mindoc-org
/
mindoc
mirror of https://github.com/mindoc-org/mindoc.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

perf:过滤内容中的非法字符,增强安全性

pull/536/head
lifei6671 2019-05-20 12:08:14 +08:00
parent 492b712cc2
commit d8e56548ea
6 changed files with 147 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
commands/command.go
View File

@ -71,7 +71,7 @@ func RegisterDataBase() {
dbPath := filepath.Dir(database)
if _, err := os.Stat(dbPath); err != nil && os.IsNotExist(err) {
os.MkdirAll(dbPath, 0777)
_ = os.MkdirAll(dbPath, 0777)
}
err := orm.RegisterDataBase("default", "sqlite3", database)
@ -117,7 +117,7 @@ func RegisterModel() {
func RegisterLogger(log string) {
logs.SetLogFuncCall(true)
logs.SetLogger("console")
_ = logs.SetLogger("console")
logs.EnableFuncCallDepth(true)
if beego.AppConfig.DefaultBool("log_is_async", true) {
@ -135,7 +135,7 @@ func RegisterLogger(log string) {
logPath := filepath.Join(log, "log.log")
if _, err := os.Stat(log); os.IsNotExist(err) {
os.MkdirAll(log, 0777)
_ = os.MkdirAll(log, 0755)
}
config := make(map[string]interface{}, 1)
@ -159,37 +159,37 @@ func RegisterLogger(log string) {
if level := beego.AppConfig.DefaultString("log_level", "Trace"); level != "" {
switch level {
case "Emergency":
config["level"] = beego.LevelEmergency;
config["level"] = beego.LevelEmergency
break
case "Alert":
config["level"] = beego.LevelAlert;
config["level"] = beego.LevelAlert
break
case "Critical":
config["level"] = beego.LevelCritical;
config["level"] = beego.LevelCritical
break
case "Error":
config["level"] = beego.LevelError;
config["level"] = beego.LevelError
break
case "Warning":
config["level"] = beego.LevelWarning;
config["level"] = beego.LevelWarning
break
case "Notice":
config["level"] = beego.LevelNotice;
config["level"] = beego.LevelNotice
break
case "Informational":
config["level"] = beego.LevelInformational;
config["level"] = beego.LevelInformational
break
case "Debug":
config["level"] = beego.LevelDebug;
config["level"] = beego.LevelDebug
break
}
}
b, err := json.Marshal(config);
b, err := json.Marshal(config)
if err != nil {
beego.Error("初始化文件日志时出错 ->", err)
beego.SetLogger("file", `{"filename":"`+logPath+`"}`)
_ = beego.SetLogger("file", `{"filename":"`+logPath+`"}`)
} else {
beego.SetLogger(logs.AdapterFile, string(b))
_ = beego.SetLogger(logs.AdapterFile, string(b))
}
beego.SetLogFuncCall(true)
@ -213,7 +213,7 @@ func RegisterFunction() {
err := beego.AddFuncMap("config", models.GetOptionValue)
if err != nil {
beego.Error("注册函数 config 出错 ->",err)
beego.Error("注册函数 config 出错 ->", err)
os.Exit(-1)
}
err = beego.AddFuncMap("cdn", func(p string) string {
@ -242,36 +242,36 @@ func RegisterFunction() {
return cdn + p
})
if err != nil {
beego.Error("注册函数 cdn 出错 ->",err)
beego.Error("注册函数 cdn 出错 ->", err)
os.Exit(-1)
}
err = beego.AddFuncMap("cdnjs", conf.URLForWithCdnJs)
if err != nil {
beego.Error("注册函数 cdnjs 出错 ->",err)
beego.Error("注册函数 cdnjs 出错 ->", err)
os.Exit(-1)
}
err = beego.AddFuncMap("cdncss", conf.URLForWithCdnCss)
if err != nil {
beego.Error("注册函数 cdncss 出错 ->",err)
beego.Error("注册函数 cdncss 出错 ->", err)
os.Exit(-1)
}
err = beego.AddFuncMap("cdnimg", conf.URLForWithCdnImage)
if err != nil {
beego.Error("注册函数 cdnimg 出错 ->",err)
beego.Error("注册函数 cdnimg 出错 ->", err)
os.Exit(-1)
}
//重写url生成支持配置域名以及域名前缀
err = beego.AddFuncMap("urlfor", conf.URLFor)
if err != nil {
beego.Error("注册函数 urlfor 出错 ->",err)
beego.Error("注册函数 urlfor 出错 ->", err)
os.Exit(-1)
}
err = beego.AddFuncMap("date_format", func(t time.Time, format string) string {
