添加 - Login 容器的更安全检查

2025-03-19 16:40:22 +08:00 · 2018-04-21 15:13:42 +08:00 · 2018-04-21 15:13:42 +08:00 · 7e1977a343
commit 7e1977a343
parent 2804feff2b
3 changed files with 15 additions and 3 deletions
--- a/helper/LoginedContainer.js
+++ b/helper/LoginedContainer.js
@ -16,8 +16,11 @@ module.exports.delLogined = (sessionID) => {
 }


-module.exports.isLogined = (sessionID) => {
+module.exports.isLogined = (sessionID, username = null) => {
    if (Logined.hasOwnProperty(sessionID) && Logined[sessionID]) {
+        if (username) {
+            return Logined[sessionID][0] === username;
+        }
        return Logined[sessionID][1];
    }
    return null;
--- a/onlinefs/controller/auth.js
+++ b/onlinefs/controller/auth.js
@ -7,13 +7,22 @@ const userModel = require('../../model/UserModel');
 const permission = require('../../helper/Permission');
 const serverModel = require('../../model/ServerModel');
 const pathm = require("path");
+const loginedContainer = require('../../helper/LoginedContainer');

 //自定义扩展
 router.all('/auth/:servername', (req, res) => {
    let serverName = req.params.servername;
    let userName = req.session['username'];
+
+    //基础检查
    if (!serverName || !userName) {
-        res.send("[ 权限阻止 ] ");
+        res.send("[ 权限阻止 ] 您未登录");
+        return;
+    }
+
+    //统一登录逻辑性检查
+    if (!loginedContainer.isLogined(req.sessionID, userName)) {
+        res.send("[ 权限阻止 ] 您未登录");
        return;
    }

--- a/route/websocket.js
+++ b/route/websocket.js
@ -95,7 +95,7 @@ router.ws('/ws', function (ws, req) {
    username = username.trim();

    //登录逻辑性缺陷检查
-    if (!loginedContainer.isLogined(session_id)) {
+    if (!loginedContainer.isLogined(session_id, username)) {
        MCSERVER.warning('未经过登陆逻辑的用户尝试连接 | 已经阻止', ['用户值:', username, ' 令牌值:', token].join(" "));
        counter.plus('notPermssionCounter');
        ws.close();