提交 5e578f0e 编写于 作者: C chenruilong

fix(uni-id-co): 修复URL签名校验逻辑

上级 25308acd
......@@ -2,17 +2,24 @@ const crypto = require('crypto')
const { ERROR } = require('../common/error')
const needSignFunctions = new Set([
'externalRegister',
'externalLogin'
'externalLogin',
'updateUserInfoByExternal'
])
module.exports = function () {
const methodName = this.getMethodName()
const { source } = this.getUniversalClientInfo()
// 非 HTTP 方式请求不需要鉴权
if (source !== 'http') return
// 指定接口需要鉴权
if (!needSignFunctions.has(methodName)) return
// 非 HTTP 方式请求拒绝访问
if (source !== 'http') {
throw {
errCode: ERROR.ILLEGAL_REQUEST
}
}
const timeout = 20 * 1000 // 请求超过20秒不能再请求,防止重放攻击
const { headers, body: _body } = this.getHttpInfo()
const { 'uni-id-nonce': nonce, 'uni-id-timestamp': timestamp, 'uni-id-signature': signature } = headers
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册