return t.Local().Format(format)
})
if err != nil {
beego.Error("注册函数 date_format 出错 ->",err)
beego.Error("注册函数 date_format 出错 ->", err)
os.Exit(-1)
}
}
@ -283,7 +283,9 @@ func ResolveCommand(args []string) {
flagSet.StringVar(&conf.WorkingDirectory, "dir", "", "MinDoc working directory.")
flagSet.StringVar(&conf.LogFile, "log", "", "MinDoc log file path.")
flagSet.Parse(args)
if err := flagSet.Parse(args); err != nil {
log.Fatal("解析命令失败 ->", err)
}
if conf.WorkingDirectory == "" {
if p, err := filepath.Abs(os.Args[0]); err == nil {
@ -295,7 +297,7 @@ func ResolveCommand(args []string) {
conf.ConfigurationFile = conf.WorkingDir("conf", "app.conf")
config := conf.WorkingDir("conf", "app.conf.example")
if !filetil.FileExists(conf.ConfigurationFile) && filetil.FileExists(config) {
filetil.CopyFile(conf.ConfigurationFile, config)
_ = filetil.CopyFile(conf.ConfigurationFile, config)
}
}
if err := gocaptcha.ReadFonts(conf.WorkingDir("static", "fonts"), ".ttf"); err != nil {
@ -317,7 +319,7 @@ func ResolveCommand(args []string) {
conf.AutoLoadDelay = beego.AppConfig.DefaultInt("config_auto_delay", 0)
uploads := conf.WorkingDir("uploads")
os.MkdirAll(uploads, 0666)
_ = os.MkdirAll(uploads, 0666)
beego.BConfig.WebConfig.StaticDir["/static"] = filepath.Join(conf.WorkingDirectory, "static")
beego.BConfig.WebConfig.StaticDir["/uploads"] = uploads
@ -328,7 +330,9 @@ func ResolveCommand(args []string) {
if !filetil.FileExists(fonts) {
log.Fatal("Font path not exist.")
}
gocaptcha.ReadFonts(filepath.Join(conf.WorkingDirectory, "static", "fonts"), ".ttf")
if err := gocaptcha.ReadFonts(filepath.Join(conf.WorkingDirectory, "static", "fonts"), ".ttf"); err != nil {
log.Fatal("读取字体失败 ->", err)
}
RegisterDataBase()
RegisterCache()
@ -368,7 +372,7 @@ func RegisterCache() {
os.Exit(1)
}
fileCache.StartAndGC(string(bc))
_ = fileCache.StartAndGC(string(bc))
cache.Init(fileCache)
@ -461,7 +465,7 @@ func RegisterAutoLoadConfig() {
RegisterLogger("")
beego.Info("配置文件已加载 ->", conf.ConfigurationFile)
} else if ev.IsRename() {
watcher.WatchFlags(conf.ConfigurationFile, fsnotify.FSN_MODIFY|fsnotify.FSN_RENAME)
_ = watcher.WatchFlags(conf.ConfigurationFile, fsnotify.FSN_MODIFY|fsnotify.FSN_RENAME)
}
beego.Info(ev.String())
case err := <-watcher.Error:
@ -489,9 +493,9 @@ func RegisterError() {
data["ErrorMessage"] = "页面未找到或已删除"
if err := beego.ExecuteViewPathTemplate(&buf, "errors/error.tpl", beego.BConfig.WebConfig.ViewsPath, data); err == nil {
fmt.Fprint(writer, buf.String())
_, _ = fmt.Fprint(writer, buf.String())
} else {
fmt.Fprint(writer, data["ErrorMessage"])
_, _ = fmt.Fprint(writer, data["ErrorMessage"])
}
})
beego.ErrorHandler("401", func(writer http.ResponseWriter, request *http.Request) {
@ -502,9 +506,9 @@ func RegisterError() {
data["ErrorMessage"] = "请与 Web 服务器的管理员联系,以确认您是否具有访问所请求资源的权限。"
if err := beego.ExecuteViewPathTemplate(&buf, "errors/error.tpl", beego.BConfig.WebConfig.ViewsPath, data); err == nil {
fmt.Fprint(writer, buf.String())
_, _ = fmt.Fprint(writer, buf.String())
} else {
fmt.Fprint(writer, data["ErrorMessage"])
_, _ = fmt.Fprint(writer, data["ErrorMessage"])
}
})
}
@ -514,7 +518,9 @@ func init() {
if configPath, err := filepath.Abs(conf.ConfigurationFile); err == nil {
conf.ConfigurationFile = configPath
}
gocaptcha.ReadFonts(conf.WorkingDir("static", "fonts"), ".ttf")
if err := gocaptcha.ReadFonts(conf.WorkingDir("static", "fonts"), ".ttf"); err != nil {
log.Fatal("读取字体文件失败 ->", err)
}
gob.Register(models.Member{})
if p, err := filepath.Abs(os.Args[0]); err == nil {

