fix: unauthorized access due to 'web api' enabled by defalut

pull/1091/head
zgbsm 2022-08-06 14:07:49 +08:00
parent ab648d6f0c
commit 66648d9a1f
1 changed files with 3 additions and 0 deletions

View File

@ -33,6 +33,9 @@ func (s *BaseController) Prepare() {
timestamp := s.GetIntNoErr("timestamp")
configKey := beego.AppConfig.String("auth_key")
timeNowUnix := time.Now().Unix()
if configKey == "" {
configKey = crypt.GetRandomString(128)
}
if !(md5Key != "" && (math.Abs(float64(timeNowUnix-int64(timestamp))) <= 20) && (crypt.Md5(configKey+strconv.Itoa(timestamp)) == md5Key)) {
if s.GetSession("auth") != true {
s.Redirect(beego.AppConfig.String("web_base_url")+"/login/index", 302)