禁止GeneratePresignedUrl ip 访问

huberyxxiao · huberyxxiao · commit b7d74eeded93 · 2024-03-19T17:52:25.000+08:00
diff --git a/include/op/base_op.h b/include/op/base_op.h
@@ -115,7 +115,7 @@ class BaseOp {
       std::istream& is, BaseResp* resp, const SharedTransferHandler& handler = nullptr);
 
   std::string GetRealUrl(const std::string& host, const std::string& path,
-                         bool is_https);
+                         bool is_https, bool is_generate_presigned_url = false);
 
  protected:
   bool CheckConfigValidation() const;
diff --git a/src/op/base_op.cpp b/src/op/base_op.cpp
@@ -323,7 +323,7 @@ CosResult BaseOp::UploadAction(
 
 // 1. host优先级，私有ip > 自定义域名 > DNS cache > 默认域名
 std::string BaseOp::GetRealUrl(const std::string& host, const std::string& path,
-                               bool is_https) {
+                               bool is_https, bool is_generate_presigned_url) {
   std::string dest_uri;
   std::string dest_host = host;
   std::string dest_path = path;
@@ -339,17 +339,17 @@ std::string BaseOp::GetRealUrl(const std::string& host, const std::string& path,
   if (m_config &&
       m_config->GetSetIntranetOnce() &&
       m_config->IsUseIntranet() &&
-      !m_config->GetIntranetAddr().empty()) {
+      !m_config->GetIntranetAddr().empty() && !is_generate_presigned_url) {
     dest_host = m_config->GetIntranetAddr();
   } else if (CosSysConfig::IsUseIntranet() &&
-      !CosSysConfig::GetIntranetAddr().empty()) {
+      !CosSysConfig::GetIntranetAddr().empty() && !is_generate_presigned_url) {
     dest_host = CosSysConfig::GetIntranetAddr();
   } else if (m_config &&
              (!m_config->GetDestDomain().empty())) {
     dest_host = m_config->GetDestDomain();
   } else if (!CosSysConfig::GetDestDomain().empty()) {
     dest_host = CosSysConfig::GetDestDomain();
-  } else if (CosSysConfig::GetUseDnsCache()) {
+  } else if (CosSysConfig::GetUseDnsCache() && !is_generate_presigned_url) {
     dest_host = GetGlobalDnsCacheInstance().Resolve(host);
   }
 
diff --git a/src/op/object_op.cpp b/src/op/object_op.cpp
@@ -1765,7 +1765,7 @@ std::string ObjectOp::GeneratePresignedUrl(const GeneratePresignedUrlReq& req) {
     return "";
   }
 
-  std::string signed_url = GetRealUrl(host, req.GetPath(), req.UseHttps());
+  std::string signed_url = GetRealUrl(host, req.GetPath(), req.UseHttps(), true);
   signed_url += "?sign=" + CodecUtil::EncodeKey(auth_str);
 
   const std::map<std::string, std::string>& req_params = req.GetParams();

Original file line number	Diff line number	Diff line change
`@@ -1765,7 +1765,7 @@ std::string ObjectOp::GeneratePresignedUrl(const GeneratePresignedUrlReq& req) {`
`1765`	`1765`	`return "";`
`1766`	`1766`	`}`
`1767`	`1767`
`1768`		`- std::string signed_url = GetRealUrl(host, req.GetPath(), req.UseHttps());`
	`1768`	`+ std::string signed_url = GetRealUrl(host, req.GetPath(), req.UseHttps(), true);`
`1769`	`1769`	`signed_url += "?sign=" + CodecUtil::EncodeKey(auth_str);`
`1770`	`1770`
`1771`	`1771`	`const std::map<std::string, std::string>& req_params = req.GetParams();`