diff --git a/server/WebApi.cpp b/server/WebApi.cpp index 04d69246..11e06ea1 100755 --- a/server/WebApi.cpp +++ b/server/WebApi.cpp @@ -238,11 +238,6 @@ static inline void addHttpListener(){ //该api已被消费 consumed = true; - if (!HttpFileManager::isIPAllowed(sender.get_peer_ip())) { - invoker(403, HttpSession::KeyValue(), "Your ip is not allowed to access the service."); - return; - } - if(api_debug){ auto newInvoker = [invoker, parser](int code, const HttpSession::KeyValue &headerOut, const HttpBody::Ptr &body) { //body默认为空 @@ -593,7 +588,8 @@ void installWebApi() { //获取线程负载 //测试url http://127.0.0.1/index/api/getThreadsLoad - api_regist("/index/api/getThreadsLoad",[](API_ARGS_MAP_ASYNC){ + api_regist("/index/api/getThreadsLoad", [](API_ARGS_MAP_ASYNC) { + CHECK_SECRET(); EventPollerPool::Instance().getExecutorDelay([invoker, headerOut](const vector &vecDelay) { Value val; auto vec = EventPollerPool::Instance().getExecutorLoad(); @@ -611,7 +607,8 @@ void installWebApi() { //获取后台工作线程负载 //测试url http://127.0.0.1/index/api/getWorkThreadsLoad - api_regist("/index/api/getWorkThreadsLoad", [](API_ARGS_MAP_ASYNC){ + api_regist("/index/api/getWorkThreadsLoad", [](API_ARGS_MAP_ASYNC) { + CHECK_SECRET(); WorkThreadPool::Instance().getExecutorDelay([invoker, headerOut](const vector &vecDelay) { Value val; auto vec = WorkThreadPool::Instance().getExecutorLoad(); diff --git a/server/WebApi.h b/server/WebApi.h index d4d557f4..673eca11 100755 --- a/server/WebApi.h +++ b/server/WebApi.h @@ -221,14 +221,21 @@ bool checkArgs(Args &args, const First &first, const KeyTypes &...keys) { throw InvalidArgsException("缺少必要参数:" #__VA_ARGS__); \ } -//检查http参数中是否附带secret密钥的宏,127.0.0.1的ip不检查密钥 +// 检查http参数中是否附带secret密钥的宏,127.0.0.1的ip不检查密钥 +// 同时检测是否在ip白名单内 #define CHECK_SECRET() \ - if(sender.get_peer_ip() != "127.0.0.1"){ \ - CHECK_ARGS("secret"); \ - if(api_secret != allArgs["secret"]){ \ - throw AuthException("secret错误"); \ + do { \ + auto ip = sender.get_peer_ip(); \ + if (!HttpFileManager::isIPAllowed(ip)) { \ + throw AuthException("Your ip is not allowed to access the service."); \ } \ - } + if (ip != "127.0.0.1") { \ + CHECK_ARGS("secret"); \ + if (api_secret != allArgs["secret"]) { \ + throw AuthException("secret错误"); \ + } \ + } \ + } while(false); void installWebApi(); void unInstallWebApi();