Merge remote-tracking branch 'origin/dev_aliyun' into dev_aliyun

5 years ago · ac52ea4e47
parent f17b642f3b e4e7b6e26d
commit ac52ea4e47
4 changed files with 11 additions and 2 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -12,6 +12,7 @@ class ApplicationController < ActionController::Base

 	protect_from_forgery prepend: true, unless: -> { request.format.json? }

+	before_action :check_sign
 	before_action :user_setup
 	#before_action :check_account

@ -20,6 +21,13 @@ class ApplicationController < ActionController::Base

 	helper_method :current_user

+	# 所有请求必须合法签名
+	def check_sign
+		timestamp = params[:timestamp]
+		sign = Digest::MD5.hexdigest("#{OPENKEY}#{timestamp}")
+		tip_exception(501, "请求不合理") if sign != params[:client_key]
+	end
+
 	# 全局配置参数
 	# 返回name对应的value
 	def edu_setting(name)
--- a/app/controllers/cooperative/base_controller.rb
+++ b/app/controllers/cooperative/base_controller.rb
@ -16,7 +16,7 @@ class Cooperative::BaseController < ApplicationController
  private

  def current_laboratory
-    @_current_laboratory ||= Laboratory.find_by_subdomain(request.subdomain)
+    @_current_laboratory ||= (Laboratory.find_by_subdomain(request.subdomain) || Laboratory.first)
    # @_current_laboratory ||= Laboratory.find 1
  end

--- a/app/controllers/hack_user_lastest_codes_controller.rb
+++ b/app/controllers/hack_user_lastest_codes_controller.rb
@ -153,7 +153,7 @@ class HackUserLastestCodesController < ApplicationController
    when 'Java'
      content.scan(/.java.\d+/).map{|s| s.match(/\d+/)[0].to_i}.min
    when 'C', 'C++'
-      content.scan(/\d:\d+:/).map{|s| s.match(/\d+/)[0]}.min
+      content.scan(/\d:\d+:/).map{|s| s.match(/\d+/)[0].to_i}.min
    when 'Python'
      content.scan(/line \d+/).map{|s| s.match(/\d+/)[0].to_i}.min
    end
--- a/app/controllers/myshixuns_controller.rb
+++ b/app/controllers/myshixuns_controller.rb
@ -3,6 +3,7 @@ class MyshixunsController < ApplicationController
  before_action :find_myshixun, :except => [:training_task_status, :code_runinng_message]
  before_action :find_repo_name, :except => [:training_task_status, :code_runinng_message]
  skip_before_action :verify_authenticity_token, :only => [:html_content]
+  skip_before_action :check_sign, only:  [:training_task_status, :code_runinng_message]

  ## TPI关卡列表
  def challenges