From 33120b249625061f15c19b601f43436bd72662d7 Mon Sep 17 00:00:00 2001 From: Ink33 <51873347+Ink-33@users.noreply.github.com> Date: Sat, 29 Aug 2020 16:44:31 +0800 Subject: [PATCH 1/8] Update websocket.go --- server/websocket.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/server/websocket.go b/server/websocket.go index 7f0cae6..bc917e9 100644 --- a/server/websocket.go +++ b/server/websocket.go @@ -206,7 +206,7 @@ func (c *websocketClient) onBotPushEvent(m coolq.MSG) { func (s *websocketServer) event(w http.ResponseWriter, r *http.Request) { if s.token != "" { - if r.URL.Query().Get("access_token") != s.token && strings.SplitN(r.Header.Get("Authorization"), " ", 2)[1] != s.token { + if r.URL.Query().Get("access_token") != s.token || strings.SplitN(r.Header.Get("Authorization"), " ", 2)[1] != s.token { log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr) w.WriteHeader(401) return @@ -235,7 +235,7 @@ func (s *websocketServer) event(w http.ResponseWriter, r *http.Request) { func (s *websocketServer) api(w http.ResponseWriter, r *http.Request) { if s.token != "" { - if r.URL.Query().Get("access_token") != s.token && strings.SplitN(r.Header.Get("Authorization"), " ", 2)[1] != s.token { + if r.URL.Query().Get("access_token") != s.token || strings.SplitN(r.Header.Get("Authorization"), " ", 2)[1] != s.token { log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr) w.WriteHeader(401) return @@ -253,7 +253,7 @@ func (s *websocketServer) api(w http.ResponseWriter, r *http.Request) { func (s *websocketServer) any(w http.ResponseWriter, r *http.Request) { if s.token != "" { - if r.URL.Query().Get("access_token") != s.token && strings.SplitN(r.Header.Get("Authorization"), " ", 2)[1] != s.token { + if r.URL.Query().Get("access_token") != s.token || strings.SplitN(r.Header.Get("Authorization"), " ", 2)[1] != s.token { log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr) w.WriteHeader(401) return From d0398f30c6c40cc934501db468ff1857ba75c937 Mon Sep 17 00:00:00 2001 From: Ink-33 Date: Sat, 29 Aug 2020 17:06:25 +0800 Subject: [PATCH 2/8] Revert "Update websocket.go" This reverts commit 33120b249625061f15c19b601f43436bd72662d7. revert --- server/websocket.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/server/websocket.go b/server/websocket.go index bc917e9..7f0cae6 100644 --- a/server/websocket.go +++ b/server/websocket.go @@ -206,7 +206,7 @@ func (c *websocketClient) onBotPushEvent(m coolq.MSG) { func (s *websocketServer) event(w http.ResponseWriter, r *http.Request) { if s.token != "" { - if r.URL.Query().Get("access_token") != s.token || strings.SplitN(r.Header.Get("Authorization"), " ", 2)[1] != s.token { + if r.URL.Query().Get("access_token") != s.token && strings.SplitN(r.Header.Get("Authorization"), " ", 2)[1] != s.token { log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr) w.WriteHeader(401) return @@ -235,7 +235,7 @@ func (s *websocketServer) event(w http.ResponseWriter, r *http.Request) { func (s *websocketServer) api(w http.ResponseWriter, r *http.Request) { if s.token != "" { - if r.URL.Query().Get("access_token") != s.token || strings.SplitN(r.Header.Get("Authorization"), " ", 2)[1] != s.token { + if r.URL.Query().Get("access_token") != s.token && strings.SplitN(r.Header.Get("Authorization"), " ", 2)[1] != s.token { log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr) w.WriteHeader(401) return @@ -253,7 +253,7 @@ func (s *websocketServer) api(w http.ResponseWriter, r *http.Request) { func (s *websocketServer) any(w http.ResponseWriter, r *http.Request) { if s.token != "" { - if r.URL.Query().Get("access_token") != s.token || strings.SplitN(r.Header.Get("Authorization"), " ", 2)[1] != s.token { + if r.URL.Query().Get("access_token") != s.token && strings.SplitN(r.Header.Get("Authorization"), " ", 2)[1] != s.token { log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr) w.WriteHeader(401) return From 9c65ff4dcd86e1d67dd3f8d3b7a36761c67d7bd1 Mon Sep 17 00:00:00 2001 From: Ink-33 Date: Sat, 29 Aug 2020 17:24:09 +0800 Subject: [PATCH 3/8] =?UTF-8?q?