Mirror/ZLMediaKit
1
0
Fork 0
mirror of https://github.com/ZLMediaKit/ZLMediaKit.git synced 2026-06-20 23:32:22 +08:00
Code Issues Packages Projects Releases Wiki Activity

新增cookie登录鉴权模式,避免secret硬编码鉴权安全缺陷

Browse Source
This commit is contained in:
xia-chu
2026-02-19 22:56:23 +08:00
parent 22dede5a18
commit 3a35144243
8 changed files with 201 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
server/pyinvoker.cpp
View File

@@ -123,18 +123,25 @@ void handle_http_request(const py::object &check_route, const py::object &submit
}
consumed = true;
Json::Value val;
HttpSession::KeyValue headerOut;
// http api被python拦截了再api统一鉴权
try {
auto args = getAllArgs(parser);
auto allArgs = ArgsMap(parser, args);
GET_CONFIG(std::string, api_secret, API::kSecret);
// TODO python http api暂不开启secret鉴权
// CHECK_SECRET(); // 检测secret
GET_CONFIG(bool, legacy_auth , API::kLegacyAuth);
if (!legacy_auth) {
// 非传统secret鉴权模式Python接口强制要求登录鉴权
CHECK_SECRET();
}
} catch (std::exception &ex) {
Json::Value val;
val["code"] = API::Exception;
auto ex1 = dynamic_cast<ApiRetException *>(&ex);
if (ex1) {
val["code"] = ex1->code();
} else {
val["code"] = API::Exception;
}
val["msg"] = ex.what();
HttpSession::KeyValue headerOut;
headerOut["Content-Type"] = "application/json";
invoker(200, headerOut, val.toStyledString());
return;