fixed ehang-io#347,api is not enabled by default

kiririx · Jan 13, 2020 · 92669a0 · 92669a0
1 parent bee2919
commit 92669a0
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 2 deletions.
diff --git a/conf/nps.conf b/conf/nps.conf
@@ -49,7 +49,8 @@ web_key_file=conf/server.key
 #web_base_url=/nps
 
 #Web API unauthenticated IP address(the len of auth_crypt_key must be 16)
-auth_key=test
+#Remove comments if needed
+#auth_key=test
 auth_crypt_key =1234567812345678
 
 #allow_ports=9001-9009,10001,11000-12000

diff --git a/docs/api.md b/docs/api.md
@@ -1,4 +1,6 @@
 # web api
+
+需要开启请先去掉`nps.conf`中`auth_key`的注释并配置一个合适的密钥
 ## webAPI验证说明
 - 采用auth_key的验证方式
 - 在提交的每个请求后面附带两个参数，`auth_key` 和`timestamp`

diff --git a/web/controllers/base.go b/web/controllers/base.go
@@ -33,10 +33,13 @@ func (s *BaseController) Prepare() {
 	timestamp := s.GetIntNoErr("timestamp")
 	configKey := beego.AppConfig.String("auth_key")
 	timeNowUnix := time.Now().Unix()
-	if !((math.Abs(float64(timeNowUnix-int64(timestamp))) <= 20) && (crypt.Md5(configKey+strconv.Itoa(timestamp)) == md5Key)) {
+	if !(md5Key!="" && (math.Abs(float64(timeNowUnix-int64(timestamp))) <= 20) && (crypt.Md5(configKey+strconv.Itoa(timestamp)) == md5Key)) {
 		if s.GetSession("auth") != true {
 			s.Redirect(beego.AppConfig.String("web_base_url")+"/login/index", 302)
 		}
+	}else {
+		s.SetSession("isAdmin",true)
+		s.Data["isAdmin"] = true
 	}
 	if s.GetSession("isAdmin") != nil && !s.GetSession("isAdmin").(bool) {
 		s.Ctx.Input.SetData("client_id", s.GetSession("clientId").(int))