From 3c2e6e9f7bafd70934ddebc276b283e2bb07f6f8 Mon Sep 17 00:00:00 2001
From: huanghai <10402852@qq.com>
Date: Thu, 30 Jul 2020 14:55:21 +0800
Subject: [PATCH] 'commit'

---
 dsSso/Controller/ControllerOauth2/ControllerOauth2.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/dsSso/Controller/ControllerOauth2/ControllerOauth2.go b/dsSso/Controller/ControllerOauth2/ControllerOauth2.go
index dc522ff9..8225bcb9 100644
--- a/dsSso/Controller/ControllerOauth2/ControllerOauth2.go
+++ b/dsSso/Controller/ControllerOauth2/ControllerOauth2.go
@@ -376,7 +376,13 @@ func authorizeGet(context *gin.Context) {
 	var redirectUri = context.Query("redirect_uri")
 	//回调的页面地址
 	var oauthCallback = context.Query("oauth_callback")
-
+	//oauth_callback的base64检查
+	_, err := base64.StdEncoding.DecodeString(oauthCallback)
+	if err != nil {
+		msg := "传入的oauth_callback不不是经过标准码的base64字符串！"
+		context.JSON(http.StatusOK, map[string]interface{}{"success": false, "msg": msg})
+		return
+	}
 	//检查这个client_id是不是经过授权？
 	client, err := RedisStorage.OAuth2RedisStorage.GetClient(paraClientId)
 	if err != nil || client == nil {