From f1e775b13029f268870b7664fdc049a3792199fa Mon Sep 17 00:00:00 2001 From: chenruilong Date: Wed, 8 Feb 2023 11:43:58 +0800 Subject: [PATCH] =?UTF-8?q?fix(uni-id-co):=20=E4=BF=AE=E5=A4=8DURL?= =?UTF-8?q?=E7=AD=BE=E5=90=8D=E6=A0=A1=E9=AA=8C=E9=80=BB=E8=BE=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit (cherry picked from commit 5e578f0e251f18d63a7e528ff57684976085de0e) --- .../uni-id-co/middleware/verify-request-sign.js | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/uni_modules/uni-id-pages/uniCloud/cloudfunctions/uni-id-co/middleware/verify-request-sign.js b/uni_modules/uni-id-pages/uniCloud/cloudfunctions/uni-id-co/middleware/verify-request-sign.js index 84420e3..e695a40 100644 --- a/uni_modules/uni-id-pages/uniCloud/cloudfunctions/uni-id-co/middleware/verify-request-sign.js +++ b/uni_modules/uni-id-pages/uniCloud/cloudfunctions/uni-id-co/middleware/verify-request-sign.js @@ -2,17 +2,24 @@ const crypto = require('crypto') const { ERROR } = require('../common/error') const needSignFunctions = new Set([ 'externalRegister', - 'externalLogin' + 'externalLogin', + 'updateUserInfoByExternal' ]) module.exports = function () { const methodName = this.getMethodName() const { source } = this.getUniversalClientInfo() - // 非 HTTP 方式请求不需要鉴权 - if (source !== 'http') return + // 指定接口需要鉴权 if (!needSignFunctions.has(methodName)) return + // 非 HTTP 方式请求拒绝访问 + if (source !== 'http') { + throw { + errCode: ERROR.ILLEGAL_REQUEST + } + } + const timeout = 20 * 1000 // 请求超过20秒不能再请求,防止重放攻击 const { headers, body: _body } = this.getHttpInfo() const { 'uni-id-nonce': nonce, 'uni-id-timestamp': timestamp, 'uni-id-signature': signature } = headers -- GitLab