fix: at 变成负数

README.md

@@ -1,8 +1,9 @@
+<img src="https://napneko.github.io/assets/newnewlogo.png" width = "305" height = "411" alt="NapCat" align=right />
 <div align="center">
 
 # NapCat
 
-![NapCatQQ](https://socialify.git.ci/NapNeko/NapCatQQ/image?font=Jost&logo=https%3A%2F%2Fnapneko.github.io%2Fassets%2Fnewlogo.png&name=1&owner=1&pattern=Diagonal+Stripes&stargazers=1&theme=Auto)
+
 
 _Modern protocol-side framework implemented based on NTQQ._
 

manifest.json

@@ -4,7 +4,7 @@
   "name": "NapCatQQ",
   "slug": "NapCat.Framework",
   "description": "高性能的 OneBot 11 协议实现",
-  "version": "4.7.45",
+  "version": "4.7.47",
   "icon": "./logo.png",
   "authors": [
     {

package.json

@@ -2,7 +2,7 @@
   "name": "napcat",
   "private": true,
   "type": "module",
-  "version": "4.7.45",
+  "version": "4.7.47",
   "scripts": {
     "build:universal": "npm run build:webui && vite build --mode universal || exit 1",
     "build:framework": "npm run build:webui && vite build --mode framework || exit 1",

src/common/version.ts

@@ -1 +1 @@
-export const napCatVersion = '4.7.45';
+export const napCatVersion = '4.7.47';

src/onebot/api/msg.ts

@@ -100,7 +100,7 @@ export class OneBotMsgApi {
                 let qq: string = 'all';
                 if (element.atType !== NTMsgAtType.ATTYPEALL) {
                     const { atNtUid, atUid } = element;
-                    qq = !atUid || atUid === '0' ? await this.core.apis.UserApi.getUinByUidV2(atNtUid) : atUid;
+                    qq = !atUid || atUid === '0' ? await this.core.apis.UserApi.getUinByUidV2(atNtUid) : String(Number(atUid) >>> 0);
                 }
                 return {
                     type: OB11MessageDataType.at,

src/onebot/network/websocket-server.ts

@@ -39,8 +39,11 @@ export class OB11WebSocketServerAdapter extends IOB11NetworkAdapter<WebsocketSer
                 wsClient.close();
                 return;
             }
-            //鉴权
-            this.authorize(this.config.token, wsClient, wsReq);
+            // 鉴权 close 不会立刻销毁 当前返回可避免挂载message事件 close 并未立刻关闭 而是存在timer操作后关闭
+            // 引发高危漏洞
+            if (!this.authorize(this.config.token, wsClient, wsReq)) {
+                return;
+            }
             const paramUrl = wsReq.url?.indexOf('?') !== -1 ? wsReq.url?.substring(0, wsReq.url?.indexOf('?')) : wsReq.url;
             const isApiConnect = paramUrl === '/api' || paramUrl === '/api/';
             if (!isApiConnect) {
@@ -145,15 +148,16 @@ export class OB11WebSocketServerAdapter extends IOB11NetworkAdapter<WebsocketSer
     }
 
     private authorize(token: string | undefined, wsClient: WebSocket, wsReq: IncomingMessage) {
-        if (!token || token.length == 0) return;//客户端未设置密钥
+        if (!token || token.length == 0) return true;//客户端未设置密钥
         const QueryClientToken = urlParse.parse(wsReq?.url || '', true).query['access_token'];
         const HeaderClientToken = wsReq.headers.authorization?.split('Bearer ').pop() || '';
         const ClientToken = typeof (QueryClientToken) === 'string' && QueryClientToken !== '' ? QueryClientToken : HeaderClientToken;
         if (ClientToken === token) {
-            return;
+            return true;
         }
         wsClient.send(JSON.stringify(OB11Response.res(null, 'failed', 1403, 'token验证失败')));
         wsClient.close();
+        return false;
     }
 
     private checkStateAndReply<T>(data: T, wsClient: WebSocket) {