THENG
/
ZLMediaKit
mirror of https://gitcode.com/gh_mirrors/zlme/ZLMediaKit.git
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

完善http文件访问鉴权逻辑

This commit is contained in:
xiongziliang 2019-09-11 16:37:49 +08:00
parent 8fe876c0ef
commit 96aa687fea
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/Http/HttpSession.cpp
View File

@ -391,9 +391,12 @@ inline void HttpSession::canAccessPath(const string &path_in,bool is_dir,const f
auto uid = getClientUid(); auto uid = getClientUid();
//先根据http头中的cookie字段获取cookie //先根据http头中的cookie字段获取cookie
HttpServerCookie::Ptr cookie = HttpCookieManager::Instance().getCookie(kCookieName, _parser.getValues()); HttpServerCookie::Ptr cookie = HttpCookieManager::Instance().getCookie(kCookieName, _parser.getValues());
//如果不是从http头中找到的cookie,我们让http客户端设置下cookie
bool cookie_from_header = true;
if(!cookie){ if(!cookie){
//客户端请求中无cookie,再根据该用户的用户id获取cookie //客户端请求中无cookie,再根据该用户的用户id获取cookie
cookie = HttpCookieManager::Instance().getCookieByUid(kCookieName, uid); cookie = HttpCookieManager::Instance().getCookieByUid(kCookieName, uid);
cookie_from_header = false;
} }
if(cookie){ if(cookie){
@ -405,13 +408,13 @@ inline void HttpSession::canAccessPath(const string &path_in,bool is_dir,const f
//上次cookie是限定本目录 //上次cookie是限定本目录
if(accessErr.empty()){ if(accessErr.empty()){
//上次鉴权成功 //上次鉴权成功
callback("", nullptr); callback("", cookie_from_header ? nullptr : cookie);
return; return;
} }
//上次鉴权失败,如果url发生变更那么也重新鉴权 //上次鉴权失败,但是如果url参数发生变更,那么也重新鉴权
if (_parser.Params().empty() || _parser.Params() == cookie->getUid()) { if (_parser.Params().empty() || _parser.Params() == cookie->getUid()) {
//url参数未变那么判断无权限访问 //url参数未变或者本来就没有url参数那么判断本次请求为重复请求,无访问权限
callback(accessErr.empty() ? "无权限访问该目录" : accessErr, nullptr); callback(accessErr, cookie_from_header ? nullptr : cookie);
return; return;
} }
} }