TeamPGM/PagerMaid-Pyro
2
0
Fork 0
mirror of https://github.com/TeamPGM/PagerMaid-Pyro.git synced 2024-11-21 18:18:17 +00:00
Code Issues Actions Projects Releases Wiki Activity

🚑 hotfix: change web token to cookie
All checks were successful
Docker Dev Build / docker build and publish (push) Successful in 7m15s
Details
Docker Build / docker build and publish (push) Successful in 12m26s
Details

Browse Source
This commit is contained in:
xtaodada 2024-09-22 21:53:36 +08:00
parent c91cce82c8
commit fb723878ca
Signed by: xtaodada
GPG Key ID: 4CBB3F4FA8C85659
4 changed files with 17 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pagermaid/web/api/login.py
View File

@ -20,9 +20,12 @@ route = APIRouter()
async def login(user: UserModel): async def login(user: UserModel):
if not Config.WEB_SECRET_KEY or user.password == Config.WEB_SECRET_KEY: if not Config.WEB_SECRET_KEY or user.password == Config.WEB_SECRET_KEY:
token = create_token() token = create_token()
return { data = {
"status": 0, "status": 0,
"msg": "登录成功", "msg": "登录成功",
"data": {"version": pgm_version_code, "token": token}, "data": {"version": pgm_version_code, "token": token},
} }
response = JSONResponse(content=data)
response.set_cookie(key="token_ck", value=token, expires=1800)
return response
return {"status": -100, "msg": "登录失败,请重新输入密钥"} return {"status": -100, "msg": "登录失败,请重新输入密钥"}

25
pagermaid/web/api/status.py
View File

@ -1,22 +1,19 @@
import asyncio import asyncio
from typing import Union, Optional from typing import Union
from fastapi import APIRouter, Header from fastapi import APIRouter
from fastapi.responses import JSONResponse, StreamingResponse from fastapi.responses import JSONResponse, StreamingResponse
from pagermaid.common.status import get_status from pagermaid.common.status import get_status
from pagermaid.common.system import run_eval from pagermaid.common.system import run_eval
from pagermaid.config import Config
from pagermaid.utils import execute from pagermaid.utils import execute
from pagermaid.web.api.utils import authentication from pagermaid.web.api.utils import authentication
route = APIRouter() route = APIRouter()
@route.get("/log") @route.get("/log", dependencies=[authentication()])
async def get_log(token: Optional[str] = Header(...), num: Union[int, str] = 100): async def get_log(num: Union[int, str] = 100):
if token != Config.WEB_SECRET_KEY:
return "非法请求"
try: try:
num = int(num) num = int(num)
except ValueError: except ValueError:
@ -31,11 +28,8 @@ async def get_log(token: Optional[str] = Header(...), num: Union[int, str] = 100
return StreamingResponse(streaming_logs()) return StreamingResponse(streaming_logs())
@route.get("/run_eval") @route.get("/run_eval", dependencies=[authentication()])
async def run_cmd(token: Optional[str] = Header(...), cmd: str = ""): async def run_cmd(cmd: str = ""):
if token != Config.WEB_SECRET_KEY:
return "非法请求"
async def run_cmd_func(): async def run_cmd_func():
result = (await run_eval(cmd)).split("\n") result = (await run_eval(cmd)).split("\n")
for i in result: for i in result:
@ -45,11 +39,8 @@ async def run_cmd(token: Optional[str] = Header(...), cmd: str = ""):
return StreamingResponse(run_cmd_func()) if cmd else "无效命令" return StreamingResponse(run_cmd_func()) if cmd else "无效命令"
@route.get("/run_sh") @route.get("/run_sh", dependencies=[authentication()])
async def run_sh(token: Optional[str] = Header(...), cmd: str = ""): async def run_sh(cmd: str = ""):
if token != Config.WEB_SECRET_KEY:
return "非法请求"
async def run_sh_func(): async def run_sh_func():
result = (await execute(cmd)).split("\n") result = (await execute(cmd)).split("\n")
for i in result: for i in result:

9
pagermaid/web/api/utils.py
View File

@ -1,7 +1,7 @@
import datetime import datetime
from typing import Optional from typing import Optional
from fastapi import Header, HTTPException, Depends from fastapi import Header, HTTPException, Depends, Cookie
from jose import jwt from jose import jwt
from pagermaid.config import Config from pagermaid.config import Config
@ -11,12 +11,13 @@ TOKEN_EXPIRE_MINUTES = 30
def authentication(): def authentication():
def inner(token: Optional[str] = Header(None)): def inner(token: Optional[str] = Header(None), token_ck: str = Cookie(None)):
_token = token or token_ck
if Config.WEB_SECRET_KEY: if Config.WEB_SECRET_KEY:
if token == Config.WEB_SECRET_KEY: if _token == Config.WEB_SECRET_KEY:
return return
try: try:
jwt.decode(token, Config.WEB_SECRET_KEY, algorithms=ALGORITHM) jwt.decode(_token, Config.WEB_SECRET_KEY, algorithms=ALGORITHM)
except (jwt.JWTError, jwt.ExpiredSignatureError, AttributeError): except (jwt.JWTError, jwt.ExpiredSignatureError, AttributeError):
raise HTTPException( raise HTTPException(
status_code=400, detail="登录验证失败或已失效,请重新登录" status_code=400, detail="登录验证失败或已失效,请重新登录"

3
pagermaid/web/pages/home_page.py
View File

@ -43,7 +43,6 @@ log_page = Log(
source={ source={
"method": "get", "method": "get",
"url": "/pagermaid/api/log?num=${log_num | raw}", "url": "/pagermaid/api/log?num=${log_num | raw}",
"headers": {"token": Config.WEB_SECRET_KEY},
}, },
) )
@ -69,7 +68,6 @@ cmd_input = Form(
source={ source={
"method": "get", "method": "get",
"url": "/pagermaid/api/run_sh?cmd=${command | raw}", "url": "/pagermaid/api/run_sh?cmd=${command | raw}",
"headers": {"token": Config.WEB_SECRET_KEY},
}, },
), ),
), ),
@ -99,7 +97,6 @@ eval_input = Form(
source={ source={
"method": "get", "method": "get",
"url": "/pagermaid/api/run_eval?cmd=${command | raw}", "url": "/pagermaid/api/run_eval?cmd=${command | raw}",
"headers": {"token": Config.WEB_SECRET_KEY},
}, },
), ),
), ),