fix: unauthorized access due to 'web api' enabled by defalut

2022-08-06 14:07:49 +08:00 · 2022-08-06 14:07:49 +08:00 · 66648d9a1f
parent ab648d6f0c
commit 66648d9a1f
1 changed files with 3 additions and 0 deletions
--- a/web/controllers/base.go
+++ b/web/controllers/base.go
@ -33,6 +33,9 @@ func (s *BaseController) Prepare() {
 	timestamp := s.GetIntNoErr("timestamp")
 	configKey := beego.AppConfig.String("auth_key")
 	timeNowUnix := time.Now().Unix()
+	if configKey == "" {
+		configKey = crypt.GetRandomString(128)
+	}
 	if !(md5Key != "" && (math.Abs(float64(timeNowUnix-int64(timestamp))) <= 20) && (crypt.Md5(configKey+strconv.Itoa(timestamp)) == md5Key)) {
 		if s.GetSession("auth") != true {
 			s.Redirect(beego.AppConfig.String("web_base_url")+"/login/index", 302)