From 66648d9a1f0e85f3be8b9e12dabd7d37097c0fb8 Mon Sep 17 00:00:00 2001 From: zgbsm Date: Sat, 6 Aug 2022 14:07:49 +0800 Subject: [PATCH] fix: unauthorized access due to 'web api' enabled by defalut --- web/controllers/base.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/web/controllers/base.go b/web/controllers/base.go index d1cd799..d50d04a 100755 --- a/web/controllers/base.go +++ b/web/controllers/base.go @@ -33,6 +33,9 @@ func (s *BaseController) Prepare() { timestamp := s.GetIntNoErr("timestamp") configKey := beego.AppConfig.String("auth_key") timeNowUnix := time.Now().Unix() + if configKey == "" { + configKey = crypt.GetRandomString(128) + } if !(md5Key != "" && (math.Abs(float64(timeNowUnix-int64(timestamp))) <= 20) && (crypt.Md5(configKey+strconv.Itoa(timestamp)) == md5Key)) { if s.GetSession("auth") != true { s.Redirect(beego.AppConfig.String("web_base_url")+"/login/index", 302)