=E5=B0=9D=E8=AF=95=E4=BF=AE=E5=A4=8D?= =?UTF-8?q?=E6=AD=A3=E5=90=91WebSocket=E4=B8=8B=E7=9A=84=E9=89=B4=E6=9D=83?= =?UTF-8?q?panic?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server/websocket.go | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/server/websocket.go b/server/websocket.go index 7f0cae6..5887d8a 100644 --- a/server/websocket.go +++ b/server/websocket.go @@ -206,10 +206,16 @@ func (c *websocketClient) onBotPushEvent(m coolq.MSG) { func (s *websocketServer) event(w http.ResponseWriter, r *http.Request) { if s.token != "" { - if r.URL.Query().Get("access_token") != s.token && strings.SplitN(r.Header.Get("Authorization"), " ", 2)[1] != s.token { + if r.URL.Query().Get("access_token") != s.token { log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr) w.WriteHeader(401) return + } else if auth := r.Header.Get("Authorization"); auth != "" { + if strings.SplitN(auth, " ", 2)[1] != s.token { + log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr) + w.WriteHeader(401) + return + } } } c, err := upgrader.Upgrade(w, r, nil) @@ -235,10 +241,16 @@ func (s *websocketServer) event(w http.ResponseWriter, r *http.Request) { func (s *websocketServer) api(w http.ResponseWriter, r *http.Request) { if s.token != "" { - if r.URL.Query().Get("access_token") != s.token && strings.SplitN(r.Header.Get("Authorization"), " ", 2)[1] != s.token { + if r.URL.Query().Get("access_token") != s.token { log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr) w.WriteHeader(401) return + } else if auth := r.Header.Get("Authorization"); auth != "" { + if strings.SplitN(auth, " ", 2)[1] != s.token { + log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr) + w.WriteHeader(401) + return + } } } c, err := upgrader.Upgrade(w, r, nil) @@ -253,10 +265,16 @@ func (s *websocketServer) api(w http.ResponseWriter, r *http.Request) { func (s *websocketServer) any(w http.ResponseWriter, r *http.Request) { if s.token != "" { - if r.URL.Query().Get("access_token") != s.token && strings.SplitN(r.Header.Get("Authorization"), " ", 2)[1] != s.token { + if r.URL.Query().Get("access_token") != s.token { log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr) w.WriteHeader(401) return + } else if auth := r.Header.Get("Authorization"); auth != "" { + if strings.SplitN(auth, " ", 2)[1] != s.token { + log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr) + w.WriteHeader(401) + return + } } } c, err := upgrader.Upgrade(w, r, nil) From f5692253050c9ed0fd36557b5d73d515d6b30b3c Mon Sep 17 00:00:00 2001 From: Ink-33 Date: Sat, 29 Aug 2020 17:49:40 +0800 Subject: [PATCH 4/8] =?UTF-8?q?=E5=8A=A0=E8=BD=BD=E9=85=8D=E7=BD=AE?= =?UTF-8?q?=E5=A4=B1=E8=B4=A5=E5=90=8E=E5=A4=87=E4=BB=BD=E6=BA=90=E9=85=8D?= =?UTF-8?q?=E7=BD=AE=E6=96=87=E4=BB=B6=20=E9=85=8D=E7=BD=AE=E7=BB=93?= =?UTF-8?q?=E6=9E=84=E5=8D=87=E7=BA=A7=E4=B8=8D=E5=A4=87=E4=BB=BD=EF=BC=8C?= =?UTF-8?q?=E6=88=91=E9=85=8D=E7=BD=AE=E6=B2=A1=E4=BA=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- global/config.