fix: 修改管理端的请求api端的CSRF逻辑：

需要 x-csrf-token header 需要 csrf_token cookie 两者必须一致，且是有效的JWT（包含 exp 和 sub=user_id）
2026-06-12 18:11:42 +08:00 · 2026-01-22 15:30:36 +08:00
parent 9ed0d7c891
commit 7ba4db8888
23 changed files with 1016 additions and 354 deletions
@@ -9,6 +9,8 @@ require (
 	github.com/aws/aws-sdk-go v1.55.5
 	github.com/casbin/casbin/v2 v2.100.0
 	github.com/casbin/gorm-adapter/v3 v3.28.0
+	github.com/faabiosr/cachego v0.15.0
+	github.com/fastwego/dingding v1.0.0-beta.4
 	github.com/fsnotify/fsnotify v1.7.0
 	github.com/fvbock/endless v0.0.0-20170109170031-447134032cb6
 	github.com/gin-gonic/gin v1.10.0
@@ -79,8 +81,6 @@ require (
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/elastic/go-sysinfo v1.14.2 // indirect
 	github.com/elastic/go-windows v1.0.2 // indirect
-	github.com/faabiosr/cachego v0.15.0 // indirect
-	github.com/fastwego/dingding v1.0.0-beta.4 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.6 // indirect
 	github.com/gammazero/toposort v0.1.1 // indirect
 	github.com/gin-contrib/sse v0.1.0 // indirect