Skip to content

S
srvpro
Commit 92e31ed9 authored by nanahira's avatar nanahira
Browse files
Options

update auth

parent f7408480
Hide whitespace changes
Inline Side-by-side
Showing with 139 additions and 128 deletions
ygopro-auth.coffee
View file @ 92e31ed9
......@@ -26,6 +26,7 @@ or as follows, to use a specific set of permissions.
###
fs = require 'fs'
loadJSON = require('load-json-file').sync
loadJSONPromise = require('load-json-file')
moment = require 'moment'
moment.updateLocale('zh-cn', {
relativeTime: {
......@@ -57,16 +58,19 @@ add_log = (message) ->
text = mt.format('YYYY-MM-DD HH:mm:ss') + " --> " + message + "\n"
res = false
try
fs.appendFileSync("./logs/"+mt.format('YYYY-MM-DD')+".log", text)
await util.promisfy(fs.appendFile)("./logs/"+mt.format('YYYY-MM-DD')+".log", text)
res = true
catch
res = false
return
return res
default_data = loadJSON('./data/default_data.json')
setting_save = (settings) ->
fs.writeFileSync(settings.file, JSON.stringify(settings, null, 2))
try
await util.promisfy(fs.writeFile)(settings.file, JSON.stringify(settings, null, 2))
catch e
add_log("save fail");
return
default_data = loadJSON('./data/default_data.json')
......@@ -78,16 +82,15 @@ catch
setting_save(users)
save = () ->
setting_save(users)
return
return await setting_save(users)
reload = () ->
user_backup = users
try
users = loadJSON('./config/admin_user.json')
users = await loadJSONPromise('./config/admin_user.json')
catch
users = user_backup
add_log("Invalid user data JSON")
await add_log("Invalid user data JSON")
return
check_permission = (user, permission_required) ->
......@@ -96,31 +99,31 @@ check_permission = (user, permission_required) ->
if typeof(permission) != 'object'
permission = users.permission_examples[_permission]
if !permission
add_log("Permision not set:"+_permission)
await add_log("Permision not set:"+_permission)
return false
return permission[permission_required]
@auth = (name, pass, permission_required, action = 'unknown', no_log) ->
reload()
await reload()
user = users.users[name]
if !user
add_log("Unknown user login. User: "+ name+", Permission needed: "+ permission_required+", Action: " +action)
await add_log("Unknown user login. User: "+ name+", Permission needed: "+ permission_required+", Action: " +action)
return false
if user.password != pass
add_log("Unauthorized user login. User: "+ name+", Permission needed: "+ permission_required+", Action: " +action)
await add_log("Unauthorized user login. User: "+ name+", Permission needed: "+ permission_required+", Action: " +action)
return false
if !user.enabled
add_log("Disabled user login. User: "+ name+", Permission needed: "+ permission_required+", Action: " +action)
await add_log("Disabled user login. User: "+ name+", Permission needed: "+ permission_required+", Action: " +action)
return false
if !check_permission(user, permission_required)
add_log("Permission denied. User: "+ name+", Permission needed: "+ permission_required+", Action: " +action)
if !await check_permission(user, permission_required)
await add_log("Permission denied. User: "+ name+", Permission needed: "+ permission_required+", Action: " +action)
return false
if !no_log
add_log("Operation success. User: "+ name+", Permission needed: "+ permission_required+", Action: " +action)
await add_log("Operation success. User: "+ name+", Permission needed: "+ permission_required+", Action: " +action)
return true
@add_user = (name, pass, enabled, permissions) ->
reload()
await reload()
if users.users[name]
return false
users.users[name] = {
......@@ -128,21 +131,21 @@ check_permission = (user, permission_required) ->
"enabled": enabled,
"permissions": permissions
}
save()
await save()
return true
@delete_user = (name) ->
reload()
await reload()
if !users.users[name]
return false
delete users.users[name]
save()
return true
await save()
return
@update_user = (name, key, value) ->
reload()
await reload()
if !users.users[name]
return false
users.users[name][key] = value
save()
return true
await save()
return
ygopro-auth.js
View file @ 92e31ed9
......@@ -26,12 +26,14 @@
}
},
*/
