Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/MHSanaei/3x-ui.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/web/controller/api.go
diff options
context:
space:
mode:
Diffstat (limited to 'web/controller/api.go')
-rw-r--r--web/controller/api.go15
1 files changed, 14 insertions, 1 deletions
diff --git a/web/controller/api.go b/web/controller/api.go
index dbd3f28d..1a39f8ed 100644
--- a/web/controller/api.go
+++ b/web/controller/api.go
@@ -1,7 +1,10 @@
package controller
import (
+ "net/http"
+
"github.com/mhsanaei/3x-ui/v2/web/service"
+ "github.com/mhsanaei/3x-ui/v2/web/session"
"github.com/gin-gonic/gin"
)
@@ -21,11 +24,21 @@ func NewAPIController(g *gin.RouterGroup) *APIController {
return a
}
+// checkAPIAuth is a middleware that returns 404 for unauthenticated API requests
+// to hide the existence of API endpoints from unauthorized users
+func (a *APIController) checkAPIAuth(c *gin.Context) {
+ if !session.IsLogin(c) {
+ c.AbortWithStatus(http.StatusNotFound)
+ return
+ }
+ c.Next()
+}
+
// initRouter sets up the API routes for inbounds, server, and other endpoints.
func (a *APIController) initRouter(g *gin.RouterGroup) {
// Main API group
api := g.Group("/panel/api")
- api.Use(a.checkLogin)
+ api.Use(a.checkAPIAuth)
// Inbounds API
inbounds := api.Group("/inbounds")
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-24 22:25:56 +0300