From 2bcbff09b0ca45b169bf798426eddc738906f87d Mon Sep 17 00:00:00 2001
From: xia-chu <771730766@qq.com>
Date: Thu, 27 Jul 2023 15:51:07 +0800
Subject: [PATCH] =?UTF-8?q?web=20hook=E4=B8=8D=E5=86=8D=E7=9B=B4=E6=8E=A5?=
 =?UTF-8?q?=E6=94=BE=E8=A1=8C=E6=9D=A5=E8=87=AA127.0.0.1=E6=92=AD=E6=94=BE?=
 =?UTF-8?q?=E9=89=B4=E6=9D=83=E8=AF=B7=E6=B1=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

防止代理越过鉴权
---
 server/WebHook.cpp | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/server/WebHook.cpp b/server/WebHook.cpp
index 23fd7c4a..a3c8b71e 100755
--- a/server/WebHook.cpp
+++ b/server/WebHook.cpp
@@ -332,7 +332,7 @@ void installWebHook() {
 
     NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastMediaPublish, [](BroadcastMediaPublishArgs) {
         GET_CONFIG(string, hook_publish, Hook::kOnPublish);
-        if (!hook_enable || hook_publish.empty() || sender.get_peer_ip() == "127.0.0.1") {
+        if (!hook_enable || hook_publish.empty()) {
             invoker("", ProtocolOption());
             return;
         }
@@ -357,7 +357,7 @@ void installWebHook() {
 
     NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastMediaPlayed, [](BroadcastMediaPlayedArgs) {
         GET_CONFIG(string, hook_play, Hook::kOnPlay);
-        if (!hook_enable || hook_play.empty() || sender.get_peer_ip() == "127.0.0.1") {
+        if (!hook_enable || hook_play.empty()) {
             invoker("");
             return;
         }
@@ -371,7 +371,7 @@ void installWebHook() {
 
     NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastFlowReport, [](BroadcastFlowReportArgs) {
         GET_CONFIG(string, hook_flowreport, Hook::kOnFlowReport);
-        if (!hook_enable || hook_flowreport.empty() || sender.get_peer_ip() == "127.0.0.1") {
+        if (!hook_enable || hook_flowreport.empty()) {
             return;
         }
         auto body = make_json(args);
@@ -390,7 +390,7 @@ void installWebHook() {
     // 监听kBroadcastOnGetRtspRealm事件决定rtsp链接是否需要鉴权(传统的rtsp鉴权方案)才能访问
     NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastOnGetRtspRealm, [](BroadcastOnGetRtspRealmArgs) {
         GET_CONFIG(string, hook_rtsp_realm, Hook::kOnRtspRealm);
-        if (!hook_enable || hook_rtsp_realm.empty() || sender.get_peer_ip() == "127.0.0.1") {
+        if (!hook_enable || hook_rtsp_realm.empty()) {
             // 无需认证
             invoker("");
             return;
@@ -539,7 +539,7 @@ void installWebHook() {
 
     NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastShellLogin, [](BroadcastShellLoginArgs) {
         GET_CONFIG(string, hook_shell_login, Hook::kOnShellLogin);
-        if (!hook_enable || hook_shell_login.empty() || sender.get_peer_ip() == "127.0.0.1") {
+        if (!hook_enable || hook_shell_login.empty()) {
             invoker("");
             return;
         }
@@ -617,11 +617,6 @@ void installWebHook() {
     // 追踪用户的目的是为了缓存上次鉴权结果，减少鉴权次数，提高性能
     NoticeCenter::Instance().addListener(&web_hook_tag, Broadcast::kBroadcastHttpAccess, [](BroadcastHttpAccessArgs) {
         GET_CONFIG(string, hook_http_access, Hook::kOnHttpAccess);
-        if (sender.get_peer_ip() == "127.0.0.1") {
-            // 如果是本机或超级管理员访问，那么不做访问鉴权；权限有效期1个小时
-            invoker("", "", 60 * 60);
-            return;
-        }
         if (!hook_enable || hook_http_access.empty()) {
             // 未开启http文件访问鉴权，那么允许访问，但是每次访问都要鉴权；
             // 因为后续随时都可能开启鉴权(重载配置文件后可能重新开启鉴权)