From d20a3be4ea27e94216108bcf0922e3675c041266 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=B5=81=E7=81=AB=E8=A1=8C=E8=80=85?= Date: Fri, 27 Aug 2021 18:51:08 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E7=BB=9F=E4=B8=80?= =?UTF-8?q?=E4=B8=8B=E5=8D=95=E6=8E=A5=E5=8F=A3=E6=AF=8F=E5=88=86=E9=92=9F?= =?UTF-8?q?=E5=90=8C=E4=B8=80=E4=B8=AA=E7=94=A8=E6=88=B7=E5=8F=AA=E8=83=BD?= =?UTF-8?q?=E8=B0=83=E7=94=A8=E4=B8=89=E6=AC=A1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/Http/Middleware/AuthenticateWithHeader.php | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/Http/Middleware/AuthenticateWithHeader.php b/src/Http/Middleware/AuthenticateWithHeader.php index 45d9097..f67546d 100644 --- a/src/Http/Middleware/AuthenticateWithHeader.php +++ b/src/Http/Middleware/AuthenticateWithHeader.php @@ -205,7 +205,9 @@ class AuthenticateWithHeader implements MiddlewareInterface if ($this->isCoskey($api, $method)) { return $this->setLimit($key, $method, 20, 30); } - + if ($this->isPayOrder($api, $method)) { + return $this->setLimit($key, $method, 3, 10); + } return $this->setLimit($key, $method, $max); } @@ -239,6 +241,10 @@ class AuthenticateWithHeader implements MiddlewareInterface return $api == 'coskey' && $method == 'post'; } + private function isPayOrder($api, $method){ + return $api == 'trade/pay/order' && $method == 'post'; + } + /* * $max interage 每分钟最大调用次数 * $defaultDelay Boolen 超过调用次数禁止秒数 -- Gitee From 296fca7b2e6d95e1f802f4a4c7c04f13295e1dbc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=B5=81=E7=81=AB=E8=A1=8C=E8=80=85?= Date: Fri, 27 Aug 2021 20:38:58 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E7=BB=95=E8=BF=87?= =?UTF-8?q?=E4=BB=98=E8=B4=B9=E7=AB=99=E7=82=B9=E6=BC=8F=E6=B4=9E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/Http/Middleware/CheckoutSite.php | 32 +++++++++++++++++----------- 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/src/Http/Middleware/CheckoutSite.php b/src/Http/Middleware/CheckoutSite.php index da1f9d2..51a48e1 100644 --- a/src/Http/Middleware/CheckoutSite.php +++ b/src/Http/Middleware/CheckoutSite.php @@ -25,7 +25,6 @@ use App\Models\Order; use App\Repositories\UserRepository; use Discuz\Auth\AssertPermissionTrait; use Discuz\Auth\Exception\PermissionDeniedException; -use Discuz\Base\DzqLog; use Discuz\Contracts\Setting\SettingsRepository; use Discuz\Foundation\Application; use Illuminate\Support\Carbon; @@ -47,7 +46,6 @@ class CheckoutSite implements MiddlewareInterface 'user', 'forum', 'follow', - 'thread.list', 'users.list', 'order.create', 'trade/pay/order', @@ -72,7 +70,6 @@ class CheckoutSite implements MiddlewareInterface 'emoji', 'view.count' ]; - public function __construct(Application $app, SettingsRepository $settings) { $this->app = $app; @@ -114,21 +111,32 @@ class CheckoutSite implements MiddlewareInterface private function checkPayMode($request, $actor) { $userRepo = app(UserRepository::class); -// dd($userRepo->isPaid($actor)); - if ($userRepo->isPaid($actor) === true) { - return; - } - + if ($userRepo->isPaid($actor) === true) { + return; + } $apiPath = $request->getUri()->getPath(); + $queryString = $request->getUri()->getQuery(); $api = str_replace(['/apiv3/', '/api/'], '', $apiPath); - if (!in_array($api, $this->noCheckPayMode) && !(strpos($api, 'users') === 0) && !(strpos($api, 'backAdmin') === 0)) { - DzqLog::info('checkout_site_no_permission', [ - 'user' => $actor - ]); + $this->inWhiteApiList($api, $queryString); + if (!(in_array($api, $this->noCheckPayMode) || $this->inWhiteApiList($api, $queryString)) && !(strpos($api, 'users') === 0) && !(strpos($api, 'backAdmin') === 0)) { Utils::outPut(ResponseCode::JUMP_TO_PAY_SITE); } } + private function inWhiteApiList($api, $queryString) + { + parse_str($queryString, $query); + $isPass = false; + switch ($api) { + case 'thread.list': + if (isset($query['scope']) && $query['scope'] == 3) { + $isPass = true; + } + break; + } + return $isPass; + } + private function getOrder($actor) { if ($actor->isGuest()) { -- Gitee