Super-frpc/backend
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

fix(auth): skip timestamp validation in debug mode

Browse Source 
Modify ValidateTimeStamp to bypass validation when in debug mode. Also update request validation to make timestamp optional in debug mode while maintaining security checks in production.
This commit is contained in:
NanamiAdmin
2026-02-27 23:13:15 +08:00
parent 1eb9351604
commit af5af2a04f
2 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
auth.go
View File

@@ -170,8 +170,11 @@ func isValidPassword(password string) bool {
}
func ValidateTimeStamp(timeStamp int64) error {
if globalConfig.Debug {
return nil
}
currentTime := time.Now().UnixMilli()
if !globalConfig.Debug && (currentTime-timeStamp > 3000 || timeStamp-currentTime > 3000) {
if currentTime-timeStamp > 3000 || timeStamp-currentTime > 3000 {
return errors.New("timestamp out of valid range")
}
return nil

8
handlers.go
View File

@@ -220,12 +220,14 @@ func ValidateRequestWithBody(w http.ResponseWriter, r *http.Request, body []byte
return 0, "", errors.New("token is required")
}
timeStamp, ok := reqMap["timeStamp"].(float64)
if !ok {
timeStamp := int64(0)
if ts, ok := reqMap["timeStamp"].(float64); ok {
timeStamp = int64(ts)
} else if !globalConfig.Debug {
return 0, "", errors.New("timeStamp is required")
}
if err := ValidateTimeStamp(int64(timeStamp)); err != nil {
if err := ValidateTimeStamp(timeStamp); err != nil {
return 0, "", err
}