实现 OneBot HTTP/WS 状态码标准, Closes #812

2025-05-06 03:53:50 +08:00 · 2021-04-11 01:53:51 +08:00 · 2021-04-11 01:53:51 +08:00 · 971a9575ff
commit 971a9575ff
parent 35860a4b11
2 changed files with 47 additions and 31 deletions
--- a/server/http.go
+++ b/server/http.go
@ -86,16 +86,26 @@ func RunHTTPServerAndClients(bot *coolq.CQBot, conf *config.HTTPServer) {
 	if authToken != "" {
 		s.engine.Use(func(c *gin.Context) {
 			auth := c.Request.Header.Get("Authorization")
+			if auth == "" {
+				headAuth := c.Query("access_token")
 				switch {
-			case auth != "":
-				if strings.SplitN(auth, " ", 2)[1] != authToken {
-					c.AbortWithStatus(401)
-				}
-			case c.Query("access_token") != authToken:
+				case headAuth == "":
 					c.AbortWithStatus(401)
 					return
-			default:
-				c.Next()
+				case headAuth != authToken:
+					c.AbortWithStatus(403)
+					return
+				}
+			} else {
+				auth := strings.SplitN(auth, " ", 2)
+				switch {
+				case len(auth) != 2 || auth[1] == "":
+					c.AbortWithStatus(401)
+					return
+				case auth[1] != authToken:
+					c.AbortWithStatus(403)
+					return
+				}
 			}
 		})
 	}
--- a/server/websocket.go
+++ b/server/websocket.go
@ -264,16 +264,30 @@ func (c *WebSocketClient) onBotPushEvent(m *bytes.Buffer) {
 	}
 }

-func (s *webSocketServer) event(w http.ResponseWriter, r *http.Request) {
-	if s.conf.AccessToken != "" {
-		if auth := r.URL.Query().Get("access_token"); auth != s.token {
-			if auth := strings.SplitN(r.Header.Get("Authorization"), " ", 2); len(auth) != 2 || auth[1] != s.token {
+func (s *webSocketServer) auth(r *http.Request) (bool, int) {
+	if s.token != "" { // s.token == s.conf.AccessToken
+		var auth string
+		if auth = r.URL.Query().Get("access_token"); auth == "" {
+			headAuth := strings.SplitN(r.Header.Get("Authorization"), " ", 2)
+			if len(headAuth) != 2 || headAuth[1] == "" {
+				return false, 401
+			}
+			auth = headAuth[1]
+		}
+		if auth != s.token {
 			log.Warnf("已拒绝 %v 的 WebSocket 请求: Token鉴权失败", r.RemoteAddr)
-				w.WriteHeader(401)
+			return false, 403
+		}
+	}
+	return true, 0
+}
+
+func (s *webSocketServer) event(w http.ResponseWriter, r *http.Request) {
+	isAuth, errReason := s.auth(r)
+	if !isAuth {
+		w.WriteHeader(errReason)
 		return
 	}
-		}
-	}
 	c, err := upgrader.Upgrade(w, r, nil)
 	if err != nil {
 		log.Warnf("处理 WebSocket 请求时出现错误: %v", err)
@ -296,15 +310,11 @@ func (s *webSocketServer) event(w http.ResponseWriter, r *http.Request) {
 }

 func (s *webSocketServer) api(w http.ResponseWriter, r *http.Request) {
-	if s.token != "" {
-		if auth := r.URL.Query().Get("access_token"); auth != s.token {
-			if auth := strings.SplitN(r.Header.Get("Authorization"), " ", 2); len(auth) != 2 || auth[1] != s.token {
-				log.Warnf("已拒绝 %v 的 WebSocket 请求: Token鉴权失败", r.RemoteAddr)
-				w.WriteHeader(401)
+	isAuth, errReason := s.auth(r)
+	if !isAuth {
+		w.WriteHeader(errReason)
 		return
 	}
-		}
-	}
 	c, err := upgrader.Upgrade(w, r, nil)
 	if err != nil {
 		log.Warnf("处理 WebSocket 请求时出现错误: %v", err)
@ -319,15 +329,11 @@ func (s *webSocketServer) api(w http.ResponseWriter, r *http.Request) {
 }

 func (s *webSocketServer) any(w http.ResponseWriter, r *http.Request) {
-	if s.token != "" {
-		if auth := r.URL.Query().Get("access_token"); auth != s.token {
-			if auth := strings.SplitN(r.Header.Get("Authorization"), " ", 2); len(auth) != 2 || auth[1] != s.token {
-				log.Warnf("已拒绝 %v 的 WebSocket 请求: Token鉴权失败", r.RemoteAddr)
-				w.WriteHeader(401)
+	isAuth, errReason := s.auth(r)
+	if !isAuth {
+		w.WriteHeader(errReason)
 		return
 	}
-		}
-	}
 	c, err := upgrader.Upgrade(w, r, nil)
 	if err != nil {
 		log.Warnf("处理 WebSocket 请求时出现错误: %v", err)