46
controllers/BookController.go
View File

@ -84,6 +84,7 @@ func (c *BookController) Dashboard() {
c.Abort("403")
}
c.Abort("500")
return
}
c.Data["Description"] = template.HTML(blackfriday.Run([]byte(book.Description)))
@ -110,6 +111,7 @@ func (c *BookController) Setting() {
c.Abort("403")
}
c.Abort("500")
return
}
//如果不是创始人也不是管理员则不能操作
if book.RoleId != conf.BookFounder && book.RoleId != conf.BookAdmin {
@ -231,6 +233,7 @@ func (c *BookController) PrivatelyOwned() {
if err != nil {
c.JsonResult(6001, err.Error())
return
}
//只有创始人才能变更私有状态
if bookResult.RoleId != conf.BookFounder {
@ -241,6 +244,7 @@ func (c *BookController) PrivatelyOwned() {
if err != nil {
c.JsonResult(6005, "项目不存在")
return
}
book.PrivatelyOwned = state
@ -278,6 +282,7 @@ func (c *BookController) Transfer() {
if err != nil {
c.JsonResult(6001, err.Error())
return
}
err = models.NewRelationship().Transfer(bookResult.BookId, c.Member.MemberId, member.MemberId)
@ -296,6 +301,7 @@ func (c *BookController) UploadCover() {
if err != nil {
c.JsonResult(6001, err.Error())
return
}
book, err := models.NewBook().Find(bookResult.BookId)
@ -309,6 +315,7 @@ func (c *BookController) UploadCover() {
if err != nil {
logs.Error("获取上传文件失败 ->", err.Error())
c.JsonResult(500, "读取文件异常")
return
}
defer file.Close()
@ -405,6 +412,7 @@ func (c *BookController) Users() {
c.Abort("403")
}
c.Abort("500")
return
}
//如果不是创始人也不是管理员则不能操作
if book.RoleId != conf.BookFounder && book.RoleId != conf.BookAdmin {
@ -692,6 +700,7 @@ func (c *BookController) Delete() {
if err != nil {
c.JsonResult(6001, err.Error())
return
}
if bookResult.RoleId != conf.BookFounder {
@ -721,7 +730,9 @@ func (c *BookController) Release() {
if c.Member.IsAdministrator() {
book, err := models.NewBook().FindByFieldFirst("identify", identify)
if err != nil {
beego.Error("发布文档失败 ->", err)
c.JsonResult(6003, "文档不存在")
return
}
bookId = book.BookId
} else {
@ -747,7 +758,7 @@ func (c *BookController) Release() {
//当文档发布后,需要删除已缓存的转换项目
outputPath := filepath.Join(conf.GetExportOutputPath(), strconv.Itoa(bookId))
os.RemoveAll(outputPath)
_ = os.RemoveAll(outputPath)
}(identify)
@ -763,13 +774,14 @@ func (c *BookController) SaveSort() {
c.Abort("404")
}
book_id := 0
bookId := 0
if c.Member.IsAdministrator() {
book, err := models.NewBook().FindByFieldFirst("identify", identify)
if err != nil {
if err != nil || book == nil {
c.JsonResult(6001,"项目不存在")
return
