web api

2019-03-20 13:47:25 +08:00 · 2019-03-20 13:47:25 +08:00 · efa341c7e8
parent f43942413e
commit efa341c7e8
3 changed files with 8 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -1761,7 +1761,11 @@ auth_key的生成方式为：md5(配置文件中的auth_key+当前时间戳)
 ```
 timestamp为当前时间戳
 ```
-
+```
+curl --request POST \
+  --url http://127.0.0.1:8080/client/list \
+  --data 'auth_key=2a0000d9229e7dbcf79dd0f5e04bb084&timestamp=1553045344&start=0&limit=10'
+```
 **注意：** 为保证安全，时间戳的有效范围为20秒内，所以每次提交请求必须重新生成。

 ### 获取服务端authKey
--- a/lib/file/file.go
+++ b/lib/file/file.go
@ -561,7 +561,7 @@ func (s *Csv) GetInfoByHost(host string, r *http.Request) (h *Host, err error) {
 			v.Location = "/"
 		}
 		if strings.Index(r.RequestURI, v.Location) == 0 {
-			if h == nil || (len(v.Location) < len(h.Location)) {
+			if h == nil || (len(v.Location) > len(h.Location)) {
 				h = v
 			}
 		}
--- a/web/controllers/base.go
+++ b/web/controllers/base.go
@ -27,7 +27,8 @@ func (s *BaseController) Prepare() {
 	md5Key := s.GetString("auth_key")
 	timestamp := s.GetIntNoErr("timestamp")
 	configKey := beego.AppConfig.String("auth_key")
-	if !(time.Now().Unix()-int64(timestamp) <= 20 && time.Now().Unix()-int64(timestamp) >= -20 && crypt.Md5(configKey+strconv.Itoa(timestamp)) == md5Key) {
+	timeNowUnix := time.Now().Unix()
+	if !(((timeNowUnix - int64(timestamp)) <= 20) && ((timeNowUnix - int64(timestamp)) >= -20) && (crypt.Md5(configKey+strconv.Itoa(timestamp)) == md5Key)) {
 		if s.GetSession("auth") != true {
 			s.Redirect("/login/index", 302)
 		}