Open YiFabao opened 4 years ago
源码中把上传包的api 做了登录忽略,这是为什么? 文档中有地方写到用curl 上传包的时候需要在system 平台获取一个token, 这不是多此一举了吗?
下面是源码中的一段代码:
//上传文件不需要登录 if(WebConf.webConf.uploadLogin || process.env.TARS_WEB_UPLOAD == 'true') { loginConf.ignore.push('/pages/server/api/upload_patch_package'); loginConf.ignore.push('/api/upload_patch_package'); loginConf.ignore.push('/pages/server/api/upload_and_publish'); loginConf.ignore.push('/api/upload_and_publish'); }
另外还有一个奇怪的地方就是, curl 命令上传包成功,但返回的信息包含了一个 "Method NOT Allowed" !!! tar cvfz boxserver.tgz ...
POST /api/upload_and_publish?ticket=cde57eeb8b1e9138c38f23eaebe5aebf9ff56fe0111 HTTP/1.1 Host: 172.25.0.1:3000 User-Agent: curl/7.58.0 Accept: / Content-Length: 11824338 Content-Type: multipart/form-data; boundary=------------------------f8e7df31d8cfb4dd Expect: 100-continue < HTTP/1.1 100 Continue < HTTP/1.1 200 OK < X-RateLimit-Limit: 5000 < X-RateLimit-Remaining: 4998 < X-RateLimit-Reset: 1595390400 < X-DNS-Prefetch-Control: off < X-Frame-Options: SAMEORIGIN < Strict-Transport-Security: max-age=15552000; includeSubDomains < X-Download-Options: noopen < X-Content-Type-Options: nosniff < X-XSS-Protection: 1; mode=block < Content-Type: text/plain; charset=utf-8 < Content-Length: 285 < Surrogate-Control: no-store < Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate < Pragma: no-cache < Expires: 0 < Set-Cookie: dcache=true; path=/ < Date: Wed, 22 Jul 2020 03:59:50 GMT < Connection: keep-alive < Method Not Allowed patch serverId: 108, node_name: 172.25.0.5 task no: [33fd1e8440ba4d5bb19213ab44432e2b]
POST /api/upload_and_publish?ticket=cde57eeb8b1e9138c38f23eaebe5aebf9ff56fe0111 HTTP/1.1 Host: 172.25.0.1:3000 User-Agent: curl/7.58.0 Accept: / Content-Length: 11824338 Content-Type: multipart/form-data; boundary=------------------------f8e7df31d8cfb4dd Expect: 100-continue
task no: [33fd1e8440ba4d5bb19213ab44432e2b]
172.25.0.5 EM_I_SUCCESS startServer [quwanyun.boxserver] from 172.25.0.3 :server is activating, please check:
我也发现这个问题,上传并发布不需要 token (/api/upload_and_publish)
tarscloud/framework:v2.4.7
bug fix! 但是Method Not Allowed一直没定位到啥原因, 有点莫名其妙
源码中把上传包的api 做了登录忽略,这是为什么? 文档中有地方写到用curl 上传包的时候需要在system 平台获取一个token, 这不是多此一举了吗?
下面是源码中的一段代码:
//上传文件不需要登录 if(WebConf.webConf.uploadLogin || process.env.TARS_WEB_UPLOAD == 'true') { loginConf.ignore.push('/pages/server/api/upload_patch_package'); loginConf.ignore.push('/api/upload_patch_package'); loginConf.ignore.push('/pages/server/api/upload_and_publish'); loginConf.ignore.push('/api/upload_and_publish'); }
另外还有一个奇怪的地方就是, curl 命令上传包成功,但返回的信息包含了一个 "Method NOT Allowed" !!! tar cvfz boxserver.tgz ...
172.25.0.5 EM_I_SUCCESS startServer [quwanyun.boxserver] from 172.25.0.3 :server is activating, please check: