GuanM/NapCatQQ
1
0
Fork 0
mirror of https://github.com/NapNeko/NapCatQQ.git synced 2024-11-21 09:36:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat:fix

Browse Source
This commit is contained in:
手瓜一十雪 2024-05-07 21:47:52 +08:00
parent e9bff466b5
commit 09eaa3116a
5 changed files with 58 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
src/webui/index.ts
View File

@ -2,7 +2,7 @@ import express from 'express';
import { NextFunction, Request, Response } from 'express'; import { NextFunction, Request, Response } from 'express';
import { AuthHelper } from './src/helper/SignToken'; import { AuthHelper } from './src/helper/SignToken';
import { resolve } from 'node:path'; import { resolve } from 'node:path';
import { APIRouter } from './src/router'; import { ALLRouter } from './src/router';
import { WebUIConfig } from './src/helper/config'; import { WebUIConfig } from './src/helper/config';
const app = express(); const app = express();
/** /**
@ -14,7 +14,6 @@ const app = express();
export async function InitWebUi() { export async function InitWebUi() {
let config = await WebUIConfig(); let config = await WebUIConfig();
app.use(express.json()); app.use(express.json());
app.use(AuthApi);
// 初始服务 // 初始服务
app.all('/', (_req, res) => { app.all('/', (_req, res) => {
res.json({ res.json({
@ -24,38 +23,9 @@ export async function InitWebUi() {
// 配置静态文件服务,提供./static目录下的文件服务访问路径为/webui // 配置静态文件服务,提供./static目录下的文件服务访问路径为/webui
app.use('/webui', express.static(resolve(__dirname, './static'))); app.use('/webui', express.static(resolve(__dirname, './static')));
//挂载API接口 //挂载API接口
app.all('/api', APIRouter); app.use('/api', ALLRouter);
app.listen(config.port, async () => { app.listen(config.port, async () => {
console.log(`[NapCat] [WebUi] Current WebUi is running at IP:${config.port}`); console.log(`[NapCat] [WebUi] Current WebUi is running at IP:${config.port}`);
}) })
} }
export async function AuthApi(req: Request, res: Response, next: NextFunction) {
//判断当前url是否为/api/login 如果是跳过鉴权
try {
if (req.url == '/api/login') {
next();
return;
}
if (req.headers?.authorization) {
let token = req.headers?.authorization.split(' ')[1];
let Credential = JSON.parse(Buffer.from(token, 'base64').toString('utf-8'));
let credentialJson = await AuthHelper.checkCredential(Credential);
if (credentialJson) {
next();
}
res.json({
code: -1,
msg: 'Unauthorized',
});
return;
}
} catch (e: any) {
res.json({
code: -1,
msg: 'Server Error',
});
return;
}
return;
}

12
src/webui/src/api/Auth.ts
View File

@ -7,7 +7,7 @@ export const LoginHandler: RequestHandler = async (req, res) => {
const { token } = req.body; const { token } = req.body;
if (isEmpty(token)) { if (isEmpty(token)) {
res.json({ res.json({
code: 0, code: -1,
message: 'token is empty' message: 'token is empty'
}); });
return; return;
@ -15,11 +15,19 @@ export const LoginHandler: RequestHandler = async (req, res) => {
let config = await WebUIConfig(); let config = await WebUIConfig();
if (!DataRuntime.checkLoginRate(config.loginRate)) { if (!DataRuntime.checkLoginRate(config.loginRate)) {
res.json({ res.json({
code: 0, code: -1,
message: 'login rate limit' message: 'login rate limit'
}); });
return; return;
} }
//验证config.token是否等于token
if (config.token !== token) {
res.json({
code: -1,
message: 'token is invalid'
});
return;
}
let signCredential = Buffer.from(JSON.stringify(AuthHelper.signCredential(config.token))).toString('base64'); let signCredential = Buffer.from(JSON.stringify(AuthHelper.signCredential(config.token))).toString('base64');
res.json({ res.json({
code: 0, code: 0,

0
src/webui/src/router/api.ts → src/webui/src/router/auth.ts
View File

48
src/webui/src/router/index.ts
View File

@ -1,6 +1,48 @@
import { Router } from "express"; import { Router } from "express";
import { AuthRouter } from "./api"; import { AuthHelper } from '../../src/helper/SignToken';
import { NextFunction, Request, Response } from 'express';
import { AuthRouter } from "./auth";
const router = Router(); const router = Router();
export async function AuthApi(req: Request, res: Response, next: NextFunction) {
//判断当前url是否为/api/login 如果是跳过鉴权
console.log(req.url);
try {
if (req.url == '/api/auth/login') {
next();
return;
}
if (req.headers?.authorization) {
let token = req.headers?.authorization.split(' ')[1];
let Credential = JSON.parse(Buffer.from(token, 'base64').toString('utf-8'));
let credentialJson = await AuthHelper.checkCredential(Credential);
if (credentialJson) {
next();
}
res.json({
code: -1,
msg: 'Unauthorized',
});
return;
}
} catch (e: any) {
res.json({
code: -1,
msg: 'Server Error',
});
return;
}
res.json({
code: -1,
msg: 'Server Error',
});
return;
}
//router.use('/*', AuthApi);//鉴权
router.all("/test", (req, res) => {
res.json({
code: 0,
msg: 'ok',
});
});
router.use('/auth', AuthRouter);//挂载权限路由 router.use('/auth', AuthRouter);//挂载权限路由
export { router as ALLRouter }
export { router as APIRouter }

2
static/login.html
View File

@ -85,7 +85,7 @@
let data = ""; let data = "";
try { try {
data = await fetch('/api/login', { data = await fetch('/api/auth/login', {
method: 'POST', method: 'POST',
headers: { headers: {
'Content-Type': 'application/json' 'Content-Type': 'application/json'