实现 OneBot HTTP/WS 状态码标准, Closes #812

2025-05-06 12:03:50 +08:00 · 2021-04-11 01:53:51 +08:00 · 2021-04-11 01:53:51 +08:00 · 971a9575ff
commit 971a9575ff
parent 35860a4b11
2 changed files with 47 additions and 31 deletions
--- a/server/http.go
+++ b/server/http.go
@ -86,16 +86,26 @@ func RunHTTPServerAndClients(bot *coolq.CQBot, conf *config.HTTPServer) {
 	if authToken != "" {
 		s.engine.Use(func(c *gin.Context) {
 			auth := c.Request.Header.Get("Authorization")
-			switch {
+			if auth == "" {
-			case auth != "":
+				headAuth := c.Query("access_token")
-				if strings.SplitN(auth, " ", 2)[1] != authToken {
+				switch {
 				case headAuth == "":
 					c.AbortWithStatus(401)
 					return
 				case headAuth != authToken:
 					c.AbortWithStatus(403)
 					return
 				}
 			} else {
 				auth := strings.SplitN(auth, " ", 2)
 				switch {
 				case len(auth) != 2 || auth[1] == "":
 					c.AbortWithStatus(401)
 					return
 				case auth[1] != authToken:
 					c.AbortWithStatus(403)
 					return
 				}
 			case c.Query("access_token") != authToken:
 				c.AbortWithStatus(401)
 				return
 			default:
 				c.Next()
 			}
 		})
 	}
--- a/server/websocket.go
+++ b/server/websocket.go
@ -264,15 +264,29 @@ func (c *WebSocketClient) onBotPushEvent(m *bytes.Buffer) {
 	}
 }
-func (s *webSocketServer) event(w http.ResponseWriter, r *http.Request) {
+func (s *webSocketServer) auth(r *http.Request) (bool, int) {
-	if s.conf.AccessToken != "" {
+	if s.token != "" { // s.token == s.conf.AccessToken
-		if auth := r.URL.Query().Get("access_token"); auth != s.token {
+		var auth string
-			if auth := strings.SplitN(r.Header.Get("Authorization"), " ", 2); len(auth) != 2 || auth[1] != s.token {
+		if auth = r.URL.Query().Get("access_token"); auth == "" {
-				log.Warnf("已拒绝 %v 的 WebSocket 请求: Token鉴权失败", r.RemoteAddr)
+			headAuth := strings.SplitN(r.Header.Get("Authorization"), " ", 2)
-				w.WriteHeader(401)
+			if len(headAuth) != 2 || headAuth[1] == "" {
-				return
+				return false, 401
 			}
 			auth = headAuth[1]
 		}
 		if auth != s.token {
 			log.Warnf("已拒绝 %v 的 WebSocket 请求: Token鉴权失败", r.RemoteAddr)
 			return false, 403
 		}
 	}
 	return true, 0
 }
 func (s *webSocketServer) event(w http.ResponseWriter, r *http.Request) {
 	isAuth, errReason := s.auth(r)
 	if !isAuth {
 		w.WriteHeader(errReason)
 		return
 	}
 	c, err := upgrader.Upgrade(w, r, nil)
 	if err != nil {
@ -296,14 +310,10 @@ func (s *webSocketServer) event(w http.ResponseWriter, r *http.Request) {
 }
 func (s *webSocketServer) api(w http.ResponseWriter, r *http.Request) {
-	if s.token != "" {
+	isAuth, errReason := s.auth(r)
-		if auth := r.URL.Query().Get("access_token"); auth != s.token {
+	if !isAuth {
-			if auth := strings.SplitN(r.Header.Get("Authorization"), " ", 2); len(auth) != 2 || auth[1] != s.token {
+		w.WriteHeader(errReason)
-				log.Warnf("已拒绝 %v 的 WebSocket 请求: Token鉴权失败", r.RemoteAddr)
+		return
 				w.WriteHeader(401)
 				return
 			}
 		}
 	}
 	c, err := upgrader.Upgrade(w, r, nil)
 	if err != nil {
@ -319,14 +329,10 @@ func (s *webSocketServer) api(w http.ResponseWriter, r *http.Request) {
 }
 func (s *webSocketServer) any(w http.ResponseWriter, r *http.Request) {
-	if s.token != "" {
+	isAuth, errReason := s.auth(r)
-		if auth := r.URL.Query().Get("access_token"); auth != s.token {
+	if !isAuth {
-			if auth := strings.SplitN(r.Header.Get("Authorization"), " ", 2); len(auth) != 2 || auth[1] != s.token {
+		w.WriteHeader(errReason)
-				log.Warnf("已拒绝 %v 的 WebSocket 请求: Token鉴权失败", r.RemoteAddr)
+		return
 				w.WriteHeader(401)
 				return
 			}
 		}
 	}
 	c, err := upgrader.Upgrade(w, r, nil)
 	if err != nil {