ip白名单机制只对需要secret校验的http api生效

2024-11-22 19:00:01 +08:00 · 2023-07-26 17:18:33 +08:00 · 2023-07-26 17:18:33 +08:00 · e81efec96e
commit e81efec96e
parent 22e3872cd4
2 changed files with 17 additions and 13 deletions
--- a/server/WebApi.cpp
+++ b/server/WebApi.cpp
@ -238,11 +238,6 @@ static inline void addHttpListener(){
        //该api已被消费
        consumed = true;

-        if (!HttpFileManager::isIPAllowed(sender.get_peer_ip())) {
-            invoker(403, HttpSession::KeyValue(), "Your ip is not allowed to access the service.");
-            return;
-        }
-
        if(api_debug){
            auto newInvoker = [invoker, parser](int code, const HttpSession::KeyValue &headerOut, const HttpBody::Ptr &body) {
                //body默认为空
@ -593,7 +588,8 @@ void installWebApi() {

    //获取线程负载
    //测试url http://127.0.0.1/index/api/getThreadsLoad
-    api_regist("/index/api/getThreadsLoad",[](API_ARGS_MAP_ASYNC){
+    api_regist("/index/api/getThreadsLoad", [](API_ARGS_MAP_ASYNC) {
+        CHECK_SECRET();
        EventPollerPool::Instance().getExecutorDelay([invoker, headerOut](const vector<int> &vecDelay) {
            Value val;
            auto vec = EventPollerPool::Instance().getExecutorLoad();
@ -611,7 +607,8 @@ void installWebApi() {

    //获取后台工作线程负载
    //测试url http://127.0.0.1/index/api/getWorkThreadsLoad
-    api_regist("/index/api/getWorkThreadsLoad", [](API_ARGS_MAP_ASYNC){
+    api_regist("/index/api/getWorkThreadsLoad", [](API_ARGS_MAP_ASYNC) {
+        CHECK_SECRET();
        WorkThreadPool::Instance().getExecutorDelay([invoker, headerOut](const vector<int> &vecDelay) {
            Value val;
            auto vec = WorkThreadPool::Instance().getExecutorLoad();
--- a/server/WebApi.h
+++ b/server/WebApi.h
@ -221,14 +221,21 @@ bool checkArgs(Args &args, const First &first, const KeyTypes &...keys) {
        throw InvalidArgsException("缺少必要参数:" #__VA_ARGS__); \
    }

-//检查http参数中是否附带secret密钥的宏，127.0.0.1的ip不检查密钥
+// 检查http参数中是否附带secret密钥的宏，127.0.0.1的ip不检查密钥
+// 同时检测是否在ip白名单内
 #define CHECK_SECRET() \
-    if(sender.get_peer_ip() != "127.0.0.1"){ \
-        CHECK_ARGS("secret"); \
-        if(api_secret != allArgs["secret"]){ \
-            throw AuthException("secret错误"); \
+    do { \
+        auto ip = sender.get_peer_ip(); \
+        if (!HttpFileManager::isIPAllowed(ip)) { \
+            throw AuthException("Your ip is not allowed to access the service."); \
        } \
-    }
+        if (ip != "127.0.0.1") { \
+            CHECK_ARGS("secret"); \
+            if (api_secret != allArgs["secret"]) { \
+                throw AuthException("secret错误"); \
+            } \
+        } \
+    } while(false);

 void installWebApi();
 void unInstallWebApi();