ip白名单机制只对需要secret校验的http api生效

This commit is contained in:
xia-chu 2023-07-26 17:18:33 +08:00
parent 22e3872cd4
commit e81efec96e
2 changed files with 17 additions and 13 deletions

View File

@ -238,11 +238,6 @@ static inline void addHttpListener(){
//该api已被消费
consumed = true;
if (!HttpFileManager::isIPAllowed(sender.get_peer_ip())) {
invoker(403, HttpSession::KeyValue(), "Your ip is not allowed to access the service.");
return;
}
if(api_debug){
auto newInvoker = [invoker, parser](int code, const HttpSession::KeyValue &headerOut, const HttpBody::Ptr &body) {
//body默认为空
@ -594,6 +589,7 @@ void installWebApi() {
//获取线程负载
//测试url http://127.0.0.1/index/api/getThreadsLoad
api_regist("/index/api/getThreadsLoad", [](API_ARGS_MAP_ASYNC) {
CHECK_SECRET();
EventPollerPool::Instance().getExecutorDelay([invoker, headerOut](const vector<int> &vecDelay) {
Value val;
auto vec = EventPollerPool::Instance().getExecutorLoad();
@ -612,6 +608,7 @@ void installWebApi() {
//获取后台工作线程负载
//测试url http://127.0.0.1/index/api/getWorkThreadsLoad
api_regist("/index/api/getWorkThreadsLoad", [](API_ARGS_MAP_ASYNC) {
CHECK_SECRET();
WorkThreadPool::Instance().getExecutorDelay([invoker, headerOut](const vector<int> &vecDelay) {
Value val;
auto vec = WorkThreadPool::Instance().getExecutorLoad();

View File

@ -222,13 +222,20 @@ bool checkArgs(Args &args, const First &first, const KeyTypes &...keys) {
}
// 检查http参数中是否附带secret密钥的宏127.0.0.1的ip不检查密钥
// 同时检测是否在ip白名单内
#define CHECK_SECRET() \
if(sender.get_peer_ip() != "127.0.0.1"){ \
do { \
auto ip = sender.get_peer_ip(); \
if (!HttpFileManager::isIPAllowed(ip)) { \
throw AuthException("Your ip is not allowed to access the service."); \
} \
if (ip != "127.0.0.1") { \
CHECK_ARGS("secret"); \
if (api_secret != allArgs["secret"]) { \
throw AuthException("secret错误"); \
} \
}
} \
} while(false);
void installWebApi();
void unInstallWebApi();