var add_log, bunyan, check_permission, default_data, fs, loadJSON, log, moment, reload, save, setting_save, users;
var add_log, bunyan, check_permission, default_data, fs, loadJSON, loadJSONPromise, log, moment, reload, save, setting_save, users;
fs = require('fs');
loadJSON = require('load-json-file').sync;
loadJSONPromise = require('load-json-file');
moment = require('moment');
moment.updateLocale('zh-cn', {
......@@ -62,24 +64,31 @@
fs.mkdirSync('./logs');
}
add_log = function(message) {
add_log = async function(message) {
var mt, res, text;
mt = moment();
log.info(message);
text = mt.format('YYYY-MM-DD HH:mm:ss') + " --> " + message + "\n";
res = false;
try {
fs.appendFileSync("./logs/" + mt.format('YYYY-MM-DD') + ".log", text);
await util.promisfy(fs.appendFile)("./logs/" + mt.format('YYYY-MM-DD') + ".log", text);
res = true;
} catch (error) {
res = false;
}
return res;
};
default_data = loadJSON('./data/default_data.json');
setting_save = function(settings) {
fs.writeFileSync(settings.file, JSON.stringify(settings, null, 2));
setting_save = async function(settings) {
var e;
try {
await util.promisfy(fs.writeFile)(settings.file, JSON.stringify(settings, null, 2));
} catch (error) {
e = error;
add_log("save fail");
}
};
default_data = loadJSON('./data/default_data.json');
......@@ -91,22 +100,22 @@
setting_save(users);
}
save = function() {
setting_save(users);
save = async function() {
return (await setting_save(users));
};
reload = function() {
reload = async function() {
var user_backup;
user_backup = users;
try {
users = loadJSON('./config/admin_user.json');
users = (await loadJSONPromise('./config/admin_user.json'));
} catch (error) {
users = user_backup;
add_log("Invalid user data JSON");
await add_log("Invalid user data JSON");
}
};
check_permission = function(user, permission_required) {
check_permission = async function(user, permission_required) {
var _permission, permission;
_permission = user.permissions;
permission = _permission;
......@@ -114,40 +123,40 @@
permission = users.permission_examples[_permission];
}
if (!permission) {
add_log("Permision not set:" + _permission);
await add_log("Permision not set:" + _permission);
return false;
}
return permission[permission_required];
};
this.auth = function(name, pass, permission_required, action = 'unknown', no_log) {
this.auth = async function(name, pass, permission_required, action = 'unknown', no_log) {
var user;
reload();
await reload();
user = users.users[name];
if (!user) {
add_log("Unknown user login. User: " + name + ", Permission needed: " + permission_required + ", Action: " + action);
await add_log("Unknown user login. User: " + name + ", Permission needed: " + permission_required + ", Action: " + action);
return false;
}
if (user.password !== pass) {
add_log("Unauthorized user login. User: " + name + ", Permission needed: " + permission_required + ", Action: " + action);
await add_log("Unauthorized user login. User: " + name + ", Permission needed: " + permission_required + ", Action: " + action);
return false;
}
if (!user.enabled) {
add_log("Disabled user login. User: " + name + ", Permission needed: " + permission_required + ", Action: " + action);
await add_log("Disabled user login. User: " + name + ", Permission needed: " + permission_required + ", Action: " + action);
return false;
}
if (!check_permission(user, permission_required)) {
add_log("Permission denied. User: " + name + ", Permission needed: " + permission_required + ", Action: " + action);
if (!(await check_permission(user, permission_required))) {
await add_log("Permission denied. User: " + name + ", Permission needed: " + permission_required + ", Action: " + action);
return false;
}
if (!no_log) {
add_log("Operation success. User: " + name + ", Permission needed: " + permission_required + ", Action: " + action);
await add_log("Operation success. User: " + name + ", Permission needed: " + permission_required + ", Action: " + action);
}
return true;
};
this.add_user = function(name, pass, enabled, permissions) {
reload();
this.add_user = async function(name, pass, enabled, permissions) {