}
book_id = book.BookId
bookId = book.BookId
} else {
bookResult, err := models.NewBookResult().FindByIdentify(identify, c.Member.MemberId)
if err != nil {
@ -780,7 +792,7 @@ func (c *BookController) SaveSort() {
if bookResult.RoleId == conf.BookObserver {
c.JsonResult(6002, "项目不存在或权限不足")
}
book_id = bookResult.BookId
bookId = bookResult.BookId
}
content := c.Ctx.Input.RequestBody
@ -795,13 +807,13 @@ func (c *BookController) SaveSort() {
}
for _, item := range docs {
if doc_id, ok := item["id"].(float64); ok {
doc, err := models.NewDocument().Find(int(doc_id))
if docId, ok := item["id"].(float64); ok {
doc, err := models.NewDocument().Find(int(docId))
if err != nil {
beego.Error(err)
continue
}
if doc.BookId != book_id {
if doc.BookId != bookId {
logs.Info("%s", "权限错误")
continue
}
@ -810,18 +822,18 @@ func (c *BookController) SaveSort() {
beego.Info("排序数字转换失败 => ", item)
continue
}
parent_id, ok := item["parent"].(float64)
parentId, ok := item["parent"].(float64)
if !ok {
beego.Info("父分类转换失败 => ", item)
continue
}
if parent_id > 0 {
if parent, err := models.NewDocument().Find(int(parent_id)); err != nil || parent.BookId != book_id {
if parentId > 0 {
if parent, err := models.NewDocument().Find(int(parentId)); err != nil || parent.BookId != bookId {
continue
}
}
doc.OrderSort = int(sort)
doc.ParentId = int(parent_id)
doc.ParentId = int(parentId)
if err := doc.InsertOrUpdate(); err != nil {
fmt.Printf("%s", err.Error())
beego.Error(err)
@ -846,11 +858,12 @@ func (c *BookController) Team() {
}
book, err := models.NewBookResult().FindByIdentify(key, c.Member.MemberId)
if err != nil {
if err != nil || book == nil {
if err == models.ErrPermissionDenied {
c.ShowErrorPage(403, "权限不足")
}
c.ShowErrorPage(500, "系统错误")
return
}
//如果不是创始人也不是管理员则不能操作
if book.RoleId != conf.BookFounder && book.RoleId != conf.BookAdmin {
@ -884,6 +897,7 @@ func (c *BookController) TeamAdd() {
if err != nil {
c.JsonResult(500, err.Error())
return
}
//如果不是创始人也不是管理员则不能操作
if book.RoleId != conf.BookFounder && book.RoleId != conf.BookAdmin {
@ -905,6 +919,7 @@ func (c *BookController) TeamAdd() {
err = teamRel.Save()
if err != nil {
c.JsonResult(5004, "加入项目失败")
return
}
teamRel.Include()
@ -924,6 +939,7 @@ func (c *BookController) TeamDelete() {
if err != nil {
c.JsonResult(5002, err.Error())
return
}
//如果不是创始人也不是管理员则不能操作
if book.RoleId != conf.BookFounder && book.RoleId != conf.BookAdmin {

