color

2023-05-13 01:41:23 +08:00
parent 605d4299b9
commit a2e2853c3f
2 changed files with 33 additions and 8 deletions
--- a/routers/sessions.go
+++ b/routers/sessions.go
@@ -101,9 +101,34 @@ func SessionsItemPatch(w http.ResponseWriter, r *http.Request) {

 // 刪除會話
 func SessionsItemDelete(w http.ResponseWriter, r *http.Request) {
-	session := models.Session{ID: mux.Vars(r)["id"]}
+	// 需要先驗證身份才能執行刪除操作
+
+	// 從Cookie中獲取session_id
+	cookie, err := r.Cookie("session_id")
+	if err != nil {
+		w.WriteHeader(http.StatusUnauthorized)
+		w.Write([]byte("401 - 未登錄"))
+		return
+	}
+
+	// 獲取當前session
+	session := models.Session{ID: cookie.Value}
 	session.Get()
-	session.Delete()
+
+	// 獲取當前用戶
+	user := models.User{ID: session.UserID}
+	user.Get()
+
+	sessionx := models.Session{ID: mux.Vars(r)["id"]}
+	sessionx.Get()
+
+	if user.ID != sessionx.UserID {
+		w.WriteHeader(http.StatusUnauthorized)
+		w.Write([]byte("401 - 沒有權限"))
+		return
+	}
+
+	sessionx.Delete()
 	w.Header().Set("Content-Type", "application/json; charset=utf-8")
-	w.Write(utils.ToJSON(session))
+	w.Write(utils.ToJSON(sessionx))
 }