From efa341c7e8f283591ad7dfd0ff618a6024a9d07c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=88=98=E6=B2=B3?= Date: Wed, 20 Mar 2019 13:47:25 +0800 Subject: [PATCH] web api --- README.md | 6 +++++- lib/file/file.go | 2 +- web/controllers/base.go | 3 ++- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 943ce55..024649c 100644 --- a/README.md +++ b/README.md @@ -1761,7 +1761,11 @@ auth_key的生成方式为:md5(配置文件中的auth_key+当前时间戳) ``` timestamp为当前时间戳 ``` - +``` +curl --request POST \ + --url http://127.0.0.1:8080/client/list \ + --data 'auth_key=2a0000d9229e7dbcf79dd0f5e04bb084×tamp=1553045344&start=0&limit=10' +``` **注意:** 为保证安全,时间戳的有效范围为20秒内,所以每次提交请求必须重新生成。 ### 获取服务端authKey diff --git a/lib/file/file.go b/lib/file/file.go index e5de93f..113f01c 100644 --- a/lib/file/file.go +++ b/lib/file/file.go @@ -561,7 +561,7 @@ func (s *Csv) GetInfoByHost(host string, r *http.Request) (h *Host, err error) { v.Location = "/" } if strings.Index(r.RequestURI, v.Location) == 0 { - if h == nil || (len(v.Location) < len(h.Location)) { + if h == nil || (len(v.Location) > len(h.Location)) { h = v } } diff --git a/web/controllers/base.go b/web/controllers/base.go index 78e2dec..121e9b4 100755 --- a/web/controllers/base.go +++ b/web/controllers/base.go @@ -27,7 +27,8 @@ func (s *BaseController) Prepare() { md5Key := s.GetString("auth_key") timestamp := s.GetIntNoErr("timestamp") configKey := beego.AppConfig.String("auth_key") - if !(time.Now().Unix()-int64(timestamp) <= 20 && time.Now().Unix()-int64(timestamp) >= -20 && crypt.Md5(configKey+strconv.Itoa(timestamp)) == md5Key) { + timeNowUnix := time.Now().Unix() + if !(((timeNowUnix - int64(timestamp)) <= 20) && ((timeNowUnix - int64(timestamp)) >= -20) && (crypt.Md5(configKey+strconv.Itoa(timestamp)) == md5Key)) { if s.GetSession("auth") != true { s.Redirect("/login/index", 302) }