75
controllers/DocumentController.go
View File

@ -2,30 +2,30 @@ package controllers
import (
"encoding/json"
"html/template"
"net/http"
"os"
"path/filepath"
"regexp"
"strconv"
"strings"
"time"
"net/url"
"image/png"
"fmt"
"github.com/astaxie/beego"
"github.com/astaxie/beego/logs"
"github.com/astaxie/beego/orm"
"github.com/boombuler/barcode"
"github.com/boombuler/barcode/qr"
"github.com/lifei6671/mindoc/conf"
"github.com/lifei6671/mindoc/models"
"github.com/lifei6671/mindoc/utils"
"github.com/lifei6671/mindoc/utils/pagination"
"gopkg.in/russross/blackfriday.v2"
"github.com/lifei6671/mindoc/utils/cryptil"
"github.com/lifei6671/mindoc/utils/filetil"
"github.com/lifei6671/mindoc/utils/gopool"
"github.com/astaxie/beego/logs"
"github.com/lifei6671/mindoc/utils/pagination"
"gopkg.in/russross/blackfriday.v2"
"html/template"
"image/png"
"net/http"
"net/url"
"os"
"path/filepath"
"regexp"
"strconv"
"strings"
"time"
)
// DocumentController struct
@ -113,19 +113,21 @@ func (c *DocumentController) Read() {
if docId, err := strconv.Atoi(id); err == nil {
doc, err = doc.FromCacheById(docId)
if err != nil {
if err != nil || doc == nil {
beego.Error("从缓存中读取文档时失败 ->", err)
c.ShowErrorPage(404, "文档不存在或已删除")
return
}
} else {
doc, err = doc.FromCacheByIdentify(id, bookResult.BookId)
if err != nil {
if err != nil || doc == nil {
if err == orm.ErrNoRows {
c.ShowErrorPage(404, "文档不存在或已删除")
} else {
beego.Error("从缓存查询文档时出错 ->", err)
c.ShowErrorPage(500, "未知异常")
}
return
}
}
@ -195,7 +197,7 @@ func (c *DocumentController) Edit() {
bookResult, err = models.NewBookResult().FindByIdentify(identify, c.Member.MemberId)
if err != nil {
if err == orm.ErrNoRows || err == models.ErrPermissionDenied{
if err == orm.ErrNoRows || err == models.ErrPermissionDenied {
c.ShowErrorPage(403, "项目不存在或没有权限")
} else {
beego.Error("查询项目时出错 -> ", err)
@ -341,11 +343,12 @@ func (c *DocumentController) Upload() {
name := "editormd-file-file"
file, moreFile, err := c.GetFile(name)
if err == http.ErrMissingFile {
if err == http.ErrMissingFile || moreFile == nil {
name = "editormd-image-file"
file, moreFile, err = c.GetFile(name)
if err == http.ErrMissingFile {
if err == http.ErrMissingFile || moreFile == nil {
c.JsonResult(6003, "没有发现需要上传的文件")
return
}
}
@ -427,7 +430,7 @@ func (c *DocumentController) Upload() {
path := filepath.Dir(filePath)
os.MkdirAll(path, os.ModePerm)
_ = os.MkdirAll(path, os.ModePerm)
err = c.SaveToFile(name, filePath)
@ -452,7 +455,6 @@ func (c *DocumentController) Upload() {
attachment.DocumentId = docId
}
if filetil.IsImageExt(moreFile.Filename) {
attachment.HttpPath = "/" + strings.Replace(strings.TrimPrefix(filePath, conf.WorkingDirectory), "\\", "/", -1)
if strings.HasPrefix(attachment.HttpPath, "//") {
@ -675,8 +677,9 @@ func (c *DocumentController) Content() {
// 如果是超级管理员,则忽略权限
if c.Member.IsAdministrator() {
book, err := models.NewBook().FindByFieldFirst("identify", identify)
if err != nil {
if err != nil || book == nil {
c.JsonResult(6002, "项目不存在或权限不足")
return
}
bookId = book.BookId
@ -705,8 +708,9 @@ func (c *DocumentController) Content() {
doc, err := models.NewDocument().Find(docId)
if err != nil {
if err != nil || doc == nil {
c.JsonResult(6003, "读取文档错误")
return
}
if doc.BookId != bookId {
@ -781,25 +785,7 @@ func (c *DocumentController) Content() {
c.JsonResult(0, "ok", doc)
}
//
//func (c *DocumentController) GetDocumentById(id string) (doc *models.Document, err error) {
// doc = models.NewDocument()
// if doc_id, err := strconv.Atoi(id); err == nil {
// doc, err = doc.Find(doc_id)
// if err != nil {
// return nil, err
// }
// } else {
// doc, err = doc.FindByFieldFirst("identify", id)
// if err != nil {
// return nil, err
// }
// }
//
// return doc, nil
//}
// 导出
// Export 导出
func (c *DocumentController) Export() {
c.Prepare()
@ -1201,8 +1187,9 @@ func (c *DocumentController) Compare() {
}
doc, err := models.NewDocument().Find(history.DocumentId)
if doc.BookId != bookId {
c.ShowErrorPage(60002, "参数错误")
if err != nil || doc == nil || doc.BookId != bookId {
c.ShowErrorPage(60002, "文档不存在或已删除")
return
}
c.Data["HistoryId"] = historyId
@ -1238,7 +1225,7 @@ func (c *DocumentController) isReadable(identify, token string) *models.BookResu
}
// 如果文档是私有的
if book.PrivatelyOwned == 1 && (!c.isUserLoggedIn() || !c.Member.IsAdministrator()) {
if s,ok := c.GetSession(identify).(string); !ok || (!strings.EqualFold(s,book.PrivateToken) && !strings.EqualFold(s,book.BookPassword)) {
if s, ok := c.GetSession(identify).(string); !ok || (!strings.EqualFold(s, book.PrivateToken) && !strings.EqualFold(s, book.BookPassword)) {
if book.PrivateToken != "" && !isOk && token != "" {
// 如果有访问的 Token并且该项目设置了访问 Token并且和用户提供的相匹配则记录到 Session 中。