await reload();
if (users.users[name]) {
return false;
}
......@@ -156,28 +165,26 @@
"enabled": enabled,
"permissions": permissions
};
save();
await save();
return true;
};
this.delete_user = function(name) {
reload();
this.delete_user = async function(name) {
await reload();
if (!users.users[name]) {
return false;
}
delete users.users[name];
save();
return true;
await save();
};
this.update_user = function(name, key, value) {
reload();
this.update_user = async function(name, key, value) {
await reload();
if (!users.users[name]) {
return false;
}
users.users[name][key] = value;
save();
return true;
await save();
};
}).call(this);
ygopro-pre.js
View file @ 92e31ed9
......@@ -480,7 +480,7 @@ var packDatas = function (callback) {
function requestListener(req, res) {
var u = url.parse(req.url, true);
if (!auth.auth(u.query.username, u.query.password, "pre_dashboard", "pre_dashboard")) {
if (!await auth.auth(u.query.username, u.query.password, "pre_dashboard", "pre_dashboard")) {
res.writeHead(403);
res.end("Auth Failed.");
return;
......@@ -505,7 +505,7 @@ function requestListener(req, res) {
else if (u.pathname === '/api/load_db') {
res.writeHead(200);
res.end(u.query.callback+'({"message":"开始加载数据库。"});');
loadAllDbs(() => { });
await util.promisify(loadAllDbs)();
}
else if (u.pathname === '/api/fetch_datas') {
res.writeHead(200);
......@@ -514,23 +514,23 @@ function requestListener(req, res) {
}
else if (u.pathname === '/api/push_datas') {
res.writeHead(200);
res.end(u.query.callback+'({"message":"开始上传数据。"});');
pushDatas(() => { });
res.end(u.query.callback + '({"message":"开始上传数据。"});');
await util.promisify(pushDatas)();
}
else if (u.pathname === '/api/write_to_file') {
res.writeHead(200);
res.end(u.query.callback+'({"message":"开始写列表页。"});');
writeToFile(u.query.message, () => { });
await util.promisify(writeToFile)(u.query.message);
}
else if (u.pathname === '/api/copy_to_ygopro') {
res.writeHead(200);
res.end(u.query.callback+'({"message":"开始更新到服务器。"});');
copyToYGOPRO(() => { });
await util.promisify(copyToYGOPRO)();
}
else if (u.pathname === '/api/pack_data') {
res.writeHead(200);
res.end(u.query.callback+'({"message":"开始生成更新包。"});');
packDatas(() => { });
await util.promisify(packDatas)();
}
else {
res.writeHead(400);
......
ygopro-server.coffee
View file @ 92e31ed9
......@@ -80,6 +80,8 @@ merge = require 'deepmerge'
loadJSON = require('load-json-file').sync
util = require("util")
#heapdump = require 'heapdump'
# 配置
......@@ -1756,6 +1758,7 @@ net.createServer (client) ->
b = stoc_buffer.slice(3, stoc_message_length - 1 + 3)
info = null
struct = ygopro.structs[ygopro.proto_structs.STOC[ygopro.constants.STOC[stoc_proto]]]
if struct and !cancel
struct._setBuff(b)
info = _.clone(struct.fields)
......@@ -3598,7 +3601,7 @@ if settings.modules.http
#console.log(u.query.username, u.query.pass)
if u.pathname == '/api/getrooms'
pass_validated = auth.auth(u.query.username, u.query.pass, "get_rooms", "get_rooms", true)
pass_validated = await auth.auth(u.query.username, u.query.pass, "get_rooms", "get_rooms", true)
if !settings.modules.http.public_roomlist and !pass_validated
response.writeHead(200)
response.end(addCallback(u.query.callback, '{"rooms":[{"roomid":"0","roomname":"密码错误","needpass":"true"}]}'))
......@@ -3634,7 +3637,7 @@ if settings.modules.http
else if u.pathname == '/api/duellog' and settings.modules.tournament_mode.enabled
if !auth.auth(u.query.username, u.query.pass, "duel_log", "duel_log")
if !await auth.auth(u.query.username, u.query.pass, "duel_log", "duel_log")
response.writeHead(200)
response.end(addCallback(u.query.callback, "[{name:'密码错误'}]"))
return
......@@ -3644,7 +3647,7 @@ if settings.modules.http
response.end(addCallback(u.query.callback, duellog))
else if u.pathname == '/api/archive.zip' and settings.modules.tournament_mode.enabled
if !auth.auth(u.query.username, u.query.pass, "download_replay", "download_replay_archive")
if !await auth.auth(u.query.username, u.query.pass, "download_replay", "download_replay_archive")
response.writeHead(403)
response.end("Invalid password.")
