Documentation
¶
Index ¶
- Constants
- func ApplySecurityMiddleware(r *gin.RouterGroup)
- func CSRFMiddleware(config *SecurityConfig) gin.HandlerFunc
- func Cache() func(c *gin.Context)
- func CorsMiddleware() gin.HandlerFunc
- func DisableCache() gin.HandlerFunc
- func GetCarrotSessionField() string
- func InjectDB(db *gorm.DB) gin.HandlerFunc
- func InputValidationMiddleware() gin.HandlerFunc
- func LoggerMiddleware(logger *zap.Logger) gin.HandlerFunc
- func OpenAPICredentialFromContext(c *gin.Context) (*models.Credential, bool)
- func OpenAPIEmailCredential(db *gorm.DB) gin.HandlerFunc
- func OpenAPILLMCredentialFromContext(c *gin.Context) (*models.Credential, bool)
- func OpenAPILLMProxyAuth(db *gorm.DB, errStyle OpenAPILLMProxyAuthStyle) gin.HandlerFunc
- func OpenAPISpeechCredentialFromContext(c *gin.Context) (*models.Credential, bool)
- func OpenAPISpeechProxyAuth(db *gorm.DB, kind string) gin.HandlerFunc
- func PoweredBy() gin.HandlerFunc
- func RelayPanicRecover() gin.HandlerFunc
- func RequestId() func(c *gin.Context)
- func SanitizeString(input string) string
- func SecureCompare(a, b string) bool
- func SecurityMiddleware(config *SecurityConfig) gin.HandlerFunc
- func SecurityMiddlewareChain() []gin.HandlerFunc
- func ValidateEmail(email string) bool
- func ValidatePassword(password string) error
- func WithCookieSession(secret string, maxAge int) gin.HandlerFunc
- func WithMemSession(secret string) gin.HandlerFunc
- func XSSProtectionMiddleware() gin.HandlerFunc
- type OpenAPILLMProxyAuthStyle
- type SecurityConfig
Constants ¶
View Source
const (
RequestIdKey = "X-Oneapi-Request-Id"
)
Variables ¶
This section is empty.
Functions ¶
func ApplySecurityMiddleware ¶
func ApplySecurityMiddleware(r *gin.RouterGroup)
ApplySecurityMiddleware applies security middleware to router group
func CSRFMiddleware ¶
func CSRFMiddleware(config *SecurityConfig) gin.HandlerFunc
CSRFMiddleware CSRF保护中间件
func CorsMiddleware ¶
func CorsMiddleware() gin.HandlerFunc
CorsMiddleware handles cross-origin resource sharing
func DisableCache ¶
func DisableCache() gin.HandlerFunc
func GetCarrotSessionField ¶
func GetCarrotSessionField() string
func InputValidationMiddleware ¶
func InputValidationMiddleware() gin.HandlerFunc
InputValidationMiddleware 输入验证中间件
func LoggerMiddleware ¶
func LoggerMiddleware(logger *zap.Logger) gin.HandlerFunc
LoggerMiddleware 请求日志中间件
func OpenAPICredentialFromContext ¶
func OpenAPICredentialFromContext(c *gin.Context) (*models.Credential, bool)
OpenAPICredentialFromContext returns the credential bound by OpenAPIEmailCredential middleware.
func OpenAPIEmailCredential ¶
func OpenAPIEmailCredential(db *gorm.DB) gin.HandlerFunc
OpenAPIEmailCredential 校验 LAuthorization: Bearer <APIKEY>,并要求 L-Timestamp(Unix 秒)与 L-Nonce(防重放)。 仅 kind=email 且启用、未过期的凭证可通过。
func OpenAPILLMCredentialFromContext ¶
func OpenAPILLMCredentialFromContext(c *gin.Context) (*models.Credential, bool)
OpenAPILLMCredentialFromContext 由 OpenAPILLMProxyAuth 注入,kind=llm 的凭证。
func OpenAPILLMProxyAuth ¶
func OpenAPILLMProxyAuth(db *gorm.DB, errStyle OpenAPILLMProxyAuthStyle) gin.HandlerFunc
OpenAPILLMProxyAuth 校验 LLM 代理调用:Authorization: Bearer <key>,或 x-api-key(Anthropic 客户端常用)。 使用 credentials 表中 kind=llm、status=1 的密钥;可选 IP 白名单与配额(与邮件 OpenAPI 一致)。
func OpenAPISpeechCredentialFromContext ¶
func OpenAPISpeechCredentialFromContext(c *gin.Context) (*models.Credential, bool)
OpenAPISpeechCredentialFromContext 由 OpenAPISpeechProxyAuth 注入,kind 为 asr 或 tts。
func OpenAPISpeechProxyAuth ¶
func OpenAPISpeechProxyAuth(db *gorm.DB, kind string) gin.HandlerFunc
OpenAPISpeechProxyAuth 与 LLM OpenAPI 相同 Bearer / x-api-key,凭证 kind 为 asr 或 tts。
func PoweredBy ¶
func PoweredBy() gin.HandlerFunc
func RelayPanicRecover ¶
func RelayPanicRecover() gin.HandlerFunc
func SecurityMiddleware ¶
func SecurityMiddleware(config *SecurityConfig) gin.HandlerFunc
SecurityMiddleware 安全中间件
func SecurityMiddlewareChain ¶
func SecurityMiddlewareChain() []gin.HandlerFunc
SecurityMiddlewareChain returns security middleware chain
func WithCookieSession ¶
func WithCookieSession(secret string, maxAge int) gin.HandlerFunc
func WithMemSession ¶
func WithMemSession(secret string) gin.HandlerFunc
func XSSProtectionMiddleware ¶
func XSSProtectionMiddleware() gin.HandlerFunc
XSSProtectionMiddleware XSS防护中间件
Types ¶
type OpenAPILLMProxyAuthStyle ¶
type OpenAPILLMProxyAuthStyle string
OpenAPILLMProxyAuthStyle 鉴权失败时的错误 JSON 形态(贴近各协议常见字段)。
const ( OpenAPILLMStyleOpenAI OpenAPILLMProxyAuthStyle = "openai" OpenAPILLMStyleAnthropic OpenAPILLMProxyAuthStyle = "anthropic" )
type SecurityConfig ¶
type SecurityConfig struct {
// CSRF配置
CSRFSecret string `json:"csrf_secret"`
CSRFTokenName string `json:"csrf_token_name"`
CSRFMaxAge time.Duration `json:"csrf_max_age"`
CSRFSecure bool `json:"csrf_secure"`
CSRFHttpOnly bool `json:"csrf_http_only"`
CSRFSameSite csrf.SameSiteMode `json:"csrf_same_site"`
// XSS配置
XSSProtection bool `json:"xss_protection"`
ContentTypeNosniff bool `json:"content_type_nosniff"`
XFrameOptions string `json:"x_frame_options"`
// 输入验证配置
MaxRequestSize int64 `json:"max_request_size"`
AllowedOrigins []string `json:"allowed_origins"`
// 安全头配置
HSTSMaxAge int `json:"hsts_max_age"`
ReferrerPolicy string `json:"referrer_policy"`
}
SecurityConfig 安全配置
func DefaultSecurityConfig ¶
func DefaultSecurityConfig() *SecurityConfig
DefaultSecurityConfig 默认安全配置
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.