Commit 44ed5166 by xiongziliang

添加参数合法性校验

parent 283074ad
...@@ -45,6 +45,7 @@ static map<string, AsyncHttpApi> s_map_api; ...@@ -45,6 +45,7 @@ static map<string, AsyncHttpApi> s_map_api;
namespace API { namespace API {
typedef enum { typedef enum {
InvalidArgsFailed = -300,
SqlFailed = -200, SqlFailed = -200,
AuthFailed = -100, AuthFailed = -100,
OtherFailed = -1, OtherFailed = -1,
...@@ -75,6 +76,12 @@ public: ...@@ -75,6 +76,12 @@ public:
~AuthException() = default; ~AuthException() = default;
}; };
class InvalidArgs: public ApiRetException {
public:
InvalidArgs(const char *str):ApiRetException(str,API::InvalidArgsFailed){}
~InvalidArgs() = default;
};
//获取HTTP请求中url参数、content参数 //获取HTTP请求中url参数、content参数
static ApiArgsType getAllArgs(const Parser &parser) { static ApiArgsType getAllArgs(const Parser &parser) {
...@@ -150,11 +157,7 @@ static inline void addHttpListener(){ ...@@ -150,11 +157,7 @@ static inline void addHttpListener(){
try { try {
api(headerIn, headerOut, allArgs, val, invoker); api(headerIn, headerOut, allArgs, val, invoker);
} catch(AuthException &ex){ } catch(ApiRetException &ex){
val["code"] = API::AuthFailed;
val["msg"] = ex.what();
invoker("200 OK", headerOut, val.toStyledString());
} catch(ApiRetException &ex){
val["code"] = ex.code(); val["code"] = ex.code();
val["msg"] = ex.what(); val["msg"] = ex.what();
invoker("200 OK", headerOut, val.toStyledString()); invoker("200 OK", headerOut, val.toStyledString());
...@@ -172,6 +175,21 @@ static inline void addHttpListener(){ ...@@ -172,6 +175,21 @@ static inline void addHttpListener(){
}); });
} }
template <typename Args,typename First>
bool checArgs(Args &&args,First &&first){
return !args[first].empty();
}
template <typename Args,typename First,typename ...KeyTypes>
bool checArgs(Args &&args,First &&first,KeyTypes && ...keys){
return !args[first].empty() && checArgs(args,keys...);
}
#define CHECK_ARGS(...) \
if(!checArgs(allArgs,##__VA_ARGS__)){ \
throw InvalidArgs("缺少必要参数:" #__VA_ARGS__); \
}
//安装api接口 //安装api接口
void installWebApi() { void installWebApi() {
addHttpListener(); addHttpListener();
...@@ -287,6 +305,7 @@ void installWebApi() { ...@@ -287,6 +305,7 @@ void installWebApi() {
}); });
API_REGIST(api,kick_pusher,{ API_REGIST(api,kick_pusher,{
CHECK_ARGS("schema","vhost","app","stream");
//踢掉推流器 //踢掉推流器
auto src = MediaSource::find(allArgs["schema"], auto src = MediaSource::find(allArgs["schema"],
allArgs["vhost"], allArgs["vhost"],
...@@ -303,6 +322,7 @@ void installWebApi() { ...@@ -303,6 +322,7 @@ void installWebApi() {
}); });
API_REGIST(api,kick_session,{ API_REGIST(api,kick_session,{
CHECK_ARGS("id");
//踢掉tcp会话 //踢掉tcp会话
auto id = allArgs["id"]; auto id = allArgs["id"];
if(id.empty()){ if(id.empty()){
...@@ -325,6 +345,7 @@ void installWebApi() { ...@@ -325,6 +345,7 @@ void installWebApi() {
static unordered_map<uint64_t ,PlayerProxy::Ptr> s_proxyMap; static unordered_map<uint64_t ,PlayerProxy::Ptr> s_proxyMap;
static recursive_mutex s_proxyMapMtx; static recursive_mutex s_proxyMapMtx;
API_REGIST(api,addStreamProxy,{ API_REGIST(api,addStreamProxy,{
CHECK_ARGS("vhost","app","stream","url");
//添加拉流代理 //添加拉流代理
PlayerProxy::Ptr player(new PlayerProxy( PlayerProxy::Ptr player(new PlayerProxy(
allArgs["vhost"], allArgs["vhost"],
...@@ -344,6 +365,7 @@ void installWebApi() { ...@@ -344,6 +365,7 @@ void installWebApi() {
}); });
API_REGIST(api,delStreamProxy,{ API_REGIST(api,delStreamProxy,{
CHECK_ARGS("id");
lock_guard<recursive_mutex> lck(s_proxyMapMtx); lock_guard<recursive_mutex> lck(s_proxyMapMtx);
val["data"]["flag"] = s_proxyMap.erase(allArgs["id"].as<uint64_t>()) == 1; val["data"]["flag"] = s_proxyMap.erase(allArgs["id"].as<uint64_t>()) == 1;
}); });
...@@ -377,6 +399,7 @@ void installWebApi() { ...@@ -377,6 +399,7 @@ void installWebApi() {
API_REGIST(hook,on_rtsp_auth,{ API_REGIST(hook,on_rtsp_auth,{
//rtsp鉴权密码,密码等于用户名 //rtsp鉴权密码,密码等于用户名
//rtsp可以有双重鉴权!后面还会触发on_play事件 //rtsp可以有双重鉴权!后面还会触发on_play事件
CHECK_ARGS("user_name");
val["code"] = 0; val["code"] = 0;
val["encrypted"] = false; val["encrypted"] = false;
val["passwd"] = allArgs["user_name"].data(); val["passwd"] = allArgs["user_name"].data();
......
Markdown 格式
0%
您添加了 0 到此讨论。请谨慎行事。
请先完成此评论的编辑!
注册 或者 后发表评论