mirror of https://github.com/openspug/spug
F 修复websocket连接认证未应用安全设置的问题
vapao
parent
c9babc0fc6
commit
eae6f0b818
|
|
@ -4,6 +4,7 @@
|
||||||
from django.db import close_old_connections
|
from django.db import close_old_connections
|
||||||
from channels.security.websocket import WebsocketDenier
|
from channels.security.websocket import WebsocketDenier
|
||||||
from apps.account.models import User
|
from apps.account.models import User
|
||||||
|
from apps.setting.utils import AppSetting
|
||||||
from libs.utils import get_request_real_ip
|
from libs.utils import get_request_real_ip
|
||||||
from urllib.parse import parse_qs
|
from urllib.parse import parse_qs
|
||||||
import time
|
import time
|
||||||
|
|
@ -41,8 +42,9 @@ class AuthMiddleware:
|
||||||
token = parse_qs(query_string).get('x-token', [''])[0]
|
token = parse_qs(query_string).get('x-token', [''])[0]
|
||||||
if token and len(token) == 32:
|
if token and len(token) == 32:
|
||||||
user = User.objects.filter(access_token=token).first()
|
user = User.objects.filter(access_token=token).first()
|
||||||
if user and x_real_ip == user.last_ip and user.token_expired >= time.time() and user.is_active:
|
if user and user.token_expired >= time.time() and user.is_active:
|
||||||
scope['user'] = user
|
if x_real_ip == user.last_ip or AppSetting.get_default('bind_ip') is False:
|
||||||
return True, None
|
scope['user'] = user
|
||||||
return False, f'Verify failed: {x_real_ip} <> {user.last_ip if user else None}'
|
return True, None
|
||||||
|
return False, f'Verify failed: {x_real_ip} <> {user.last_ip if user else None}'
|
||||||
return False, 'Token is invalid'
|
return False, 'Token is invalid'
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue