Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

有循环重定向的可能 #14

Open
huqingliang opened this issue Dec 11, 2015 · 3 comments
Open

有循环重定向的可能 #14

huqingliang opened this issue Dec 11, 2015 · 3 comments

Comments

@huqingliang
Copy link 

if (!this.session) {
      debug('this.session not exists');
      // ignore not match path
      if (!loginRequired) {
        debug('not match needLogin path, %j', this.path);
        return yield next;
      }
      debug('relogin again');
      return yield loginHandler.call(this, next);
    }

    // get login path
    if (this.path === options.loginPath) {
      debug('match login path');
      return yield loginHandler.call(this, next);
    }

场景:

loginPath=/login
loginHost=demo.xxx.com
浏览器中输入demo.xxx.com/login (带有部分cookie),这是就能跳过第一个判断if (!this.session)
而 if (this.path === options.loginPath) 符合条件!
最终就会执行到loginHandler 的 redirect(this, loginURL);
@fengmk2
@fengmk2
Copy link
Member

fengmk2 commented Dec 11, 2015

这种 userauth 无法解决的。

@huqingliang
Copy link
Author 

if (!loginRequired) {
        debug('not match needLogin path, %j', this.path);
        return yield next;
      }

这段拎出来呢?/login加入白名单,让他直接跳到下一个中间件

@huqingliang
Copy link
Author

或者这样?

if (!this.session) 
to
if (!this.session || !this.session[options.userField])

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fengmk2 @huqingliang