THENG
/
ZLMediaKit
mirror of https://gitcode.com/gh_mirrors/zlme/ZLMediaKit.git
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ip白名单机制只对需要secret校验的http api生效

This commit is contained in:
xia-chu 2023-07-26 17:18:33 +08:00
parent 22e3872cd4
commit e81efec96e
2 changed files with 17 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
server/WebApi.cpp
View File

@ -238,11 +238,6 @@ static inline void addHttpListener(){
//该api已被消费 //该api已被消费
consumed = true; consumed = true;
if (!HttpFileManager::isIPAllowed(sender.get_peer_ip())) {
invoker(403, HttpSession::KeyValue(), "Your ip is not allowed to access the service.");
return;
}
if(api_debug){ if(api_debug){
auto newInvoker = [invoker, parser](int code, const HttpSession::KeyValue &headerOut, const HttpBody::Ptr &body) { auto newInvoker = [invoker, parser](int code, const HttpSession::KeyValue &headerOut, const HttpBody::Ptr &body) {
//body默认为空 //body默认为空
@ -594,6 +589,7 @@ void installWebApi() {
//获取线程负载 //获取线程负载
//测试url http://127.0.0.1/index/api/getThreadsLoad //测试url http://127.0.0.1/index/api/getThreadsLoad
api_regist("/index/api/getThreadsLoad", [](API_ARGS_MAP_ASYNC) { api_regist("/index/api/getThreadsLoad", [](API_ARGS_MAP_ASYNC) {
CHECK_SECRET();
EventPollerPool::Instance().getExecutorDelay([invoker, headerOut](const vector<int> &vecDelay) { EventPollerPool::Instance().getExecutorDelay([invoker, headerOut](const vector<int> &vecDelay) {
Value val; Value val;
auto vec = EventPollerPool::Instance().getExecutorLoad(); auto vec = EventPollerPool::Instance().getExecutorLoad();
@ -612,6 +608,7 @@ void installWebApi() {
//获取后台工作线程负载 //获取后台工作线程负载
//测试url http://127.0.0.1/index/api/getWorkThreadsLoad //测试url http://127.0.0.1/index/api/getWorkThreadsLoad
api_regist("/index/api/getWorkThreadsLoad", [](API_ARGS_MAP_ASYNC) { api_regist("/index/api/getWorkThreadsLoad", [](API_ARGS_MAP_ASYNC) {
CHECK_SECRET();
WorkThreadPool::Instance().getExecutorDelay([invoker, headerOut](const vector<int> &vecDelay) { WorkThreadPool::Instance().getExecutorDelay([invoker, headerOut](const vector<int> &vecDelay) {
Value val; Value val;
auto vec = WorkThreadPool::Instance().getExecutorLoad(); auto vec = WorkThreadPool::Instance().getExecutorLoad();

11
server/WebApi.h
View File

@ -222,13 +222,20 @@ bool checkArgs(Args &args, const First &first, const KeyTypes &...keys) {
} }
// 检查http参数中是否附带secret密钥的宏127.0.0.1的ip不检查密钥 // 检查http参数中是否附带secret密钥的宏127.0.0.1的ip不检查密钥
// 同时检测是否在ip白名单内
#define CHECK_SECRET() \ #define CHECK_SECRET() \
if(sender.get_peer_ip() != "127.0.0.1"){ \ do { \
auto ip = sender.get_peer_ip(); \
if (!HttpFileManager::isIPAllowed(ip)) { \
throw AuthException("Your ip is not allowed to access the service."); \
} \
if (ip != "127.0.0.1") { \
CHECK_ARGS("secret"); \ CHECK_ARGS("secret"); \
if (api_secret != allArgs["secret"]) { \ if (api_secret != allArgs["secret"]) { \
throw AuthException("secret错误"); \ throw AuthException("secret错误"); \
} \ } \
} } \
} while(false);
void installWebApi(); void installWebApi();
void unInstallWebApi(); void unInstallWebApi();