完成后台身份验证功能

2025-05-06 18:29:25 +08:00 · 2023-12-20 10:21:26 +08:00 · 2023-12-20 10:21:26 +08:00 · 937e87f3eb
commit 937e87f3eb
parent 09fde30b3c
3 changed files with 240 additions and 7 deletions
--- a/Web/login.html
+++ b/Web/login.html
@ -0,0 +1,59 @@
+<!DOCTYPE html>
+<html lang="zh-CN">
+<head>
+    <meta charset="UTF-8">
+    <title>登录页面</title>
+    <style>
+        body {
+            font-family: Arial, sans-serif;
+            display: flex;
+            justify-content: center;
+            align-items: center;
+            height: 100vh;
+            margin: 0;
+        }
+        .container {
+            border: 1px solid #ccc;
+            border-radius: 8px;
+            padding: 20px;
+            width: 300px;
+            text-align: center;
+        }
+
+        label {
+            font-weight: bold;
+            display: block;
+            margin-bottom: 10px;
+        }
+
+        input[type="password"] {
+            padding: 10px;
+            border: 1px solid #ccc;
+            border-radius: 4px;
+        }
+
+        button {
+            background-color: #4CAF50;
+            color: white;
+            padding: 10px 20px;
+            border: none;
+            border-radius: 4px;
+            cursor: pointer;
+        }
+
+        button:hover {
+            background-color: #45a049;
+        }
+    </style>
+</head>
+<body>
+    <form action="/login" method="post">
+        <div class="container">
+            <label for="password"><b>密码</b></label>
+            <input type="password" placeholder="输入密码" name="passwd" required>
+            <button type="submit">登录</button>
+        </div>
+    </form>
+
+</body>
+</html>
--- a/database/db.go
+++ b/database/db.go
@ -21,6 +21,10 @@ func Initdb() {
 		md5 TEXT NOT NULL,
 		ext TEXT NOT NULL
 	);
+	CREATE TABLE IF NOT EXISTS user (
+		uname TEXT PRIMARY KEY,
+		password TEXT NOT NULL
+	);
 	`

 	_, err = db.Exec(createTableSQL)
@ -114,3 +118,102 @@ func QueryId() ([]string, error) {

 	return result, nil
 }
+
+func DelFile(linkID string) {
+	db, err := sql.Open("sqlite3", "./data/database.db")
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer db.Close()
+
+	// SQL语句
+	SQL := `
+	DELETE FROM "mytable" WHERE link = ?
+	`
+
+	stmt, err := db.Prepare(SQL)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+ 	_, err = stmt.Exec(linkID) //插入记录
+	if err != nil {
+		log.Fatal(err)
+	}
+}
+
+func NewUser(uname string, password string) {
+	db, err := sql.Open("sqlite3", "./data/database.db")
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer db.Close()
+
+	// SQL语句
+	SQL := `
+	INSERT INTO "user" ("uname" ,"password") VALUES (? , ?)
+	`
+
+	stmt, err := db.Prepare(SQL)
+	if err != nil {
+		log.Fatal(err)
+	}
+
+ 	_, err = stmt.Exec(uname, password) //插入记录
+	if err != nil {
+		log.Fatal(err)
+	}
+}
+
+func QueryUser() ([]string, error) {
+	var result []string
+
+	db, err := sql.Open("sqlite3", "./data/database.db")
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer db.Close()
+
+	rows, err := db.Query("SELECT uname FROM user")
+	if err != nil {
+		return nil, err
+	}
+	defer rows.Close()
+
+	for rows.Next() {
+		var name string
+		if err := rows.Scan(&name); err != nil {
+			return nil, err
+		}
+		result = append(result, name)
+	}
+
+	if err := rows.Err(); err != nil {
+		return nil, err
+	}
+
+	return result, nil
+}
+
+func CheckUserPasswd(username string, password string) bool {
+	// 连接到SQLite数据库
+	db, err := sql.Open("sqlite3", "./data/database.db")
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer db.Close()
+	// 查询用户名和密码
+	const sqlStr = "SELECT * FROM 'user' WHERE uname=? AND password=?"
+	// 执行查询
+	rows, err := db.Query(sqlStr, username, password)
+	if err != nil {
+		log.Fatal(err)
+	}
+	defer rows.Close()
+	// 判断查询结果
+	if rows.Next() {
+		return true
+	} else {
+		return false
+	}
+}
--- a/main.go
+++ b/main.go
@ -64,11 +64,13 @@ func init() {