return
......@@ -3687,7 +3690,7 @@ if settings.modules.http
response.end("Failed reading replays. " + error)
else if u.pathname == '/api/clearlog' and settings.modules.tournament_mode.enabled
if !auth.auth(u.query.username, u.query.pass, "clear_duel_log", "clear_duel_log")
if !await auth.auth(u.query.username, u.query.pass, "clear_duel_log", "clear_duel_log")
response.writeHead(200)
response.end(addCallback(u.query.callback, "[{name:'密码错误'}]"))
return
......@@ -3703,7 +3706,7 @@ if settings.modules.http
response.end(addCallback(u.query.callback, "[{name:'Success'}]"))
else if _.startsWith(u.pathname, '/api/replay') and settings.modules.tournament_mode.enabled
if !auth.auth(u.query.username, u.query.pass, "download_replay", "download_replay")
if !await auth.auth(u.query.username, u.query.pass, "download_replay", "download_replay")
response.writeHead(403)
response.end("密码错误")
return
......@@ -3734,7 +3737,7 @@ if settings.modules.http
# return
if u.query.shout
if !auth.auth(u.query.username, u.query.pass, "shout", "shout")
if !await auth.auth(u.query.username, u.query.pass, "shout", "shout")
response.writeHead(200)
response.end(addCallback(u.query.callback, "['密码错误', 0]"))
return
......@@ -3744,35 +3747,32 @@ if settings.modules.http
response.end(addCallback(u.query.callback, "['shout ok', '" + u.query.shout + "']"))
else if u.query.stop
if !auth.auth(u.query.username, u.query.pass, "stop", "stop")
if !await auth.auth(u.query.username, u.query.pass, "stop", "stop")
response.writeHead(200)
response.end(addCallback(u.query.callback, "['密码错误', 0]"))
return
if u.query.stop == 'false'
u.query.stop = false
setting_change(settings, 'modules:stop', u.query.stop, (err)->
response.writeHead(200)
if(err)
response.end(addCallback(u.query.callback, "['stop fail', '" + u.query.stop + "']"))
else
response.end(addCallback(u.query.callback, "['stop ok', '" + u.query.stop + "']"))
)
response.writeHead(200)
try
await util.promisfy(setting_change)(settings, 'modules:stop', u.query.stop)
response.end(addCallback(u.query.callback, "['stop ok', '" + u.query.stop + "']"))
catch err
response.end(addCallback(u.query.callback, "['stop fail', '" + u.query.stop + "']"))
else if u.query.welcome
if !auth.auth(u.query.username, u.query.pass, "change_settings", "change_welcome")
if !await auth.auth(u.query.username, u.query.pass, "change_settings", "change_welcome")
response.writeHead(200)
response.end(addCallback(u.query.callback, "['密码错误', 0]"))
return
setting_change(settings, 'modules:welcome', (err)->
response.writeHead(200)
if(err)
response.end(addCallback(u.query.callback, "['welcome fail', '" + u.query.welcome + "']"))
else
response.end(addCallback(u.query.callback, "['welcome ok', '" + u.query.welcome + "']"))
)
try
await util.promisfy(setting_change)(settings, 'modules:stop', u.query.welcome)
response.end(addCallback(u.query.callback, "['welcome ok', '" + u.query.welcome + "']"))
catch err
response.end(addCallback(u.query.callback, "['welcome fail', '" + u.query.welcome + "']"))
else if u.query.getwelcome
if !auth.auth(u.query.username, u.query.pass, "change_settings", "get_welcome")
if !await auth.auth(u.query.username, u.query.pass, "change_settings", "get_welcome")
response.writeHead(200)
response.end(addCallback(u.query.callback, "['密码错误', 0]"))
return
......@@ -3780,7 +3780,7 @@ if settings.modules.http
response.end(addCallback(u.query.callback, "['get ok', '" + settings.modules.welcome + "']"))
else if u.query.loadtips
if !auth.auth(u.query.username, u.query.pass, "change_settings", "change_tips")
if !await auth.auth(u.query.username, u.query.pass, "change_settings", "change_tips")
