diff --git a/app/controller/Auth.php b/app/controller/Auth.php index 0f0d81f..7068401 100644 --- a/app/controller/Auth.php +++ b/app/controller/Auth.php @@ -53,7 +53,9 @@ class Auth extends BaseController } else { if ($user) { Db::name('log')->insert(['uid' => $user['id'], 'action' => '登录失败', 'data' => 'IP:' . $this->clientip, 'addtime' => date("Y-m-d H:i:s")]); - if (isset($user['totp_open']) && $user['totp_open'] == 1 && !empty($user['totp_secret'])) $login_limit_count = 10; + if (isset($user['totp_open']) && $user['totp_open'] == 1 && !empty($user['totp_secret'])) { + return json(['code' => -1, 'msg' => '用户名或密码错误', 'vcode' => 1]); + } } if (!file_exists($login_limit_file)) { $login_limit = ['count' => 0, 'time' => 0]; diff --git a/app/lib/client/AWS.php b/app/lib/client/AWS.php index 06fdd34..a67e1f6 100644 --- a/app/lib/client/AWS.php +++ b/app/lib/client/AWS.php @@ -144,6 +144,7 @@ class AWS } $path = '/' . $this->version . $path; + $body = ''; if ($method == 'GET' || $method == 'DELETE') { $query = $params; } else { @@ -181,7 +182,7 @@ class AWS // step 1: build canonical request string $httpRequestMethod = $method; - $canonicalUri = $path; + $canonicalUri = $this->getCanonicalURI($path); $canonicalQueryString = $this->getCanonicalQueryString($query); [$canonicalHeaders, $signedHeaders] = $this->getCanonicalHeaders($headers); $hashedRequestPayload = hash("sha256", $body); @@ -221,6 +222,17 @@ class AWS $replace = ['%20', '%2A', '~']; return str_replace($search, $replace, urlencode($str)); } + + private function getCanonicalURI($path) + { + if (empty($path)) return '/'; + $pattens = explode('/', $path); + $pattens = array_map(function ($item) { + return $this->escape($item); + }, $pattens); + $canonicalURI = implode('/', $pattens); + return $canonicalURI; + } private function getCanonicalQueryString($parameters) { diff --git a/app/lib/client/AliyunNew.php b/app/lib/client/AliyunNew.php index b4c27ba..c8632a8 100644 --- a/app/lib/client/AliyunNew.php +++ b/app/lib/client/AliyunNew.php @@ -76,7 +76,7 @@ class AliyunNew // step 1: build canonical request string $httpRequestMethod = $method; - $canonicalUri = $path; + $canonicalUri = $this->getCanonicalURI($path); $canonicalQueryString = $this->getCanonicalQueryString($query); [$canonicalHeaders, $signedHeaders] = $this->getCanonicalHeaders($headers); $hashedRequestPayload = hash("sha256", $body); @@ -108,6 +108,17 @@ class AliyunNew return str_replace($search, $replace, urlencode($str)); } + private function getCanonicalURI($path) + { + if (empty($path)) return '/'; + $pattens = explode('/', $path); + $pattens = array_map(function ($item) { + return $this->escape($item); + }, $pattens); + $canonicalURI = implode('/', $pattens); + return $canonicalURI; + } + private function getCanonicalQueryString($parameters) { if (empty($parameters)) return ''; diff --git a/app/lib/client/HuaweiCloud.php b/app/lib/client/HuaweiCloud.php index eb2ac3d..b37babd 100644 --- a/app/lib/client/HuaweiCloud.php +++ b/app/lib/client/HuaweiCloud.php @@ -70,8 +70,7 @@ class HuaweiCloud // step 1: build canonical request string $httpRequestMethod = $method; - $canonicalUri = $path; - if (substr($canonicalUri, -1) != "/") $canonicalUri .= "/"; + $canonicalUri = $this->getCanonicalURI($path); $canonicalQueryString = $this->getCanonicalQueryString($query); [$canonicalHeaders, $signedHeaders] = $this->getCanonicalHeaders($headers); $hashedRequestPayload = hash("sha256", $body); @@ -105,6 +104,18 @@ class HuaweiCloud return str_replace($search, $replace, urlencode($str)); } + private function getCanonicalURI($path) + { + if (empty($path)) return '/'; + $pattens = explode('/', $path); + $pattens = array_map(function ($item) { + return $this->escape($item); + }, $pattens); + $canonicalURI = implode('/', $pattens); + if (substr($canonicalURI, -1) != '/') $canonicalURI .= '/'; + return $canonicalURI; + } + private function getCanonicalQueryString($parameters) { if (empty($parameters)) return ''; diff --git a/app/utils/CheckUtils.php b/app/utils/CheckUtils.php index 91cac0d..390b414 100644 --- a/app/utils/CheckUtils.php +++ b/app/utils/CheckUtils.php @@ -74,6 +74,7 @@ class CheckUtils public static function tcp($target, $port, $timeout) { + if (substr($target, -1) == '.') $target = substr($target, 0, -1); if (!filter_var($target, FILTER_VALIDATE_IP) && checkDomain($target)) { $target = gethostbyname($target); if (!$target) return ['status' => false, 'errmsg' => 'DNS resolve failed', 'usetime' => 0]; @@ -94,6 +95,7 @@ class CheckUtils public static function ping($target) { if (!function_exists('exec')) return ['status' => false, 'errmsg' => 'exec函数不可用', 'usetime' => 0]; + if (substr($target, -1) == '.') $target = substr($target, 0, -1); if (!filter_var($target, FILTER_VALIDATE_IP) && checkDomain($target)) { $target = gethostbyname($target); if (!$target) return ['status' => false, 'errmsg' => 'DNS resolve failed', 'usetime' => 0];