mirror of https://github.com/ehang-io/nps
fix: unauthorized access due to 'web api' enabled by defalut
parent
ab648d6f0c
commit
66648d9a1f
|
@ -33,6 +33,9 @@ func (s *BaseController) Prepare() {
|
|||
timestamp := s.GetIntNoErr("timestamp")
|
||||
configKey := beego.AppConfig.String("auth_key")
|
||||
timeNowUnix := time.Now().Unix()
|
||||
if configKey == "" {
|
||||
configKey = crypt.GetRandomString(128)
|
||||
}
|
||||
if !(md5Key != "" && (math.Abs(float64(timeNowUnix-int64(timestamp))) <= 20) && (crypt.Md5(configKey+strconv.Itoa(timestamp)) == md5Key)) {
|
||||
if s.GetSession("auth") != true {
|
||||
s.Redirect(beego.AppConfig.String("web_base_url")+"/login/index", 302)
|
||||
|
|
Loading…
Reference in New Issue