From 09eaa3116a1d1997df567a16c8d3b917b0eef798 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=89=8B=E7=93=9C=E4=B8=80=E5=8D=81=E9=9B=AA?= Date: Tue, 7 May 2024 21:47:52 +0800 Subject: [PATCH] feat:fix --- src/webui/index.ts | 34 +---------------- src/webui/src/api/Auth.ts | 12 +++++- src/webui/src/router/{api.ts => auth.ts} | 0 src/webui/src/router/index.ts | 48 ++++++++++++++++++++++-- static/login.html | 2 +- 5 files changed, 58 insertions(+), 38 deletions(-) rename src/webui/src/router/{api.ts => auth.ts} (100%) diff --git a/src/webui/index.ts b/src/webui/index.ts index 47613d61..61e8d9ad 100644 --- a/src/webui/index.ts +++ b/src/webui/index.ts @@ -2,7 +2,7 @@ import express from 'express'; import { NextFunction, Request, Response } from 'express'; import { AuthHelper } from './src/helper/SignToken'; import { resolve } from 'node:path'; -import { APIRouter } from './src/router'; +import { ALLRouter } from './src/router'; import { WebUIConfig } from './src/helper/config'; const app = express(); /** @@ -14,7 +14,6 @@ const app = express(); export async function InitWebUi() { let config = await WebUIConfig(); app.use(express.json()); - app.use(AuthApi); // 初始服务 app.all('/', (_req, res) => { res.json({ @@ -24,38 +23,9 @@ export async function InitWebUi() { // 配置静态文件服务,提供./static目录下的文件服务,访问路径为/webui app.use('/webui', express.static(resolve(__dirname, './static'))); //挂载API接口 - app.all('/api', APIRouter); + app.use('/api', ALLRouter); app.listen(config.port, async () => { console.log(`[NapCat] [WebUi] Current WebUi is running at IP:${config.port}`); }) -} -export async function AuthApi(req: Request, res: Response, next: NextFunction) { - //判断当前url是否为/api/login 如果是跳过鉴权 - try { - if (req.url == '/api/login') { - next(); - return; - } - if (req.headers?.authorization) { - let token = req.headers?.authorization.split(' ')[1]; - let Credential = JSON.parse(Buffer.from(token, 'base64').toString('utf-8')); - let credentialJson = await AuthHelper.checkCredential(Credential); - if (credentialJson) { - next(); - } - res.json({ - code: -1, - msg: 'Unauthorized', - }); - return; - } - } catch (e: any) { - res.json({ - code: -1, - msg: 'Server Error', - }); - return; - } - return; } \ No newline at end of file diff --git a/src/webui/src/api/Auth.ts b/src/webui/src/api/Auth.ts index 6a622d77..b287e5ca 100644 --- a/src/webui/src/api/Auth.ts +++ b/src/webui/src/api/Auth.ts @@ -7,7 +7,7 @@ export const LoginHandler: RequestHandler = async (req, res) => { const { token } = req.body; if (isEmpty(token)) { res.json({ - code: 0, + code: -1, message: 'token is empty' }); return; @@ -15,11 +15,19 @@ export const LoginHandler: RequestHandler = async (req, res) => { let config = await WebUIConfig(); if (!DataRuntime.checkLoginRate(config.loginRate)) { res.json({ - code: 0, + code: -1, message: 'login rate limit' }); return; } + //验证config.token是否等于token + if (config.token !== token) { + res.json({ + code: -1, + message: 'token is invalid' + }); + return; + } let signCredential = Buffer.from(JSON.stringify(AuthHelper.signCredential(config.token))).toString('base64'); res.json({ code: 0, diff --git a/src/webui/src/router/api.ts b/src/webui/src/router/auth.ts similarity index 100% rename from src/webui/src/router/api.ts rename to src/webui/src/router/auth.ts diff --git a/src/webui/src/router/index.ts b/src/webui/src/router/index.ts index e38e0b40..32541761 100644 --- a/src/webui/src/router/index.ts +++ b/src/webui/src/router/index.ts @@ -1,6 +1,48 @@ import { Router } from "express"; -import { AuthRouter } from "./api"; +import { AuthHelper } from '../../src/helper/SignToken'; +import { NextFunction, Request, Response } from 'express'; +import { AuthRouter } from "./auth"; const router = Router(); +export async function AuthApi(req: Request, res: Response, next: NextFunction) { + //判断当前url是否为/api/login 如果是跳过鉴权 + console.log(req.url); + try { + if (req.url == '/api/auth/login') { + next(); + return; + } + if (req.headers?.authorization) { + let token = req.headers?.authorization.split(' ')[1]; + let Credential = JSON.parse(Buffer.from(token, 'base64').toString('utf-8')); + let credentialJson = await AuthHelper.checkCredential(Credential); + if (credentialJson) { + next(); + } + res.json({ + code: -1, + msg: 'Unauthorized', + }); + return; + } + } catch (e: any) { + res.json({ + code: -1, + msg: 'Server Error', + }); + return; + } + res.json({ + code: -1, + msg: 'Server Error', + }); + return; +} +//router.use('/*', AuthApi);//鉴权 +router.all("/test", (req, res) => { + res.json({ + code: 0, + msg: 'ok', + }); +}); router.use('/auth', AuthRouter);//挂载权限路由 - -export { router as APIRouter } \ No newline at end of file +export { router as ALLRouter } \ No newline at end of file diff --git a/static/login.html b/static/login.html index 272d8d4f..6cf85b70 100644 --- a/static/login.html +++ b/static/login.html @@ -85,7 +85,7 @@ let data = ""; try { - data = await fetch('/api/login', { + data = await fetch('/api/auth/login', { method: 'POST', headers: { 'Content-Type': 'application/json'