response.writeHead(200)
response.end(addCallback(u.query.callback, "['密码错误', 0]"))
return
......@@ -3793,7 +3793,7 @@ if settings.modules.http
)
else if u.query.loaddialogues
if !auth.auth(u.query.username, u.query.pass, "change_settings", "change_dialogues")
if !await auth.auth(u.query.username, u.query.pass, "change_settings", "change_dialogues")
response.writeHead(200)
response.end(addCallback(u.query.callback, "['密码错误', 0]"))
return
......@@ -3806,7 +3806,7 @@ if settings.modules.http
)
else if u.query.ban
if !auth.auth(u.query.username, u.query.pass, "ban_user", "ban_user")
if !await auth.auth(u.query.username, u.query.pass, "ban_user", "ban_user")
response.writeHead(200)
response.end(addCallback(u.query.callback, "['密码错误', 0]"))
return
......@@ -3819,7 +3819,7 @@ if settings.modules.http
)
else if u.query.kick
if !auth.auth(u.query.username, u.query.pass, "kick_user", "kick_user")
if !await auth.auth(u.query.username, u.query.pass, "kick_user", "kick_user")
response.writeHead(200)
response.end(addCallback(u.query.callback, "['密码错误', 0]"))
return
......@@ -3835,7 +3835,7 @@ if settings.modules.http
else if u.query.death
if !auth.auth(u.query.username, u.query.pass, "start_death", "start_death")
if !await auth.auth(u.query.username, u.query.pass, "start_death", "start_death")
response.writeHead(200)
response.end(addCallback(u.query.callback, "['密码错误', 0]"))
return
......@@ -3857,7 +3857,7 @@ if settings.modules.http
)
else if u.query.deathcancel
if !auth.auth(u.query.username, u.query.pass, "start_death", "cancel_death")
if !await auth.auth(u.query.username, u.query.pass, "start_death", "cancel_death")
response.writeHead(200)
response.end(addCallback(u.query.callback, "['密码错误', 0]"))
return
......@@ -3878,7 +3878,7 @@ if settings.modules.http
)
else if u.query.reboot
if !auth.auth(u.query.username, u.query.pass, "stop", "reboot")
if !await auth.auth(u.query.username, u.query.pass, "stop", "reboot")
response.writeHead(200)
response.end(addCallback(u.query.callback, "['密码错误', 0]"))
return
......
ygopro-server.js
View file @ 92e31ed9
// Generated by CoffeeScript 2.5.1
(function() {
// 标准库
var CLIENT_get_authorize_key, CLIENT_get_kick_reconnect_target, CLIENT_heartbeat_register, CLIENT_heartbeat_unregister, CLIENT_import_data, CLIENT_is_able_to_kick_reconnect, CLIENT_is_able_to_reconnect, CLIENT_is_banned_by_mc, CLIENT_is_player, CLIENT_kick, CLIENT_kick_reconnect, CLIENT_pre_reconnect, CLIENT_reconnect, CLIENT_reconnect_register, CLIENT_reconnect_unregister, CLIENT_send_pre_reconnect_info, CLIENT_send_reconnect_info, CLIENT_send_replays, Cloud_replay_ids, ROOM_all, ROOM_bad_ip, ROOM_ban_player, ROOM_clear_disconnect, ROOM_connected_ip, ROOM_find_by_name, ROOM_find_by_pid, ROOM_find_by_port, ROOM_find_by_title, ROOM_find_or_create_ai, ROOM_find_or_create_by_name, ROOM_find_or_create_random, ROOM_kick, ROOM_player_flee, ROOM_player_get_score, ROOM_player_lose, ROOM_player_win, ROOM_players_banned, ROOM_players_oppentlist, ROOM_players_scores, ROOM_unwelcome, ROOM_validate, Room, SERVER_clear_disconnect, SERVER_kick, SOCKET_flush_data, _, _async, addCallback, auth, badwords, ban_user, bunyan, challonge, challonge_cache, challonge_module_name, challonge_queue_callbacks, chat_color, config, cppversion, crypto, date, deck_name_match, default_config, default_data, dialogues, disconnect_list, dns, duel_log, e, exec, execFile, fs, geoip, get_callback, get_memory_usage, http, http_server, https, https_server, import_datas, imported, is_requesting, j, l, len, len1, len2, lflists, list, loadJSON, load_dialogues, load_tips, log, long_resolve_cards, m, memory_usage, merge, moment, net, oldbadwords, oldconfig, olddialogues, oldduellog, oldtips, options, os, path, pgClient, pg_client, pg_query, plugin_filename, plugin_list, plugin_path, real_windbot_server_ip, redis, redisdb, ref, ref1, refresh_challonge_cache, release_disconnect, report_to_big_brother, request, requestListener, roomlist, setting_change, setting_save, settings, spawn, spawnSync, spawn_windbot, tips, url, users_cache, wait_room_start, wait_room_start_arena, windbot_looplimit, windbot_process, windbots, ygopro, zlib;
