🚑 hotfix: change web token to cookie

2024-11-21 17:38:18 +00:00 · 2024-09-22 21:53:36 +08:00 · 2024-09-22 21:53:36 +08:00 · fb723878ca
commit fb723878ca
parent c91cce82c8
4 changed files with 17 additions and 25 deletions
--- a/pagermaid/web/api/login.py
+++ b/pagermaid/web/api/login.py
@ -20,9 +20,12 @@ route = APIRouter()
 async def login(user: UserModel):
    if not Config.WEB_SECRET_KEY or user.password == Config.WEB_SECRET_KEY:
        token = create_token()
-        return {
+        data = {
            "status": 0,
            "msg": "登录成功",
            "data": {"version": pgm_version_code, "token": token},
        }
+        response = JSONResponse(content=data)
+        response.set_cookie(key="token_ck", value=token, expires=1800)
+        return response
    return {"status": -100, "msg": "登录失败，请重新输入密钥"}
--- a/pagermaid/web/api/status.py
+++ b/pagermaid/web/api/status.py
@ -1,22 +1,19 @@
 import asyncio
-from typing import Union, Optional
+from typing import Union

-from fastapi import APIRouter, Header
+from fastapi import APIRouter
 from fastapi.responses import JSONResponse, StreamingResponse

 from pagermaid.common.status import get_status
 from pagermaid.common.system import run_eval
-from pagermaid.config import Config
 from pagermaid.utils import execute
 from pagermaid.web.api.utils import authentication

 route = APIRouter()


-@route.get("/log")
-async def get_log(token: Optional[str] = Header(...), num: Union[int, str] = 100):
-    if token != Config.WEB_SECRET_KEY:
-        return "非法请求"
+@route.get("/log", dependencies=[authentication()])
+async def get_log(num: Union[int, str] = 100):
    try:
        num = int(num)
    except ValueError:
@ -31,11 +28,8 @@ async def get_log(token: Optional[str] = Header(...), num: Union[int, str] = 100
    return StreamingResponse(streaming_logs())


-@route.get("/run_eval")
-async def run_cmd(token: Optional[str] = Header(...), cmd: str = ""):
-    if token != Config.WEB_SECRET_KEY:
-        return "非法请求"
-
+@route.get("/run_eval", dependencies=[authentication()])
+async def run_cmd(cmd: str = ""):
    async def run_cmd_func():
        result = (await run_eval(cmd)).split("\n")
        for i in result:
@ -45,11 +39,8 @@ async def run_cmd(token: Optional[str] = Header(...), cmd: str = ""):
    return StreamingResponse(run_cmd_func()) if cmd else "无效命令"


-@route.get("/run_sh")
-async def run_sh(token: Optional[str] = Header(...), cmd: str = ""):
-    if token != Config.WEB_SECRET_KEY:
-        return "非法请求"
-
+@route.get("/run_sh", dependencies=[authentication()])
+async def run_sh(cmd: str = ""):
    async def run_sh_func():
        result = (await execute(cmd)).split("\n")
        for i in result:
--- a/pagermaid/web/api/utils.py
+++ b/pagermaid/web/api/utils.py
@ -1,7 +1,7 @@
 import datetime
 from typing import Optional

-from fastapi import Header, HTTPException, Depends
+from fastapi import Header, HTTPException, Depends, Cookie
 from jose import jwt

 from pagermaid.config import Config
@ -11,12 +11,13 @@ TOKEN_EXPIRE_MINUTES = 30


 def authentication():
-    def inner(token: Optional[str] = Header(None)):
+    def inner(token: Optional[str] = Header(None), token_ck: str = Cookie(None)):
+        _token = token or token_ck
        if Config.WEB_SECRET_KEY:
-            if token == Config.WEB_SECRET_KEY:
+            if _token == Config.WEB_SECRET_KEY:
                return
            try:
-                jwt.decode(token, Config.WEB_SECRET_KEY, algorithms=ALGORITHM)
+                jwt.decode(_token, Config.WEB_SECRET_KEY, algorithms=ALGORITHM)
            except (jwt.JWTError, jwt.ExpiredSignatureError, AttributeError):
                raise HTTPException(
                    status_code=400, detail="登录验证失败或已失效，请重新登录"
--- a/pagermaid/web/pages/home_page.py
+++ b/pagermaid/web/pages/home_page.py
@ -43,7 +43,6 @@ log_page = Log(
    source={
        "method": "get",
        "url": "/pagermaid/api/log?num=${log_num | raw}",
-        "headers": {"token": Config.WEB_SECRET_KEY},
    },
 )

@ -69,7 +68,6 @@ cmd_input = Form(
                        source={
                            "method": "get",
                            "url": "/pagermaid/api/run_sh?cmd=${command | raw}",
-                            "headers": {"token": Config.WEB_SECRET_KEY},
                        },
                    ),
                ),
@ -99,7 +97,6 @@ eval_input = Form(
                        source={
                            "method": "get",
                            "url": "/pagermaid/api/run_eval?cmd=${command | raw}",
-                            "headers": {"token": Config.WEB_SECRET_KEY},
                        },
                    ),
                ),