From 92669a0335ded41a69eec5e33784c454aa0b32ca Mon Sep 17 00:00:00 2001 From: cnlh Date: Mon, 13 Jan 2020 17:29:25 +0800 Subject: [PATCH] fixed #347,api is not enabled by default --- conf/nps.conf | 3 ++- docs/api.md | 2 ++ web/controllers/base.go | 5 ++++- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/conf/nps.conf b/conf/nps.conf index 01f3e278..6aee0005 100755 --- a/conf/nps.conf +++ b/conf/nps.conf @@ -49,7 +49,8 @@ web_key_file=conf/server.key #web_base_url=/nps #Web API unauthenticated IP address(the len of auth_crypt_key must be 16) -auth_key=test +#Remove comments if needed +#auth_key=test auth_crypt_key =1234567812345678 #allow_ports=9001-9009,10001,11000-12000 diff --git a/docs/api.md b/docs/api.md index 0357838a..f4c6b9a8 100644 --- a/docs/api.md +++ b/docs/api.md @@ -1,4 +1,6 @@ # web api + +需要开启请先去掉`nps.conf`中`auth_key`的注释并配置一个合适的密钥 ## webAPI验证说明 - 采用auth_key的验证方式 - 在提交的每个请求后面附带两个参数,`auth_key` 和`timestamp` diff --git a/web/controllers/base.go b/web/controllers/base.go index 426692f4..cf4da6ac 100755 --- a/web/controllers/base.go +++ b/web/controllers/base.go @@ -33,10 +33,13 @@ func (s *BaseController) Prepare() { timestamp := s.GetIntNoErr("timestamp") configKey := beego.AppConfig.String("auth_key") timeNowUnix := time.Now().Unix() - if !((math.Abs(float64(timeNowUnix-int64(timestamp))) <= 20) && (crypt.Md5(configKey+strconv.Itoa(timestamp)) == md5Key)) { + if !(md5Key!="" && (math.Abs(float64(timeNowUnix-int64(timestamp))) <= 20) && (crypt.Md5(configKey+strconv.Itoa(timestamp)) == md5Key)) { if s.GetSession("auth") != true { s.Redirect(beego.AppConfig.String("web_base_url")+"/login/index", 302) } + }else { + s.SetSession("isAdmin",true) + s.Data["isAdmin"] = true } if s.GetSession("isAdmin") != nil && !s.GetSession("isAdmin").(bool) { s.Ctx.Input.SetData("client_id", s.GetSession("clientId").(int))