mirror of
https://github.com/TeamPGM/PagerMaid-Pyro.git
synced 2024-11-21 23:08:02 +00:00
🚑 hotfix: change web token to cookie
This commit is contained in:
parent
c91cce82c8
commit
fb723878ca
@ -20,9 +20,12 @@ route = APIRouter()
|
|||||||
async def login(user: UserModel):
|
async def login(user: UserModel):
|
||||||
if not Config.WEB_SECRET_KEY or user.password == Config.WEB_SECRET_KEY:
|
if not Config.WEB_SECRET_KEY or user.password == Config.WEB_SECRET_KEY:
|
||||||
token = create_token()
|
token = create_token()
|
||||||
return {
|
data = {
|
||||||
"status": 0,
|
"status": 0,
|
||||||
"msg": "登录成功",
|
"msg": "登录成功",
|
||||||
"data": {"version": pgm_version_code, "token": token},
|
"data": {"version": pgm_version_code, "token": token},
|
||||||
}
|
}
|
||||||
|
response = JSONResponse(content=data)
|
||||||
|
response.set_cookie(key="token_ck", value=token, expires=1800)
|
||||||
|
return response
|
||||||
return {"status": -100, "msg": "登录失败,请重新输入密钥"}
|
return {"status": -100, "msg": "登录失败,请重新输入密钥"}
|
||||||
|
@ -1,22 +1,19 @@
|
|||||||
import asyncio
|
import asyncio
|
||||||
from typing import Union, Optional
|
from typing import Union
|
||||||
|
|
||||||
from fastapi import APIRouter, Header
|
from fastapi import APIRouter
|
||||||
from fastapi.responses import JSONResponse, StreamingResponse
|
from fastapi.responses import JSONResponse, StreamingResponse
|
||||||
|
|
||||||
from pagermaid.common.status import get_status
|
from pagermaid.common.status import get_status
|
||||||
from pagermaid.common.system import run_eval
|
from pagermaid.common.system import run_eval
|
||||||
from pagermaid.config import Config
|
|
||||||
from pagermaid.utils import execute
|
from pagermaid.utils import execute
|
||||||
from pagermaid.web.api.utils import authentication
|
from pagermaid.web.api.utils import authentication
|
||||||
|
|
||||||
route = APIRouter()
|
route = APIRouter()
|
||||||
|
|
||||||
|
|
||||||
@route.get("/log")
|
@route.get("/log", dependencies=[authentication()])
|
||||||
async def get_log(token: Optional[str] = Header(...), num: Union[int, str] = 100):
|
async def get_log(num: Union[int, str] = 100):
|
||||||
if token != Config.WEB_SECRET_KEY:
|
|
||||||
return "非法请求"
|
|
||||||
try:
|
try:
|
||||||
num = int(num)
|
num = int(num)
|
||||||
except ValueError:
|
except ValueError:
|
||||||
@ -31,11 +28,8 @@ async def get_log(token: Optional[str] = Header(...), num: Union[int, str] = 100
|
|||||||
return StreamingResponse(streaming_logs())
|
return StreamingResponse(streaming_logs())
|
||||||
|
|
||||||
|
|
||||||
@route.get("/run_eval")
|
@route.get("/run_eval", dependencies=[authentication()])
|
||||||
async def run_cmd(token: Optional[str] = Header(...), cmd: str = ""):
|
async def run_cmd(cmd: str = ""):
|
||||||
if token != Config.WEB_SECRET_KEY:
|
|
||||||
return "非法请求"
|
|
||||||
|
|
||||||
async def run_cmd_func():
|
async def run_cmd_func():
|
||||||
result = (await run_eval(cmd)).split("\n")
|
result = (await run_eval(cmd)).split("\n")
|
||||||
for i in result:
|
for i in result:
|
||||||
@ -45,11 +39,8 @@ async def run_cmd(token: Optional[str] = Header(...), cmd: str = ""):
