上传文件忽略了验证登录

[YiFabao]

源码中把上传包的api 做了登录忽略，这是为什么？　文档中有地方写到用curl 上传包的时候需要在system 平台获取一个token, 这不是多此一举了吗？

下面是源码中的一段代码：

//上传文件不需要登录 if(WebConf.webConf.uploadLogin || process.env.TARS_WEB_UPLOAD == 'true') { loginConf.ignore.push('/pages/server/api/upload_patch_package'); loginConf.ignore.push('/api/upload_patch_package'); loginConf.ignore.push('/pages/server/api/upload_and_publish'); loginConf.ignore.push('/api/upload_and_publish'); }

另外还有一个奇怪的地方就是, curl 命令上传包成功，但返回的信息包含了一个 "Method NOT Allowed" !!! tar cvfz boxserver.tgz ...

• Trying 172.25.0.1...
• TCP_NODELAY set
• Connected to 172.25.0.1 (172.25.0.1) port 3000 (#0)

  POST /api/upload_and_publish?ticket=cde57eeb8b1e9138c38f23eaebe5aebf9ff56fe0111 HTTP/1.1 Host: 172.25.0.1:3000 User-Agent: curl/7.58.0 Accept: / Content-Length: 11824338 Content-Type: multipart/form-data; boundary=------------------------f8e7df31d8cfb4dd Expect: 100-continue

  < HTTP/1.1 100 Continue < HTTP/1.1 200 OK < X-RateLimit-Limit: 5000 < X-RateLimit-Remaining: 4998 < X-RateLimit-Reset: 1595390400 < X-DNS-Prefetch-Control: off < X-Frame-Options: SAMEORIGIN < Strict-Transport-Security: max-age=15552000; includeSubDomains < X-Download-Options: noopen < X-Content-Type-Options: nosniff < X-XSS-Protection: 1; mode=block < Content-Type: text/plain; charset=utf-8 < Content-Length: 285 < Surrogate-Control: no-store < Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate < Pragma: no-cache < Expires: 0 < Set-Cookie: dcache=true; path=/ < Date: Wed, 22 Jul 2020 03:59:50 GMT < Connection: keep-alive < Method Not Allowed patch serverId: 108, node_name: 172.25.0.5

  task no: [33fd1e8440ba4d5bb19213ab44432e2b]

172.25.0.5 EM_I_SUCCESS startServer [quwanyun.boxserver] from 172.25.0.3 :server is activating, please check:

• Connection #0 to host 172.25.0.1 left intact

[langxgm]

我也发现这个问题，上传并发布不需要 token (/api/upload_and_publish)

tarscloud/framework:v2.4.7

[ruanshudong]

bug fix! 但是Method Not Allowed一直没定位到啥原因, 有点莫名其妙