From d35ad66adf1f27cbbe99108ba25c82a6b2b91879 Mon Sep 17 00:00:00 2001
From: Ink-33 <quhyu@qq.com>
Date: Sat, 29 Aug 2020 20:24:11 +0800
Subject: [PATCH] =?UTF-8?q?=E6=8B=92=E7=BB=9D=E7=A9=BAToken?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/websocket.go | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/server/websocket.go b/server/websocket.go
index 5887d8a..d326665 100644
--- a/server/websocket.go
+++ b/server/websocket.go
@@ -206,7 +206,7 @@ func (c *websocketClient) onBotPushEvent(m coolq.MSG) {
 
 func (s *websocketServer) event(w http.ResponseWriter, r *http.Request) {
 	if s.token != "" {
-		if r.URL.Query().Get("access_token") != s.token {
+		if auth := r.URL.Query().Get("access_token"); auth != s.token && auth != "" {
 			log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr)
 			w.WriteHeader(401)
 			return
@@ -216,6 +216,10 @@ func (s *websocketServer) event(w http.ResponseWriter, r *http.Request) {
 				w.WriteHeader(401)
 				return
 			}
+		} else {
+			log.Warnf("已拒绝 %v 的 Websocket 请求: 空Token", r.RemoteAddr)
+			w.WriteHeader(401)
+			return
 		}
 	}
 	c, err := upgrader.Upgrade(w, r, nil)
@@ -241,7 +245,7 @@ func (s *websocketServer) event(w http.ResponseWriter, r *http.Request) {
 
 func (s *websocketServer) api(w http.ResponseWriter, r *http.Request) {
 	if s.token != "" {
-		if r.URL.Query().Get("access_token") != s.token {
+		if auth := r.URL.Query().Get("access_token"); auth != s.token && auth != "" {
 			log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr)
 			w.WriteHeader(401)
 			return
@@ -251,6 +255,10 @@ func (s *websocketServer) api(w http.ResponseWriter, r *http.Request) {
 				w.WriteHeader(401)
 				return
 			}
+		} else {
+			log.Warnf("已拒绝 %v 的 Websocket 请求: 空Token", r.RemoteAddr)
+			w.WriteHeader(401)
+			return
 		}
 	}
 	c, err := upgrader.Upgrade(w, r, nil)
@@ -265,7 +273,7 @@ func (s *websocketServer) api(w http.ResponseWriter, r *http.Request) {
 
 func (s *websocketServer) any(w http.ResponseWriter, r *http.Request) {
 	if s.token != "" {
-		if r.URL.Query().Get("access_token") != s.token {
+		if auth := r.URL.Query().Get("access_token"); auth != s.token && auth != "" {
 			log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr)
 			w.WriteHeader(401)
 			return
@@ -275,6 +283,10 @@ func (s *websocketServer) any(w http.ResponseWriter, r *http.Request) {
 				w.WriteHeader(401)
 				return
 			}
+		} else {
+			log.Warnf("已拒绝 %v 的 Websocket 请求: 空Token", r.RemoteAddr)
+			w.WriteHeader(401)
+			return
 		}
 	}
 	c, err := upgrader.Upgrade(w, r, nil)