chore: add Auth function to handle all permission verification; remove all old auth codes

frpcProxyAct.go

@@ -13,9 +13,10 @@ import (
 )
 
 func CreateProxyHandler(w http.ResponseWriter, r *http.Request) {
-	if r.Method != http.MethodPost {
-		SendErrorResponse(w, http.StatusMethodNotAllowed, "Invalid request method")
-		postLog.Debug(fmt.Sprintf("[CreateProxyHandler] Invalid request method: %s", r.Method))
+	userID, err := Auth(w, r, http.MethodPost, "superuser", "admin")
+	if err != nil {
+		SendErrorResponse(w, http.StatusUnauthorized, err.Error())
+		postLog.Warning(fmt.Sprintf("[CreateProxyHandler] Auth failed: %v", err))
 		return
 	}
 
@@ -63,23 +64,6 @@ func CreateProxyHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	userID, _, err := ValidateRequestWithHeader(w, r)
-	if err != nil {
-		postLog.Error(fmt.Sprintf("[CreateProxyHandler] Failed to validate request header: %v", err))
-		SendErrorResponse(w, http.StatusBadRequest, "Invalid request header")
-		return
-	}
-
-	userType, err := GetUserType(userID)
-	if err != nil {
-		postLog.Error(fmt.Sprintf("[CreateProxyHandler] Failed to get user type: %v", err))
-		SendErrorResponse(w, http.StatusInternalServerError, "Failed to get user type")
-		return
-	} else if userType != "admin" && userType != "superuser" {
-		SendErrorResponse(w, http.StatusForbidden, "Permission Denied")
-		return
-	}
-
 	var instance FrpcInstance
 	instanceIDInt, _ := strconv.Atoi(instanceID)
 	instance, err = DBQueryFrpcInstanceByID(instanceIDInt)
@@ -124,9 +108,10 @@ func CreateProxyHandler(w http.ResponseWriter, r *http.Request) {
 }
 
 func DeleteProxyHandler(w http.ResponseWriter, r *http.Request) {
-	if r.Method != http.MethodPost {
-		SendErrorResponse(w, http.StatusMethodNotAllowed, "Invalid request method")
-		postLog.Debug(fmt.Sprintf("[DeleteProxyHandler] Invalid request method: %s", r.Method))
+	userID, err := Auth(w, r, http.MethodPost, "superuser", "admin")
+	if err != nil {
+		SendErrorResponse(w, http.StatusUnauthorized, err.Error())
+		postLog.Warning(fmt.Sprintf("[DeleteProxyHandler] Auth failed: %v", err))
 		return
 	}
 
@@ -159,23 +144,6 @@ func DeleteProxyHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	userID, _, err := ValidateRequestWithHeader(w, r)
-	if err != nil {
-		postLog.Error(fmt.Sprintf("[DeleteProxyHandler] Failed to validate request header: %v", err))
-		SendErrorResponse(w, http.StatusBadRequest, "Invalid request header")
-		return
-	}
-
-	userType, err := GetUserType(userID)
-	if err != nil {
-		postLog.Error(fmt.Sprintf("[DeleteProxyHandler] Failed to get user type: %v", err))
-		SendErrorResponse(w, http.StatusInternalServerError, "Failed to get user type")
-		return
-	} else if userType != "admin" && userType != "superuser" {
-		SendErrorResponse(w, http.StatusForbidden, "Permission Denied")
-		return
-	}
-
 	var instance FrpcInstance
 	instanceIDInt, _ := strconv.Atoi(instanceID)
 	instance, err = DBQueryFrpcInstanceByID(instanceIDInt)
@@ -220,9 +188,10 @@ func DeleteProxyHandler(w http.ResponseWriter, r *http.Request) {
 }
 
 func ListProxiesHandler(w http.ResponseWriter, r *http.Request) {
-	if r.Method != http.MethodGet {
-		SendErrorResponse(w, http.StatusMethodNotAllowed, "Invalid request method")
-		postLog.Debug(fmt.Sprintf("[ListProxiesHandler] Invalid request method: %s", r.Method))
+	userID, err := Auth(w, r, http.MethodGet)
+	if err != nil {
+		SendErrorResponse(w, http.StatusUnauthorized, err.Error())
+		postLog.Warning(fmt.Sprintf("[ListProxiesHandler] Auth failed: %v", err))
 		return
 	}
 
@@ -234,13 +203,6 @@ func ListProxiesHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	userID, _, err := ValidateRequestWithHeader(w, r)
-	if err != nil {
-		postLog.Error(fmt.Sprintf("[ListProxiesHandler] Failed to validate request header: %v", err))
-		SendErrorResponse(w, http.StatusBadRequest, "Invalid request header")
-		return
-	}
-
 	var instance FrpcInstance
 	instanceIDInt, _ := strconv.Atoi(instanceID)
 	instance, err = DBQueryFrpcInstanceByID(instanceIDInt)