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/global/config.go b/global/config.go index a69f973..07ba209 100644 --- a/global/config.go +++ b/global/config.go @@ -2,6 +2,8 @@ package global import ( "encoding/json" + "os" + "strconv" "time" log "github.com/sirupsen/logrus" @@ -117,6 +119,8 @@ func Load(p string) *JsonConfig { err := json.Unmarshal([]byte(ReadAllText(p)), &c) if err != nil { log.Warnf("尝试加载配置文件 %v 时出现错误: %v", p, err) + log.Infoln("原文件已备份") + os.Rename(p, p+".backup"+strconv.FormatInt(time.Now().Unix(), 10)) return nil } return &c From 804bd9a711ee5f4d562cadf5956a69092653450b Mon Sep 17 00:00:00 2001 From: Ink-33 Date: Sat, 29 Aug 2020 17:54:39 +0800 Subject: [PATCH 5/8] =?UTF-8?q?=E5=8D=87=E7=BA=A7=E4=BE=9D=E8=B5=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- go.mod | 10 ++++++---- go.sum | 18 ++++++++++++++++++ 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index d32cd0f..0c1dda9 100644 --- a/go.mod +++ b/go.mod @@ -7,18 +7,20 @@ require ( github.com/fastly/go-utils v0.0.0-20180712184237-d95a45783239 // indirect github.com/gin-gonic/gin v1.6.3 github.com/gorilla/websocket v1.4.2 - github.com/guonaihong/gout v0.1.1 + github.com/guonaihong/gout v0.1.2 github.com/jehiah/go-strftime v0.0.0-20171201141054-1d33003b3869 // indirect github.com/jonboulle/clockwork v0.2.0 // indirect github.com/lestrrat-go/file-rotatelogs v2.3.0+incompatible - github.com/lestrrat-go/strftime v1.0.1 // indirect + github.com/lestrrat-go/strftime v1.0.3 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5 github.com/sirupsen/logrus v1.6.0 github.com/t-tomalak/logrus-easy-formatter v0.0.0-20190827215021-c074f06c5816 github.com/tebeka/strftime v0.1.5 // indirect - github.com/tidwall/gjson v1.6.0 + github.com/tidwall/gjson v1.6.1 github.com/xujiajun/nutsdb v0.5.0 github.com/yinghau76/go-ascii-art v0.0.0-20190517192627-e7f465a30189 - golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae // indirect + golang.org/x/net v0.0.0-20200822124328-c89045814202 // indirect + golang.org/x/sys v0.0.0-20200828194041-157a740278f4 // indirect + gopkg.in/yaml.v2 v2.3.0 // indirect ) diff --git a/go.sum b/go.sum index 3eeba5c..95a0168 100644 --- a/go.sum +++ b/go.sum @@ -49,6 +49,8 @@ github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0U github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/guonaihong/gout v0.1.1 h1:2i3eqQ1KUhTlj7AFeIHqVUFku5QwUhwE2wNgYTVpbxQ= github.com/guonaihong/gout v0.1.1/go.mod h1:vXvv5Kxr70eM5wrp4F0+t9lnLWmq+YPW2GByll2f/EA= +github.com/guonaihong/gout v0.1.2 h1:TR2XCRopGgJdj231IayEoeavgbznFXzzzcZVdT/hG10= +github.com/guonaihong/gout v0.1.2/go.mod h1:vXvv5Kxr70eM5wrp4F0+t9lnLWmq+YPW2GByll2f/EA= github.com/jehiah/go-strftime v0.0.0-20171201141054-1d33003b3869/go.mod h1:cJ6Cj7dQo+O6GJNiMx+Pa94qKj+TG8ONdKHgMNIyyag= github.com/jonboulle/clockwork v0.2.0/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= @@ -64,6 +66,8 @@ github.com/lestrrat-go/file-rotatelogs v2.3.0+incompatible h1:4mNlp+/SvALIPFpbXV github.com/lestrrat-go/file-rotatelogs v2.3.0+incompatible/go.mod h1:ZQnN8lSECaebrkQytbHj4xNgtg8CR7RYXnPok8e0EHA= github.com/lestrrat-go/strftime v1.0.1 h1:o7qz5pmLzPDLyGW4lG6JvTKPUfTFXwe+vOamIYWtnVU= github.com/lestrrat-go/strftime v1.0.1/go.mod h1:E1nN3pCbtMSu1yjSVeyuRFVm/U0xoR76fd03sz+Qz4g= +github.com/lestrrat-go/strftime v1.0.3 h1:qqOPU7y+TM8Y803I8fG9c/DyKG3xH/xkng6keC1015Q= +github.com/lestrrat-go/strftime v1.0.3/go.mod h1:E1nN3pCbtMSu1yjSVeyuRFVm/U0xoR76fd03sz+Qz4g= github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ= github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= @@ -91,10 +95,14 @@ github.com/t-tomalak/logrus-easy-formatter v0.0.0-20190827215021-c074f06c5816/go github.com/tebeka/strftime v0.1.5/go.mod h1:29/OidkoWHdEKZqzyDLUyC+LmgDgdHo4WAFCDT7D/Ig= github.com/tidwall/gjson v1.6.0 h1:9VEQWz6LLMUsUl6PueE49ir4Ka6CzLymOAZDxpFsTDc= github.com/tidwall/gjson v1.6.0/go.mod