feat(auth): Optimized device session handling logic

okatu-loli · okatu-loli · commit 9a7c82a71e3c · 2025-08-29T13:31:44.000+08:00
- Introduced middleware to handle device sessions
- Changed `handleSession` to `HandleSession` in multiple places in `auth.go` to maintain consistent naming
- Updated response structure to return `device_key` and `token`
diff --git a/server/handles/auth.go b/server/handles/auth.go
@@ -15,6 +15,7 @@ import (
 	"github.com/alist-org/alist/v3/internal/session"
 	"github.com/alist-org/alist/v3/internal/setting"
 	"github.com/alist-org/alist/v3/server/common"
+	"github.com/alist-org/alist/v3/server/middlewares"
 	"github.com/gin-gonic/gin"
 	"github.com/pquerna/otp/totp"
 )
@@ -82,13 +83,18 @@ func loginHash(c *gin.Context, req *LoginReq) {
 			return
 		}
 	}
+	// generate device session
+	if !middlewares.HandleSession(c, user) {
+		return
+	}
 	// generate token
 	token, err := common.GenerateToken(user)
 	if err != nil {
 		common.ErrorResp(c, err, 400, true)
 		return
 	}
-	common.SuccessResp(c, gin.H{"token": token})
+	key := c.GetString("device_key")
+	common.SuccessResp(c, gin.H{"token": token, "device_key": key})
 	loginCache.Del(ip)
 }
 
diff --git a/server/middlewares/auth.go b/server/middlewares/auth.go
@@ -26,7 +26,7 @@ func Auth(c *gin.Context) {
 			c.Abort()
 			return
 		}
-		if !handleSession(c, admin) {
+		if !HandleSession(c, admin) {
 			return
 		}
 		log.Debugf("use admin token: %+v", admin)
@@ -54,7 +54,7 @@ func Auth(c *gin.Context) {
 			}
 			guest.RolesDetail = roles
 		}
-		if !handleSession(c, guest) {
+		if !HandleSession(c, guest) {
 			return
 		}
 		log.Debugf("use empty token: %+v", guest)
@@ -93,14 +93,15 @@ func Auth(c *gin.Context) {
 		}
 		user.RolesDetail = roles
 	}
-	if !handleSession(c, user) {
+	if !HandleSession(c, user) {
 		return
 	}
 	log.Debugf("use login token: %+v", user)
 	c.Next()
 }
 
-func handleSession(c *gin.Context, user *model.User) bool {
+// HandleSession verifies device sessions and stores context values.
+func HandleSession(c *gin.Context, user *model.User) bool {
 	clientID := c.GetHeader("Client-Id")
 	if clientID == "" {
 		clientID = c.Query("client_id")

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,7 @@ import (`
`15`	`15`	`"github.com/alist-org/alist/v3/internal/session"`
`16`	`16`	`"github.com/alist-org/alist/v3/internal/setting"`
`17`	`17`	`"github.com/alist-org/alist/v3/server/common"`
	`18`	`+ "github.com/alist-org/alist/v3/server/middlewares"`
`18`	`19`	`"github.com/gin-gonic/gin"`
`19`	`20`	`"github.com/pquerna/otp/totp"`
`20`	`21`	`)`
`@@ -82,13 +83,18 @@ func loginHash(c gin.Context, req LoginReq) {`
`82`	`83`	`return`
`83`	`84`	`}`
`84`	`85`	`}`
	`86`	`+ // generate device session`
	`87`	`+ if !middlewares.HandleSession(c, user) {`
	`88`	`+ return`
	`89`	`+ }`
`85`	`90`	`// generate token`
`86`	`91`	`token, err := common.GenerateToken(user)`
`87`	`92`	`if err != nil {`
`88`	`93`	`common.ErrorResp(c, err, 400, true)`
`89`	`94`	`return`
`90`	`95`	`}`
`91`		`- common.SuccessResp(c, gin.H{"token": token})`
	`96`	`+ key := c.GetString("device_key")`
	`97`	`+ common.SuccessResp(c, gin.H{"token": token, "device_key": key})`
`92`	`98`	`loginCache.Del(ip)`
`93`	`99`	`}`
`94`	`100`
Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ func Auth(c *gin.Context) {`
`26`	`26`	`c.Abort()`
`27`	`27`	`return`
`28`	`28`	`}`
`29`		`- if !handleSession(c, admin) {`
	`29`	`+ if !HandleSession(c, admin) {`
`30`	`30`	`return`
`31`	`31`	`}`
`32`	`32`	`log.Debugf("use admin token: %+v", admin)`
`@@ -54,7 +54,7 @@ func Auth(c *gin.Context) {`
`54`	`54`	`}`
`55`	`55`	`guest.RolesDetail = roles`
`56`	`56`	`}`
`57`		`- if !handleSession(c, guest) {`
	`57`	`+ if !HandleSession(c, guest) {`
`58`	`58`	`return`
`59`	`59`	`}`
`60`	`60`	`log.Debugf("use empty token: %+v", guest)`
`@@ -93,14 +93,15 @@ func Auth(c *gin.Context) {`
`93`	`93`	`}`
`94`	`94`	`user.RolesDetail = roles`
`95`	`95`	`}`
`96`		`- if !handleSession(c, user) {`
	`96`	`+ if !HandleSession(c, user) {`
`97`	`97`	`return`
`98`	`98`	`}`
`99`	`99`	`log.Debugf("use login token: %+v", user)`
`100`	`100`	`c.Next()`
`101`	`101`	`}`
`102`	`102`
`103`		`-func handleSession(c gin.Context, user model.User) bool {`
	`103`	`+// HandleSession verifies device sessions and stores context values.`
	`104`	`+func HandleSession(c gin.Context, user model.User) bool {`
`104`	`105`	`clientID := c.GetHeader("Client-Id")`
`105`	`106`	`if clientID == "" {`
`106`	`107`	`clientID = c.Query("client_id")`