ip白名单机制只对需要secret校验的http api生效

This commit is contained in:
xia-chu
2023-07-26 17:18:33 +08:00
parent 22e3872cd4
commit e81efec96e
2 changed files with 17 additions and 13 deletions

View File

@@ -221,14 +221,21 @@ bool checkArgs(Args &args, const First &first, const KeyTypes &...keys) {
throw InvalidArgsException("缺少必要参数:" #__VA_ARGS__); \
}
//检查http参数中是否附带secret密钥的宏127.0.0.1的ip不检查密钥
// 检查http参数中是否附带secret密钥的宏127.0.0.1的ip不检查密钥
// 同时检测是否在ip白名单内
#define CHECK_SECRET() \
if(sender.get_peer_ip() != "127.0.0.1"){ \
CHECK_ARGS("secret"); \
if(api_secret != allArgs["secret"]){ \
throw AuthException("secret错误"); \
do { \
auto ip = sender.get_peer_ip(); \
if (!HttpFileManager::isIPAllowed(ip)) { \
throw AuthException("Your ip is not allowed to access the service."); \
} \
}
if (ip != "127.0.0.1") { \
CHECK_ARGS("secret"); \
if (api_secret != allArgs["secret"]) { \
throw AuthException("secret错误"); \
} \
} \
} while(false);
void installWebApi();
void unInstallWebApi();