttp 判断管理员是否已认证（HTTP兼容版本）
 // 保留此方法以兼容未迁移的 Handler
 func IsAdminAuthenticatedHttp(r *http.Request) bool {
 	token := ""
 	cookie, err := r.Cookie("admin_session")
-	if err != nil || cookie.Value == "" {
+	if err == nil && cookie.Value != "" {
 		token = cookie.Value
 	} else {
 		authHeader := r.Header.Get("Authorization")
 		if authHeader != "" && strings.HasPrefix(authHeader, "Bearer ") {
 			token = strings.TrimPrefix(authHeader, "Bearer ")
 		}
 	}
 	if token == "" {
 		return false
 	}
 	// 解析并验证JWT令牌
-	claims, err := parseJWTToken(cookie.Value)
+	claims, err := parseJWTToken(token)
 	if err != nil {
 		return false
 	}
@@ -431,12 +454,22 @@ func IsAdminAuthenticatedWithCleanup(c *gin.Context) bool {
 // GetCurrentAdminUser 获取当前登录的管理员用户信息 (HTTP 兼容版)
 func GetCurrentAdminUser(r *http.Request) (*JWTClaims, error) {
 	token := ""
 	cookie, err := r.Cookie("admin_session")
-	if err != nil {
+	if err == nil && cookie.Value != "" {
 		token = cookie.Value
 	} else {
 		authHeader := r.Header.Get("Authorization")
 		if authHeader != "" && strings.HasPrefix(authHeader, "Bearer ") {
 			token = strings.TrimPrefix(authHeader, "Bearer ")
 		}
 	}
 	if token == "" {
 		return nil, fmt.Errorf("未找到会话信息")
 	}
-	claims, err := parseJWTToken(cookie.Value)
+	claims, err := parseJWTToken(token)
 	if err != nil {
 		return nil, fmt.Errorf("无效的会话信息")
 	}
--- a/controllers/install/install.go
+++ b/controllers/install/install.go
@@ -11,6 +11,7 @@ import (
 	"strings"
 	"github.com/gin-gonic/gin"
 	"github.com/sirupsen/logrus"
 	"gorm.io/driver/mysql"
 	"gorm.io/gorm"
 )
@@ -165,5 +166,15 @@ func InstallSubmitHandler(c *gin.Context) {
 	// 5. 更新内存缓存
 	services.ResetSettingsService()
 	// 6. 动态初始化核心组件
 	// 在系统安装完成后，执行本来在 server.go 中需要已安装才能执行的初始化逻辑
 	encryptionKey := services.GetSettingsService().GetEncryptionKey()
 	if err := utils.InitEncryption(encryptionKey); err != nil {
 		logrus.WithError(err).Error("安装完成后加密管理器初始化失败")
 	}
 	// 启动日志清理定时任务
 	services.StartLogCleanupTask()
 	c.JSON(http.StatusOK, gin.H{"code": 0, "msg": "安装成功"})
 }
--- a/database/settings.go
+++ b/database/settings.go
@@ -116,8 +116,8 @@ func SeedDefaultSettings() error {
 	defaultSettings = append(defaultSettings, []models.Settings{
 		{
 			Name:        "cookie_secure",
-			Value:       "true",
+			Value:       "false",
-			Description: "Cookie Secure属性（是否只在HTTPS下发送）",
+			Description: "是否启用安全Cookie（仅HTTPS），开启后HTTP访问可能导致登录失败",
 		},
 		{
 			Name:        "cookie_same_site",
--- a/middleware/install.go
+++ b/middleware/install.go
@@ -3,10 +3,8 @@ package middleware
 import (
 	"NetworkAuth/services"
 	"net/http"
 	"os"
 	"github.com/gin-gonic/gin"
 	"github.com/spf13/viper"
 )
 // InstallCheckMiddleware 检查系统是否已安装
@@ -20,30 +18,6 @@ func InstallCheckMiddleware() gin.HandlerFunc {
 		isInstalledStr := services.GetSettingsService().GetString("is_installed", "0")
 		isInstalled := isInstalledStr == "1"
 		// 如果设置服务没获取到（因为未连接数据库），再结合文件判断
 		if !isInstalled {
 			// 检查数据库文件是否存在（如果是 sqlite）
 			dbType := viper.GetString("database.type")
 			switch dbType {
 			case "sqlite":
 				dbPath := viper.GetString("database.sqlite.path")
 				if dbPath == "" {
 					dbPath = "./database.db"
 				}
 				if _, err := os.Stat(dbPath); os.IsNotExist(err) {
 					isInstalled = false
 				} else {
 					isInstalled = true
 				}
 			case "mysql":
 				// 如果是 mysql 且配置了 database，我们认为是已安装
 				dbName := viper.GetString("database.mysql.database")
 				if dbName != "" {
 					isInstalled = true
 				}
 			}
 		}
 		// 如果未安装且是 API 请求但不是安装接口，则返回 403 JSON
 		// 如果是前端页面请求，不在此处拦截，交由前端 Vue Router 拦截并跳转至安装页
 		if !isInstalled && !isInstallRoute && len(path) >= 4 && path[:4] == "/api" {