feat(api): implement task management API with handlers for creating, listing, retrieving, and canceling tasks

- Added Handlers struct and methods for task operations - Implemented task progress tracking and storage - Created server setup with middleware for logging and recovery - Added support for Telegram file extraction and Telegraph image extraction - Introduced webhook functionality for task status updates - Defined request and response types for API interactions
2026-05-22 00:30:36 +08:00 · 2026-03-05 19:11:30 +08:00
parent f377ee3ca4
commit 3eb3b6e3c8
13 changed files with 1612 additions and 1 deletions
--- a/api/auth.go
+++ b/api/auth.go
@@ -0,0 +1,48 @@
+package api
+
+import (
+	"context"
+	"crypto/subtle"
+	"net/http"
+	"strings"
+
+	"github.com/krau/SaveAny-Bot/config"
+)
+
+// tokenContextKey 用于在 context 中存储 token
+type tokenContextKey struct{}
+
+// AuthMiddleware 返回认证中间件
+func AuthMiddleware() func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			cfg := config.C().API
+
+			// 从请求头获取 token
+			authHeader := r.Header.Get("Authorization")
+			if authHeader == "" {
+				WriteError(w, http.StatusUnauthorized, "unauthorized", "missing authorization header")
+				return
+			}
+
+			// 提取 Bearer token
+			parts := strings.SplitN(authHeader, " ", 2)
+			if len(parts) != 2 || strings.ToLower(parts[0]) != "bearer" {
+				WriteError(w, http.StatusUnauthorized, "unauthorized", "invalid authorization header format")
+				return
+			}
+
+			token := parts[1]
+
+			// 验证 token
+			if subtle.ConstantTimeCompare([]byte(token), []byte(cfg.Token)) != 1 {
+				WriteError(w, http.StatusUnauthorized, "unauthorized", "invalid token")
+				return
+			}
+
+			// 将 token 添加到 context
+			ctx := context.WithValue(r.Context(), tokenContextKey{}, token)
+			next.ServeHTTP(w, r.WithContext(ctx))
+		})
+	}
+}