🔖 Update to v1.2.31

support empty secret key
This commit is contained in:
xtaodada 2023-02-01 00:46:26 +08:00
parent 29ae48d1ae
commit 5a49bec540
Signed by: xtaodada
GPG Key ID: 4CBB3F4FA8C85659
6 changed files with 23 additions and 7 deletions

View File

@ -22,6 +22,7 @@ web_interface:
secret_key: "RANDOM_STRING_HERE"
host: "127.0.0.1"
port: "3333"
origins: ["*"]
# Locale settings
application_language: "zh-cn"

View File

@ -12,7 +12,7 @@ from pagermaid.scheduler import scheduler
import pyromod.listen
from pyrogram import Client
pgm_version = "1.2.30"
pgm_version = "1.2.31"
CMD_LIST = {}
module_dir = __path__[0]
working_dir = getcwd()

View File

@ -103,6 +103,7 @@ class Config:
WEB_SECRET_KEY = os.environ.get("WEB_SECRET_KEY", web_interface.get("secret_key", "secret_key"))
WEB_HOST = os.environ.get("WEB_HOST", web_interface.get("host", "127.0.0.1"))
WEB_PORT = int(os.environ.get("WEB_PORT", web_interface.get("port", 3333)))
WEB_ORIGINS = web_interface.get("origins", ["*"])
except ValueError as e:
print(e)
sys.exit(1)

View File

@ -1,3 +1,4 @@
from pagermaid import logs
from pagermaid.config import Config
from pagermaid.hook import Hook
from pagermaid.services import bot
@ -7,6 +8,8 @@ from pagermaid.services import bot
async def init_web():
if not Config.WEB_ENABLE:
return
if not Config.WEB_SECRET_KEY:
logs.warn("未设置 WEB_SECRET_KEY ,请勿将 PagerMaid-Pyro 暴露在公网")
import uvicorn
from pagermaid.web import app, init_web

View File

@ -1,9 +1,11 @@
from fastapi import FastAPI
from fastapi.responses import HTMLResponse
from starlette.middleware.cors import CORSMiddleware
from starlette.responses import RedirectResponse
from .api import base_api_router
from .pages import admin_app, login_page
from pagermaid.config import Config
from pagermaid.web.api import base_api_router
from pagermaid.web.pages import admin_app, login_page
requestAdaptor = '''
requestAdaptor(api) {
@ -29,6 +31,14 @@ app: FastAPI = FastAPI()
def init_web():
app.include_router(base_api_router)
app.add_middleware(
CORSMiddleware,
allow_origins=Config.WEB_ORIGINS,
allow_credentials=True,
allow_methods=["*"],
allow_headers=["*"]
)
@app.get('/', response_class=RedirectResponse)
async def index():
return '/admin'

View File

@ -12,6 +12,7 @@ TOKEN_EXPIRE_MINUTES = 30
def authentication():
def inner(token: Optional[str] = Header(...)):
if Config.WEB_SECRET_KEY:
try:
jwt.decode(token, Config.WEB_SECRET_KEY, algorithms=ALGORITHM)
except (jwt.JWTError, jwt.ExpiredSignatureError, AttributeError):