GoAhead 登陆配置文件的坑

GoAhead提供了通过配置文件实现简单登陆以及权限控制功能,本来是一个极其简单的功能,但是却还是有两个坑:

  1. 配置文件需要以空行结尾

    通过代码websLoad("auth.txt") 加载的配置文件,最后一行一定要是一个空行,不然就会有问题。

  2. 密码的加密方式

    通过翻看代码:

PUBLIC bool websVerifyPasswordFromFile(Webs *wp)
{
    char    passbuf[ME_GOAHEAD_LIMIT_PASSWORD * 3 + 3];
    bool    success;

    assert(wp);
    if (!wp->user && (wp->user = websLookupUser(wp->username)) == 0) {
        trace(5, "verifyUser: Unknown user \"%s\"", wp->username);
        return 0;
    }
    /*
        Verify the password. If using Digest auth, we compare the digest of the password.
        Otherwise we encode the plain-text password and compare that
     */
    if (!wp->encoded) {
        fmt(passbuf, sizeof(passbuf), "%s:%s:%s", wp->username, ME_GOAHEAD_REALM, wp->password);
        wfree(wp->password);
        wp->password = websMD5(passbuf);
        wp->encoded = 1;
    }
    if (wp->digest) {
        success = smatch(wp->password, wp->digest);
    } else {
        success = smatch(wp->password, wp->user->password);
    }
    if (success) {
        trace(5, "User \"%s\" authenticated", wp->username);
    } else {
        trace(5, "Password for user \"%s\" failed to authenticate", wp->username);
    }
    return success;
}

可以看到,密码的加密方式为 username:ME_GOAHEAD_REALM:password 这个字符串的MD5码。其中 ME_GOAHEAD_REALM 的定义如下:

#ifndef ME_GOAHEAD_REALM
    #define ME_GOAHEAD_REALM "example.com"
#endif

你可能感兴趣的:(c/c++,goahead)