🔖 Update to v1.2.31

support empty secret key
2024-11-21 19:38:17 +00:00 · 2023-02-01 00:46:26 +08:00 · 2023-02-01 00:46:26 +08:00 · 5a49bec540
commit 5a49bec540
parent 29ae48d1ae
6 changed files with 23 additions and 7 deletions
--- a/config.gen.yml
+++ b/config.gen.yml
@ -22,6 +22,7 @@ web_interface:
  secret_key: "RANDOM_STRING_HERE"
  host: "127.0.0.1"
  port: "3333"
+  origins: ["*"]

 # Locale settings
 application_language: "zh-cn"
--- a/pagermaid/init.py
+++ b/pagermaid/init.py
@ -12,7 +12,7 @@ from pagermaid.scheduler import scheduler
 import pyromod.listen
 from pyrogram import Client

-pgm_version = "1.2.30"
+pgm_version = "1.2.31"
 CMD_LIST = {}
 module_dir = __path__[0]
 working_dir = getcwd()
--- a/pagermaid/config.py
+++ b/pagermaid/config.py
@ -103,6 +103,7 @@ class Config:
        WEB_SECRET_KEY = os.environ.get("WEB_SECRET_KEY", web_interface.get("secret_key", "secret_key"))
        WEB_HOST = os.environ.get("WEB_HOST", web_interface.get("host", "127.0.0.1"))
        WEB_PORT = int(os.environ.get("WEB_PORT", web_interface.get("port", 3333)))
+        WEB_ORIGINS = web_interface.get("origins", ["*"])
    except ValueError as e:
        print(e)
        sys.exit(1)
--- a/pagermaid/modules/web.py
+++ b/pagermaid/modules/web.py
@ -1,3 +1,4 @@
+from pagermaid import logs
 from pagermaid.config import Config
 from pagermaid.hook import Hook
 from pagermaid.services import bot
@ -7,6 +8,8 @@ from pagermaid.services import bot
 async def init_web():
    if not Config.WEB_ENABLE:
        return
+    if not Config.WEB_SECRET_KEY:
+        logs.warn("未设置 WEB_SECRET_KEY ，请勿将 PagerMaid-Pyro 暴露在公网")
    import uvicorn
    from pagermaid.web import app, init_web

--- a/pagermaid/web/init.py
+++ b/pagermaid/web/init.py
@ -1,9 +1,11 @@
 from fastapi import FastAPI
 from fastapi.responses import HTMLResponse
+from starlette.middleware.cors import CORSMiddleware
 from starlette.responses import RedirectResponse

-from .api import base_api_router
-from .pages import admin_app, login_page
+from pagermaid.config import Config
+from pagermaid.web.api import base_api_router
+from pagermaid.web.pages import admin_app, login_page

 requestAdaptor = '''
 requestAdaptor(api) {
@ -29,6 +31,14 @@ app: FastAPI = FastAPI()
 def init_web():
    app.include_router(base_api_router)

+    app.add_middleware(
+        CORSMiddleware,
+        allow_origins=Config.WEB_ORIGINS,
+        allow_credentials=True,
+        allow_methods=["*"],
+        allow_headers=["*"]
+    )
+
    @app.get('/', response_class=RedirectResponse)
    async def index():
        return '/admin'
--- a/pagermaid/web/api/utils.py
+++ b/pagermaid/web/api/utils.py
@ -12,10 +12,11 @@ TOKEN_EXPIRE_MINUTES = 30

 def authentication():
    def inner(token: Optional[str] = Header(...)):
-        try:
-            jwt.decode(token, Config.WEB_SECRET_KEY, algorithms=ALGORITHM)
-        except (jwt.JWTError, jwt.ExpiredSignatureError, AttributeError):
-            raise HTTPException(status_code=400, detail='登录验证失败或已失效，请重新登录')
+        if Config.WEB_SECRET_KEY:
+            try:
+                jwt.decode(token, Config.WEB_SECRET_KEY, algorithms=ALGORITHM)
+            except (jwt.JWTError, jwt.ExpiredSignatureError, AttributeError):
+                raise HTTPException(status_code=400, detail='登录验证失败或已失效，请重新登录')

    return Depends(inner)