github
/
spug
mirror of https://github.com/openspug/spug
1
0
Fork 0
Code Issues Releases Wiki Activity

F 修复websocket连接认证未应用安全设置的问题

pull/462/head
vapao 2022-02-18 09:28:46 +08:00
parent c9babc0fc6
commit eae6f0b818
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
spug_api/consumer/middleware.py
View File

@ -4,6 +4,7 @@
from django.db import close_old_connections
from channels.security.websocket import WebsocketDenier
from apps.account.models import User
from apps.setting.utils import AppSetting
from libs.utils import get_request_real_ip
from urllib.parse import parse_qs
import time
@ -41,7 +42,8 @@ class AuthMiddleware:
token = parse_qs(query_string).get('x-token', [''])[0]
if token and len(token) == 32:
user = User.objects.filter(access_token=token).first()
if user and x_real_ip == user.last_ip and user.token_expired >= time.time() and user.is_active:
if user and user.token_expired >= time.time() and user.is_active:
if x_real_ip == user.last_ip or AppSetting.get_default('bind_ip') is False:
scope['user'] = user
return True, None
return False, f'Verify failed: {x_real_ip} <> {user.last_ip if user else None}'