THENG
/
ZLMediaKit
mirror of https://gitcode.com/gh_mirrors/zlme/ZLMediaKit.git
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

修复http文件鉴权bug

This commit is contained in:
xiongziliang 2019-06-14 21:33:41 +08:00
parent 5c3092db51
commit 71f020dabc
1 changed files with 14 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/Http/HttpSession.cpp
View File

@ -383,19 +383,21 @@ inline void HttpSession::canAccessPath(const string &path_in,bool is_dir,const f
//找到了cookie对cookie上锁先 //找到了cookie对cookie上锁先
auto lck = cookie->getLock(); auto lck = cookie->getLock();
auto accessErr = (*cookie)[kAccessErrKey]; auto accessErr = (*cookie)[kAccessErrKey];
if (accessErr.empty() && path.find((*cookie)[kCookiePathKey]) == 0) { if(path.find((*cookie)[kCookiePathKey]) == 0){
//用户有权限访问该目录 //上次cookie是限定本目录
callback("", nullptr); if(accessErr.empty()){
return; //上次鉴权成功
callback("", nullptr);
return;
}
//上次鉴权失败如果url发生变更那么也重新鉴权
if (_parser.Params().empty() || _parser.Params() == cookie->getUid()) {
//url参数未变那么判断无权限访问
callback(accessErr.empty() ? "无权限访问该目录" : accessErr, nullptr);
return;
}
} }
//如果url参数变了或者不是限定本目录那么旧cookie失效重新鉴权
//用户无权限访问,我们看看用户的url参数变了没有
if (_parser.Params().empty() || _parser.Params() == cookie->getUid()) {
//url参数未变那么判断无权限访问
callback(accessErr.empty() ? "无权限访问该目录" : accessErr, nullptr);
return;
}
//如果url参数变了那么旧cookie失效我们重新鉴权
HttpCookieManager::Instance().delCookie(cookie); HttpCookieManager::Instance().delCookie(cookie);
} }