 func main() {
 	http.HandleFunc("/info", showimg)
-	http.HandleFunc("/info/list", showlist)
-	http.HandleFunc("/upload", upload)
-    http.HandleFunc("/img/",downloadHandler)//设置访问的路由
-	http.HandleFunc("/img/mini",displayThumbnailHandler)
-	http.HandleFunc("/idlist",arrayHandler)
+	http.HandleFunc("/info/list", showlist)//
+	http.HandleFunc("/upload", upload)//上传图片
+    http.HandleFunc("/img/",downloadHandler)//图片接口
+	http.HandleFunc("/img/mini",displayThumbnailHandler)//缩略图接口
+	http.HandleFunc("/idlist",arrayHandler)//获取现有图片id
+	http.HandleFunc("/img/del",deleteImagesHandler)//删除相应图片
+	http.HandleFunc("/login",login)//登录页
 	fmt.Println("Web服务器已启动")      
 	err := http.ListenAndServe(":9090", nil) //设置监听的端口
 	if err != nil {
@ -82,6 +84,13 @@ func showimg(w http.ResponseWriter, r *http.Request) {
 }

 func showlist(w http.ResponseWriter, r *http.Request) {
+	cookie, _ := r.Cookie("login")
+	if cookie == nil{ //未授权禁止访问
+		w.WriteHeader(401)
+		w.Write([]byte(`<html><a href="/login">验证失败 点此登录</a><html>`))
+		return
+	}
+
 	t, _ := template.ParseFiles("Web/list.html")
 	t.Execute(w, "Hello")
 }
@ -239,7 +248,13 @@ func displayThumbnailHandler(w http.ResponseWriter, r *http.Request) {
 	}
 }

-func arrayHandler(w http.ResponseWriter, r *http.Request) {
+func arrayHandler(w http.ResponseWriter, r *http.Request) {  //获取全部图片ID
+	cookie, _ := r.Cookie("login")
+	if cookie == nil{ //未授权禁止访问
+		w.WriteHeader(401)
+		w.Write([]byte(`<html><a href="/login">验证失败 点此登录</a><html>`))
+		return
+	}
 	// 获取数组数据
 	data, err := database.QueryId()
 	if err != nil {
@ -259,3 +274,59 @@ func arrayHandler(w http.ResponseWriter, r *http.Request) {
 	// 将 JSON 数据写入响应体
 	w.Write(responseData)
 }
+
+func deleteImagesHandler(w http.ResponseWriter, r *http.Request) {
+	cookie, _ := r.Cookie("login")
+	if cookie == nil{ //未授权禁止访问
+		w.WriteHeader(401)
+		w.Write([]byte(`<html><a href="/login">验证失败 点此登录</a><html>`))
+		return
+	}
+	// 从请求参数中获取目录名
+	id := r.FormValue("id")
+
+	if id == "" {
+		http.Error(w, "未提供id", http.StatusBadRequest)
+		return
+	}
+
+	// 拼接目录路径，确保路径安全性
+	dirPath := filepath.Join("./data/img/", database.GetFileName(id))
+
+	// 删除目录及其所有内容
+	if err := os.Remove(dirPath); err != nil {
+		http.Error(w, fmt.Sprintf("无法删除 %s: %s", database.GetFileName(id), err), http.StatusInternalServerError)
+		return
+	}
+
+	database.DelFile(id) //删除数据库相关记录
+
+	// 返回成功的响应
+	w.WriteHeader(http.StatusOK)
+	w.Write([]byte("成功删除"))
+}
+
+func login(w http.ResponseWriter, r *http.Request) {
+	r.ParseForm()
+	if r.Method == "GET" {
+		t, _ := template.ParseFiles("Web/login.html")
+		w.Header().Set("Content-Type", "text/html")
+		t.Execute(w,"")
+	} else {
+		userlist,_:= database.QueryUser()
+		fmt.Println(userlist)
+		if len(userlist) == 0 {
+			database.NewUser("admin", r.FormValue("passwd"))
+		} else {
+			if !database.CheckUserPasswd("admin", r.FormValue("passwd")) {
+				http.Redirect(w, r, "/login",http.StatusFound)
+				fmt.Println("密码错误")
+				return
+			}
+		}
+		cookie := http.Cookie{Name: "login", Value: "yes"}
+		http.SetCookie(w, &cookie)
+		fmt.Println("密码正确")
+		http.Redirect(w, r, "/info/list",http.StatusFound)
+	}
+}