|
|||||||
return StreamingResponse(run_cmd_func()) if cmd else "无效命令"
|
return StreamingResponse(run_cmd_func()) if cmd else "无效命令"
|
||||||
|
|
||||||
|
|
||||||
@route.get("/run_sh")
|
@route.get("/run_sh", dependencies=[authentication()])
|
||||||
async def run_sh(token: Optional[str] = Header(...), cmd: str = ""):
|
async def run_sh(cmd: str = ""):
|
||||||
if token != Config.WEB_SECRET_KEY:
|
|
||||||
return "非法请求"
|
|
||||||
|
|
||||||
async def run_sh_func():
|
async def run_sh_func():
|
||||||
result = (await execute(cmd)).split("\n")
|
result = (await execute(cmd)).split("\n")
|
||||||
for i in result:
|
for i in result:
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
import datetime
|
import datetime
|
||||||
from typing import Optional
|
from typing import Optional
|
||||||
|
|
||||||
from fastapi import Header, HTTPException, Depends
|
from fastapi import Header, HTTPException, Depends, Cookie
|
||||||
from jose import jwt
|
from jose import jwt
|
||||||
|
|
||||||
from pagermaid.config import Config
|
from pagermaid.config import Config
|
||||||
@ -11,12 +11,13 @@ TOKEN_EXPIRE_MINUTES = 30
|
|||||||
|
|
||||||
|
|
||||||
def authentication():
|
def authentication():
|
||||||
def inner(token: Optional[str] = Header(None)):
|
def inner(token: Optional[str] = Header(None), token_ck: str = Cookie(None)):
|
||||||
|
_token = token or token_ck
|
||||||
if Config.WEB_SECRET_KEY:
|
if Config.WEB_SECRET_KEY:
|
||||||
if token == Config.WEB_SECRET_KEY:
|
if _token == Config.WEB_SECRET_KEY:
|
||||||
return
|
return
|
||||||
try:
|
try:
|
||||||
jwt.decode(token, Config.WEB_SECRET_KEY, algorithms=ALGORITHM)
|
jwt.decode(_token, Config.WEB_SECRET_KEY, algorithms=ALGORITHM)
|
||||||
except (jwt.JWTError, jwt.ExpiredSignatureError, AttributeError):
|
except (jwt.JWTError, jwt.ExpiredSignatureError, AttributeError):
|
||||||
raise HTTPException(
|
raise HTTPException(
|
||||||
status_code=400, detail="登录验证失败或已失效,请重新登录"
|
status_code=400, detail="登录验证失败或已失效,请重新登录"
|
||||||
|
@ -43,7 +43,6 @@ log_page = Log(
|
|||||||
source={
|
source={
|
||||||
"method": "get",
|
"method": "get",
|
||||||
"url": "/pagermaid/api/log?num=${log_num | raw}",
|
"url": "/pagermaid/api/log?num=${log_num | raw}",
|
||||||
"headers": {"token": Config.WEB_SECRET_KEY},
|
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -69,7 +68,6 @@ cmd_input = Form(
|
|||||||
source={
|
source={
|
||||||
"method": "get",
|
"method": "get",
|
||||||
"url": "/pagermaid/api/run_sh?cmd=${command | raw}",
|
"url": "/pagermaid/api/run_sh?cmd=${command | raw}",
|
||||||
"headers": {"token": Config.WEB_SECRET_KEY},
|
|
||||||
},
|
},
|
||||||
),
|
),
|
||||||
),
|
),
|
||||||
@ -99,7 +97,6 @@ eval_input = Form(
|
|||||||
source={
|
source={
|
||||||
"method": "get",
|
"method": "get",
|
||||||
"url": "/pagermaid/api/run_eval?cmd=${command | raw}",
|
"url": "/pagermaid/api/run_eval?cmd=${command | raw}",
|
||||||
"headers": {"token": Config.WEB_SECRET_KEY},
|
|
||||||
},
|
},
|
||||||
),
|
),
|
||||||
),
|
),
|
||||||
|
Loading…
Reference in New Issue
Block a user