refactor(auth): move authentication params to headers and simplify validation

- Move token and timestamp validation to HTTP headers - Simplify ValidateTimeStamp to return boolean - Update AddUser to use default "visitor" type - Remove redundant timestamp and token fields from request structs - Update API documentation to reflect header-based authentication
2026-02-28 15:32:32 +08:00
parent aa70e7c0f0
commit b661118180
6 changed files with 113 additions and 134 deletions
--- a/router.go
+++ b/router.go
@@ -16,27 +16,27 @@ func setupRoutes() {

 	http.HandleFunc("/frpcAct/instanceMgr/", func(w http.ResponseWriter, r *http.Request) {
 		path := r.URL.Path
-		if len(path) < len("/frpcAct/instanceMgr/") {
+		if len(path) < len("/frpcAct/instanceMgr/") { // Check if path is at least as long as the base path
 			SendErrorResponse(w, http.StatusNotFound, "invalid path")
 			return
 		}

-		remainingPath := path[len("/frpcAct/instanceMgr/"):]
+		remainingPath := path[len("/frpcAct/instanceMgr/"):] // Get the remaining path after the base path

-		if r.Method == http.MethodGet {
+		if r.Method == http.MethodGet { // Handle `/list` and `/list/<instanceName>` by GET request
 			if remainingPath == "list" {
 				ListInstancesHandler(w, r)
 				return
 			}

-			instanceName := strings.Trim(remainingPath, "/")
+			instanceName := strings.Trim(remainingPath, "/") // Get the instance name from the remaining path
 			if instanceName != "" {
 				ListInstancesHandler(w, r)
 				return
 			}
 		}

-		if r.Method == http.MethodPost {
+		if r.Method == http.MethodPost { // Handle `/create`, `/delete`, and `/modify/<field>` by POST request
 			if remainingPath == "create" {
 				CreateInstanceHandler(w, r)
 				return
@@ -57,6 +57,6 @@ func setupRoutes() {
 			}
 		}

-		SendErrorResponse(w, http.StatusNotFound, "endpoint not found")
+		SendErrorResponse(w, http.StatusNotFound, "endpoint not found") // Send error response if no endpoint is found
 	})
 }