ip白名单机制只对需要secret校验的http api生效

This commit is contained in:
xia-chu 2023-07-26 17:18:33 +08:00
parent 22e3872cd4
commit e81efec96e
2 changed files with 17 additions and 13 deletions

View File

@ -238,11 +238,6 @@ static inline void addHttpListener(){
//该api已被消费 //该api已被消费
consumed = true; consumed = true;
if (!HttpFileManager::isIPAllowed(sender.get_peer_ip())) {
invoker(403, HttpSession::KeyValue(), "Your ip is not allowed to access the service.");
return;
}
if(api_debug){ if(api_debug){
auto newInvoker = [invoker, parser](int code, const HttpSession::KeyValue &headerOut, const HttpBody::Ptr &body) { auto newInvoker = [invoker, parser](int code, const HttpSession::KeyValue &headerOut, const HttpBody::Ptr &body) {
//body默认为空 //body默认为空
@ -593,7 +588,8 @@ void installWebApi() {
//获取线程负载 //获取线程负载
//测试url http://127.0.0.1/index/api/getThreadsLoad //测试url http://127.0.0.1/index/api/getThreadsLoad
api_regist("/index/api/getThreadsLoad",[](API_ARGS_MAP_ASYNC){ api_regist("/index/api/getThreadsLoad", [](API_ARGS_MAP_ASYNC) {
CHECK_SECRET();
EventPollerPool::Instance().getExecutorDelay([invoker, headerOut](const vector<int> &vecDelay) { EventPollerPool::Instance().getExecutorDelay([invoker, headerOut](const vector<int> &vecDelay) {
Value val; Value val;
auto vec = EventPollerPool::Instance().getExecutorLoad(); auto vec = EventPollerPool::Instance().getExecutorLoad();
@ -611,7 +607,8 @@ void installWebApi() {
//获取后台工作线程负载 //获取后台工作线程负载
//测试url http://127.0.0.1/index/api/getWorkThreadsLoad //测试url http://127.0.0.1/index/api/getWorkThreadsLoad
api_regist("/index/api/getWorkThreadsLoad", [](API_ARGS_MAP_ASYNC){ api_regist("/index/api/getWorkThreadsLoad", [](API_ARGS_MAP_ASYNC) {
CHECK_SECRET();
WorkThreadPool::Instance().getExecutorDelay([invoker, headerOut](const vector<int> &vecDelay) { WorkThreadPool::Instance().getExecutorDelay([invoker, headerOut](const vector<int> &vecDelay) {
Value val; Value val;
auto vec = WorkThreadPool::Instance().getExecutorLoad(); auto vec = WorkThreadPool::Instance().getExecutorLoad();

View File

@ -221,14 +221,21 @@ bool checkArgs(Args &args, const First &first, const KeyTypes &...keys) {
throw InvalidArgsException("缺少必要参数:" #__VA_ARGS__); \ throw InvalidArgsException("缺少必要参数:" #__VA_ARGS__); \
} }
//检查http参数中是否附带secret密钥的宏127.0.0.1的ip不检查密钥 // 检查http参数中是否附带secret密钥的宏127.0.0.1的ip不检查密钥
// 同时检测是否在ip白名单内
#define CHECK_SECRET() \ #define CHECK_SECRET() \
if(sender.get_peer_ip() != "127.0.0.1"){ \ do { \
CHECK_ARGS("secret"); \ auto ip = sender.get_peer_ip(); \
if(api_secret != allArgs["secret"]){ \ if (!HttpFileManager::isIPAllowed(ip)) { \
throw AuthException("secret错误"); \ throw AuthException("Your ip is not allowed to access the service."); \
} \ } \
} if (ip != "127.0.0.1") { \
CHECK_ARGS("secret"); \
if (api_secret != allArgs["secret"]) { \
throw AuthException("secret错误"); \
} \
} \
} while(false);
void installWebApi(); void installWebApi();
void unInstallWebApi(); void unInstallWebApi();