amass/ZLMediaKit
1
0
Fork 0
mirror of https://github.com/ZLMediaKit/ZLMediaKit.git synced 2024-11-22 19:00:01 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

修复http文件鉴权bug

Browse Source
This commit is contained in:
xiongziliang 2019-06-14 21:33:41 +08:00
parent 5c3092db51
commit 71f020dabc
1 changed files with 14 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/Http/HttpSession.cpp
View File

@ -383,19 +383,21 @@ inline void HttpSession::canAccessPath(const string &path_in,bool is_dir,const f
//找到了cookie对cookie上锁先
auto lck = cookie->getLock();
auto accessErr = (*cookie)[kAccessErrKey];
if (accessErr.empty() && path.find((*cookie)[kCookiePathKey]) == 0) {
//用户有权限访问该目录
callback("", nullptr);
return;
if(path.find((*cookie)[kCookiePathKey]) == 0){
//上次cookie是限定本目录
if(accessErr.empty()){
//上次鉴权成功
callback("", nullptr);
return;
}
//上次鉴权失败如果url发生变更那么也重新鉴权
if (_parser.Params().empty() || _parser.Params() == cookie->getUid()) {
//url参数未变那么判断无权限访问
callback(accessErr.empty() ? "无权限访问该目录" : accessErr, nullptr);
return;
}
}
//用户无权限访问,我们看看用户的url参数变了没有
if (_parser.Params().empty() || _parser.Params() == cookie->getUid()) {
//url参数未变那么判断无权限访问
callback(accessErr.empty() ? "无权限访问该目录" : accessErr, nullptr);
return;
}
//如果url参数变了那么旧cookie失效我们重新鉴权
//如果url参数变了或者不是限定本目录那么旧cookie失效重新鉴权
HttpCookieManager::Instance().delCookie(cookie);
}