apiprovideo 添加只验证token

services/apiprovider/middleware.go

@@ -86,6 +86,30 @@ func ApplicationAuthOnDeviceIdentifer(context martini.Context, params martini.Pa
 
 }
 
+func ApplicationAuth(context martini.Context, params martini.Params, req *http.Request, r render.Render) {
+	identifier := params["identifier"]
+	key := req.Header.Get("App-Key")
+
+	if identifier == "" || key == "" {
+		r.JSON(http.StatusOK, renderError(ErrDeviceNotFound, errors.New("missing device identifier or app key.")))
+		return
+	}
+
+	app := &models.Application{}
+	err := server.RPCCallByName(nil, rpcs.RegistryServerName, "Registry.ValidateApplication", key, app)
+	if err != nil {
+		r.JSON(http.StatusOK, renderError(ErrAccessDenied, err))
+		return
+	}
+
+	err = checkAppDomain(app.AppDomain, identifier)
+	if err != nil {
+		r.JSON(http.StatusOK, renderError(ErrAccessDenied, err))
+		return
+	}
+
+}
+
 // check if device is online.
 func CheckDeviceOnline(context martini.Context, params martini.Params, req *http.Request, r render.Render) {
 	identifier := params["identifier"]

services/apiprovider/router.go

@@ -79,14 +79,14 @@ func route(m *martini.ClassicMartini) {
 		r.Post("/submit_scene", SubmitSceneAction)
 
 		// 设备指令查询
-		r.Get("/device_commands", ApplicationAuthOnDeviceIdentifer, GetDeviceCommands)
+		r.Get("/device_commands", ApplicationAuth, GetDeviceCommands)
 
 		// 设备状态查询
-		r.Get("/device_status_list", ApplicationAuthOnDeviceIdentifer, GetDeviceStatusList)
+		r.Get("/device_status_list", ApplicationAuth, GetDeviceStatusList)
 
 		// 场景执行历史查询
-		r.Get("/scene_his", ApplicationAuthOnDeviceIdentifer, GetSceneHis)
-		r.Get("/scene_his/:scene_id", ApplicationAuthOnDeviceIdentifer, GetSceneHisBySceneId)
+		r.Get("/scene_his", ApplicationAuth, GetSceneHis)
+		r.Get("/scene_his/:scene_id", ApplicationAuth, GetSceneHisBySceneId)
 	})
 	m.Group("/application/v2", func(r martini.Router) {
 		// send a command to device