diff --git a/config.gen.yml b/config.gen.yml index da069cd..8924a98 100644 --- a/config.gen.yml +++ b/config.gen.yml @@ -22,6 +22,7 @@ web_interface: secret_key: "RANDOM_STRING_HERE" host: "127.0.0.1" port: "3333" + origins: ["*"] # Locale settings application_language: "zh-cn" diff --git a/pagermaid/__init__.py b/pagermaid/__init__.py index f2f1df0..b5c0089 100644 --- a/pagermaid/__init__.py +++ b/pagermaid/__init__.py @@ -12,7 +12,7 @@ from pagermaid.scheduler import scheduler import pyromod.listen from pyrogram import Client -pgm_version = "1.2.30" +pgm_version = "1.2.31" CMD_LIST = {} module_dir = __path__[0] working_dir = getcwd() diff --git a/pagermaid/config.py b/pagermaid/config.py index c85246f..ee670eb 100644 --- a/pagermaid/config.py +++ b/pagermaid/config.py @@ -103,6 +103,7 @@ class Config: WEB_SECRET_KEY = os.environ.get("WEB_SECRET_KEY", web_interface.get("secret_key", "secret_key")) WEB_HOST = os.environ.get("WEB_HOST", web_interface.get("host", "127.0.0.1")) WEB_PORT = int(os.environ.get("WEB_PORT", web_interface.get("port", 3333))) + WEB_ORIGINS = web_interface.get("origins", ["*"]) except ValueError as e: print(e) sys.exit(1) diff --git a/pagermaid/modules/web.py b/pagermaid/modules/web.py index 177817b..be9addc 100644 --- a/pagermaid/modules/web.py +++ b/pagermaid/modules/web.py @@ -1,3 +1,4 @@ +from pagermaid import logs from pagermaid.config import Config from pagermaid.hook import Hook from pagermaid.services import bot @@ -7,6 +8,8 @@ from pagermaid.services import bot async def init_web(): if not Config.WEB_ENABLE: return + if not Config.WEB_SECRET_KEY: + logs.warn("未设置 WEB_SECRET_KEY ,请勿将 PagerMaid-Pyro 暴露在公网") import uvicorn from pagermaid.web import app, init_web diff --git a/pagermaid/web/__init__.py b/pagermaid/web/__init__.py index 96c6ec3..935f68f 100644 --- a/pagermaid/web/__init__.py +++ b/pagermaid/web/__init__.py @@ -1,9 +1,11 @@ from fastapi import FastAPI from fastapi.responses import HTMLResponse +from starlette.middleware.cors import CORSMiddleware from starlette.responses import RedirectResponse -from .api import base_api_router -from .pages import admin_app, login_page +from pagermaid.config import Config +from pagermaid.web.api import base_api_router +from pagermaid.web.pages import admin_app, login_page requestAdaptor = ''' requestAdaptor(api) { @@ -29,6 +31,14 @@ app: FastAPI = FastAPI() def init_web(): app.include_router(base_api_router) + app.add_middleware( + CORSMiddleware, + allow_origins=Config.WEB_ORIGINS, + allow_credentials=True, + allow_methods=["*"], + allow_headers=["*"] + ) + @app.get('/', response_class=RedirectResponse) async def index(): return '/admin' diff --git a/pagermaid/web/api/utils.py b/pagermaid/web/api/utils.py index c347758..3ff797e 100644 --- a/pagermaid/web/api/utils.py +++ b/pagermaid/web/api/utils.py @@ -12,10 +12,11 @@ TOKEN_EXPIRE_MINUTES = 30 def authentication(): def inner(token: Optional[str] = Header(...)): - try: - jwt.decode(token, Config.WEB_SECRET_KEY, algorithms=ALGORITHM) - except (jwt.JWTError, jwt.ExpiredSignatureError, AttributeError): - raise HTTPException(status_code=400, detail='登录验证失败或已失效,请重新登录') + if Config.WEB_SECRET_KEY: + try: + jwt.decode(token, Config.WEB_SECRET_KEY, algorithms=ALGORITHM) + except (jwt.JWTError, jwt.ExpiredSignatureError, AttributeError): + raise HTTPException(status_code=400, detail='登录验证失败或已失效,请重新登录') return Depends(inner)