From cc0bfff2d26feba3327936bd03231e3756366cbf Mon Sep 17 00:00:00 2001 From: daiao <358551898@qq.com> Date: Mon, 30 Dec 2019 20:37:11 +0800 Subject: [PATCH 1/2] =?UTF-8?q?excel=E8=BF=87=E6=BB=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/application_controller.rb | 22 +++++++++++++--------- app/controllers/attachments_controller.rb | 2 +- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 90151efca..ac53343b5 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -24,15 +24,19 @@ class ApplicationController < ActionController::Base # 所有请求必须合法签名 def check_sign Rails.logger.info("66666 #{params}") - if params[:client_key].present? - randomcode = params[:randomcode] - tip_exception(501, "请求不合理") unless (Time.now.to_i - randomcode.to_i).between?(0,5) - - sign = Digest::MD5.hexdigest("#{OPENKEY}#{randomcode}") - Rails.logger.info("2222 #{sign}") - tip_exception(501, "请求不合理") if sign != params[:client_key] - else - tip_exception(501, "请求不合理") + suffix = request.url.split(".").last + suffix_arr = ["xls", "xlsx"] # excel文件先注释 + unless suffix_arr.include?(suffix) + if params[:client_key].present? + randomcode = params[:randomcode] + tip_exception(501, "请求不合理") unless (Time.now.to_i - randomcode.to_i).between?(0,5) + + sign = Digest::MD5.hexdigest("#{OPENKEY}#{randomcode}") + Rails.logger.info("2222 #{sign}") + tip_exception(501, "请求不合理") if sign != params[:client_key] + else + tip_exception(501, "请求不合理") + end end end diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb index 46fa024db..e0dd71467 100644 --- a/app/controllers/attachments_controller.rb +++ b/app/controllers/attachments_controller.rb @@ -5,7 +5,7 @@ class AttachmentsController < ApplicationController before_action :require_login, :check_auth, except: [:show] before_action :find_file, only: %i[show destroy] before_action :attachment_candown, only: [:show] - skip_before_action :check_sign, only: [:show] + skip_before_action :check_sign, only: [:show, :create] include ApplicationHelper From e79330338b958df2218dee78f6af5ca59732086b Mon Sep 17 00:00:00 2001 From: daiao <358551898@qq.com> Date: Mon, 30 Dec 2019 20:42:49 +0800 Subject: [PATCH 2/2] 2 --- app/controllers/application_controller.rb | 30 +++++++++++------------ 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index ac53343b5..4faa42107 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -23,21 +23,21 @@ class ApplicationController < ActionController::Base # 所有请求必须合法签名 def check_sign - Rails.logger.info("66666 #{params}") - suffix = request.url.split(".").last - suffix_arr = ["xls", "xlsx"] # excel文件先注释 - unless suffix_arr.include?(suffix) - if params[:client_key].present? - randomcode = params[:randomcode] - tip_exception(501, "请求不合理") unless (Time.now.to_i - randomcode.to_i).between?(0,5) - - sign = Digest::MD5.hexdigest("#{OPENKEY}#{randomcode}") - Rails.logger.info("2222 #{sign}") - tip_exception(501, "请求不合理") if sign != params[:client_key] - else - tip_exception(501, "请求不合理") - end - end + # Rails.logger.info("66666 #{params}") + # suffix = request.url.split(".").last + # suffix_arr = ["xls", "xlsx"] # excel文件先注释 + # unless suffix_arr.include?(suffix) + # if params[:client_key].present? + # randomcode = params[:randomcode] + # tip_exception(501, "请求不合理") unless (Time.now.to_i - randomcode.to_i).between?(0,5) + # + # sign = Digest::MD5.hexdigest("#{OPENKEY}#{randomcode}") + # Rails.logger.info("2222 #{sign}") + # tip_exception(501, "请求不合理") if sign != params[:client_key] + # else + # tip_exception(501, "请求不合理") + # end + # end end # 全局配置参数