2
models/BookModel.go
View File

@ -594,7 +594,7 @@ func (book *Book) ReleaseContent(bookId int) {
}
for _, item := range docs {
item.BookId = bookId
item.ReleaseContent()
_ = item.ReleaseContent()
}
}

47
models/DocumentModel.go
View File

@ -6,16 +6,16 @@ import (
"fmt"
"strconv"
"bytes"
"github.com/PuerkitoBio/goquery"
"github.com/astaxie/beego"
"github.com/astaxie/beego/orm"
"github.com/lifei6671/mindoc/cache"
"github.com/lifei6671/mindoc/conf"
"github.com/lifei6671/mindoc/utils"
"os"
"path/filepath"
"github.com/PuerkitoBio/goquery"
"bytes"
"strings"
"github.com/lifei6671/mindoc/utils"
)
// Document struct.
@ -317,15 +317,48 @@ func (item *Document) Processor() *Document {
selector.First().AppendHtml(release)
}
}
cdnimg := beego.AppConfig.String("cdnimg")
docQuery.Find("img").Each(func(i int, selection *goquery.Selection) {
if src, ok := selection.Attr("src"); ok {
src = strings.TrimSpace(strings.ToLower(src))
//过滤掉没有链接的图片标签
if src == "" || strings.HasPrefix(src,"data:text/html"){
selection.Remove()
return
}
//设置图片为CDN地址
if cdnimg := beego.AppConfig.String("cdnimg"); cdnimg != "" {
docQuery.Find("img").Each(func(i int, contentSelection *goquery.Selection) {
if src, ok := contentSelection.Attr("src"); ok && strings.HasPrefix(src, "/uploads/") {
contentSelection.SetAttr("src", utils.JoinURI(cdnimg, src))
if cdnimg != "" && strings.HasPrefix(src, "/uploads/") {
selection.SetAttr("src", utils.JoinURI(cdnimg, src))
}
}
selection.RemoveAttr("onerror").RemoveAttr("onload")
})
//过滤A标签的非法连接
docQuery.Find("a").Each(func(i int, selection *goquery.Selection) {
if val, exists := selection.Attr("href"); exists {
if val == "" {
selection.SetAttr("href", "#")
return
}
val = strings.ReplaceAll(strings.ToLower(val), " ", "")
//移除危险脚本链接
if strings.HasPrefix(val, "data:text/html") ||
strings.HasPrefix(val, "vbscript:") ||
strings.HasPrefix(val, "javascript:") {
selection.SetAttr("href", "#")
}
}
//移除所有 onerror 属性
selection.RemoveAttr("onerror").RemoveAttr("onload").RemoveAttr("onclick")
})
docQuery.Find("script").Remove()
docQuery.Find("link").Remove()
docQuery.Find("vbscript").Remove()
if html, err := docQuery.Html(); err == nil {
item.Release = strings.TrimSuffix(strings.TrimPrefix(strings.TrimSpace(html), "<html><head></head><body>"), "</body></html>")

5
routers/filter.go
View File

@ -25,7 +25,7 @@ func init() {
ctx.ResponseWriter.Write(returnJSON)
} else {
ctx.Redirect(302, conf.URLFor("AccountController.Login") + "?url=" + url.PathEscape(conf.BaseUrl + ctx.Request.URL.RequestURI()))
ctx.Redirect(302, conf.URLFor("AccountController.Login")+"?url="+url.PathEscape(conf.BaseUrl+ctx.Request.URL.RequestURI()))
}
}
}
@ -36,11 +36,12 @@ func init() {
beego.InsertFilter("/book", beego.BeforeRouter, FilterUser)
beego.InsertFilter("/book/*", beego.BeforeRouter, FilterUser)
beego.InsertFilter("/api/*", beego.BeforeRouter, FilterUser)
beego.InsertFilter("/manage/*", beego.BeforeRouter,FilterUser)
beego.InsertFilter("/manage/*", beego.BeforeRouter, FilterUser)
var FinishRouter = func(ctx *context.Context) {
ctx.ResponseWriter.Header().Add("MinDoc-Version", conf.VERSION)
ctx.ResponseWriter.Header().Add("MinDoc-Site", "https://www.iminho.me")
ctx.ResponseWriter.Header().Add("X-XSS-Protection", "1; mode=block")
}
var StartRouter = func(ctx *context.Context) {