h1:P256ACg0Mn+j1RXIDXoss50DeIABTYK1PULOJHhxOls= +github.com/tidwall/gjson v1.6.1 h1:LRbvNuNuvAiISWg6gxLEFuCe72UKy5hDqhxW/8183ws= +github.com/tidwall/gjson v1.6.1/go.mod h1:BaHyNc5bjzYkPqgLq7mdVzeiRtULKULXLgZFKsxEHI0= github.com/tidwall/match v1.0.1 h1:PnKP62LPNxHKTwvHHZZzdOAOCtsJTjo6dZLCwpKm5xc= github.com/tidwall/match v1.0.1/go.mod h1:LujAq0jyVjBy028G1WhWfIzbpQfMO8bBZ6Tyb0+pL9E= github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= +github.com/tidwall/pretty v1.0.2 h1:Z7S3cePv9Jwm1KwS0513MRaoUe3S01WPbLNV40pwWZU= +github.com/tidwall/pretty v1.0.2/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/ugorji/go v1.1.7 h1:/68gy2h+1mWMrwZFeD1kQialdSzAb432dtpeJ42ovdo= github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= github.com/ugorji/go/codec v1.1.7 h1:2SvQaVZ1ouYrrKKwoSk2pzd4A9evlKJb9oTL+OaLUSs= @@ -109,6 +117,7 @@ github.com/xujiajun/utils v0.0.0-20190123093513-8bf096c4f53b/go.mod h1:AZd87GYJl github.com/yinghau76/go-ascii-art v0.0.0-20190517192627-e7f465a30189 h1:4UJw9if55Fu3HOwbfcaQlJ27p3oeJU2JZqoeT3ITJQk= github.com/yinghau76/go-ascii-art v0.0.0-20190517192627-e7f465a30189/go.mod h1:rIrm5geMiBhPQkdfUm8gDFi/WiHneOp1i9KjmJqc+9I= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -117,8 +126,11 @@ golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa h1:F+8P+gmewFQYRk6JoLQLwjBCTu3mcIURZfNkVweuRKA= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200822124328-c89045814202 h1:VvcQYSHwXgi7W+TpUR6A9g6Up98WAHf3f/ulnJ62IyA= +golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -126,11 +138,15 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181221143128-b4a75ba826a6/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae h1:Ih9Yo4hSPImZOpfGuA4bR/ORKTAbhZo2AbWNRCnevdo= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200828194041-157a740278f4 h1:kCCpuwSAoYJPkNc6x0xT9yTtV4oKtARo4RGBQWOfg9E= +golang.org/x/sys v0.0.0-20200828194041-157a740278f4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -163,5 +179,7 @@ gopkg.in/go-playground/validator.v9 v9.29.1/go.mod h1:+c9/zcJMFNgbLvly1L1V+PpxWd gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= From 047b5208f4f50a543a4a12a7646b5ae28551102a Mon Sep 17 00:00:00 2001 From: Ink-33 Date: Sat, 29 Aug 2020 17:55:08 +0800 Subject: [PATCH 6/8] =?UTF-8?q?Builder=E6=9B=B4=E6=8D=A2=E4=B8=BA1.14.7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 62ddbbd..478327d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.14.2-alpine AS builder +FROM golang:1.14.7-alpine AS builder RUN go env -w GO111MODULE=auto \ && go env -w CGO_ENABLED=0 \ From d35ad66adf1f27cbbe99108ba25c82a6b2b91879 Mon Sep 17 00:00:00 2001 From: Ink-33 Date: Sat, 29 Aug 2020 20:24:11 +0800 Subject: [PATCH 7/8] =?UTF-8?q?=E6=8B=92=E7=BB=9D=E7=A9=BAToken?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- server/websocket.go | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/server/websocket.go b/server/websocket.go index 5887d8a..d326665 100644 --- a/server/websocket.go +++ b/server/websocket.go @@ -206,7 +206,7 @@ func (c *websocketClient) onBotPushEvent(m coolq.MSG) { func (s *websocketServer) event(w http.ResponseWriter, r *http.Request) { if s.token != "" { - if r.URL.Query().Get("access_token") != s.token { + if auth := r.URL.Query().Get("access_token"); auth != s.token && auth != "" { log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr) w.WriteHeader(401) return @@ -216,6 +216,10 @@ func (s *websocketServer) event(w http.ResponseWriter, r *http.Request) { w.WriteHeader(401) return } + } else { + log.Warnf("已拒绝 %v 的 Websocket 请求: 空Token", r.RemoteAddr) + w.WriteHeader(401) + return } } c, err := upgrader.Upgrade(w, r, nil) @@ -241,7 +245,7 @@ func (s *websocketServer) event(w http.ResponseWriter, r *http.Request) { func (s *websocketServer) api(w http.ResponseWriter, r *http.Request) { if s.token != "" { - if r.URL.Query().Get("access_token") != s.token { + if auth := r.URL.Query().Get("access_token"); auth != s.token && auth != "" { log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr) w.WriteHeader(401) return @@ -251,6 +255,10 @@ func (s *websocketServer) api(w http.ResponseWriter, r *http.Request) { w.WriteHeader(401) return } + } else { + log.Warnf("已拒绝 %v 的 Websocket 请求: 空Token", r.RemoteAddr) + w.WriteHeader(401) + return } } c, err := upgrader.Upgrade(w, r, nil) @@ -265,7 +273,7 @@ func (s *websocketServer) api(w http.ResponseWriter, r *http.Request) { func (s *websocketServer) any(w http.ResponseWriter, r *http.Request) { if s.token != "" { - if r.URL.Query().Get("access_token") != s.token { + if auth := r.URL.Query().Get("access_token"); auth != s.token && auth != "" { log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr) w.WriteHeader(401) return @@ -275,6 +283,10 @@ func (s *websocketServer) any(w http.ResponseWriter, r *http.Request) { w.WriteHeader(401) return } + } else { + log.Warnf("已拒绝 %v 的 Websocket 请求: 空Token", r.RemoteAddr) + w.WriteHeader(401) + return } } c, err := upgrader.Upgrade(w, r, nil) From 1f7c4cab5072959d24f68c1ebd77524fdfc0c31b Mon Sep 17 00:00:00 2001 From: Ink-33 Date: Sat, 29 Aug 2020 22:24:53 +0800 Subject: [PATCH 8/8] Update --- server/websocket.go | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/server/websocket.go b/server/websocket.go index d326665..5c04d52 100644 --- a/server/websocket.go +++ b/server/websocket.go @@ -210,14 +210,14 @@ func (s *websocketServer) event(w http.ResponseWriter, r *http.Request) { log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr) w.WriteHeader(401) return - } else if auth := r.Header.Get("Authorization"); auth != "" { - if strings.SplitN(auth, " ", 2)[1] != s.token { + } else if auth := strings.SplitN(r.Header.Get("Authorization"), " ", 2); len(auth) == 2 { + if auth[1] != s.token { log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr) w.WriteHeader(401) return } } else { - log.Warnf("已拒绝 %v 的 Websocket 请求: 空Token", r.RemoteAddr) + log.Warnf("已拒绝 %v 的 Websocket 请求: 空Token或传入格式错误", r.RemoteAddr) w.WriteHeader(401) return } @@ -249,14 +249,14 @@ func (s *websocketServer) api(w http.ResponseWriter, r *http.Request) { log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr) w.WriteHeader(401) return - } else if auth := r.Header.Get("Authorization"); auth != "" { - if strings.SplitN(auth, " ", 2)[1] != s.token { + } else if auth := strings.SplitN(r.Header.Get("Authorization"), " ", 2); len(auth) == 2 { + if auth[1] != s.token { log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr) w.WriteHeader(401) return } } else { - log.Warnf("已拒绝 %v 的 Websocket 请求: 空Token", r.RemoteAddr) + log.Warnf("已拒绝 %v 的 Websocket 请求: 空Token或传入格式错误", r.RemoteAddr) w.WriteHeader(401) return } @@ -277,14 +277,14 @@ func (s *websocketServer) any(w http.ResponseWriter, r *http.Request) { log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr) w.WriteHeader(401) return - } else if auth := r.Header.Get("Authorization"); auth != "" { - if strings.SplitN(auth, " ", 2)[1] != s.token { + } else if auth := strings.SplitN(r.Header.Get("Authorization"), " ", 2); len(auth) == 2 { + if auth[1] != s.token { log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr) w.WriteHeader(401) return } } else { - log.Warnf("已拒绝 %v 的 Websocket 请求: 空Token", r.RemoteAddr) + log.Warnf("已拒绝 %v 的 Websocket 请求: 空Token或传入格式错误", r.RemoteAddr) w.WriteHeader(401) return }