var CLIENT_get_authorize_key, CLIENT_get_kick_reconnect_target, CLIENT_heartbeat_register, CLIENT_heartbeat_unregister, CLIENT_import_data, CLIENT_is_able_to_kick_reconnect, CLIENT_is_able_to_reconnect, CLIENT_is_banned_by_mc, CLIENT_is_player, CLIENT_kick, CLIENT_kick_reconnect, CLIENT_pre_reconnect, CLIENT_reconnect, CLIENT_reconnect_register, CLIENT_reconnect_unregister, CLIENT_send_pre_reconnect_info, CLIENT_send_reconnect_info, CLIENT_send_replays, Cloud_replay_ids, ROOM_all, ROOM_bad_ip, ROOM_ban_player, ROOM_clear_disconnect, ROOM_connected_ip, ROOM_find_by_name, ROOM_find_by_pid, ROOM_find_by_port, ROOM_find_by_title, ROOM_find_or_create_ai, ROOM_find_or_create_by_name, ROOM_find_or_create_random, ROOM_kick, ROOM_player_flee, ROOM_player_get_score, ROOM_player_lose, ROOM_player_win, ROOM_players_banned, ROOM_players_oppentlist, ROOM_players_scores, ROOM_unwelcome, ROOM_validate, Room, SERVER_clear_disconnect, SERVER_kick, SOCKET_flush_data, _, _async, addCallback, auth, badwords, ban_user, bunyan, challonge, challonge_cache, challonge_module_name, challonge_queue_callbacks, chat_color, config, cppversion, crypto, date, deck_name_match, default_config, default_data, dialogues, disconnect_list, dns, duel_log, e, exec, execFile, fs, geoip, get_callback, get_memory_usage, http, http_server, https, https_server, import_datas, imported, is_requesting, j, l, len, len1, len2, lflists, list, loadJSON, load_dialogues, load_tips, log, long_resolve_cards, m, memory_usage, merge, moment, net, oldbadwords, oldconfig, olddialogues, oldduellog, oldtips, options, os, path, pgClient, pg_client, pg_query, plugin_filename, plugin_list, plugin_path, real_windbot_server_ip, redis, redisdb, ref, ref1, refresh_challonge_cache, release_disconnect, report_to_big_brother, request, requestListener, roomlist, setting_change, setting_save, settings, spawn, spawnSync, spawn_windbot, tips, url, users_cache, util, wait_room_start, wait_room_start_arena, windbot_looplimit, windbot_process, windbots, ygopro, zlib;
net = require('net');
......@@ -68,6 +68,8 @@
loadJSON = require('load-json-file').sync;
util = require("util");
//heapdump = require 'heapdump'
// 配置
......@@ -4766,15 +4768,15 @@
}
return callback + "( " + text + " );";
};
requestListener = function(request, response) {
var archive_args, archive_name, archive_process, check, death_room_found, duellog, error, filename, getpath, len2, len3, m, n, parseQueryString, pass_validated, ref2, replay, room, roomsjson, u;
requestListener = async function(request, response) {
var archive_args, archive_name, archive_process, check, death_room_found, duellog, err, error, filename, getpath, len2, len3, m, n, parseQueryString, pass_validated, ref2, replay, room, roomsjson, u;
parseQueryString = true;
u = url.parse(request.url, parseQueryString);
//pass_validated = u.query.pass == settings.modules.http.password
//console.log(u.query.username, u.query.pass)
if (u.pathname === '/api/getrooms') {
pass_validated = auth.auth(u.query.username, u.query.pass, "get_rooms", "get_rooms", true);
pass_validated = (await auth.auth(u.query.username, u.query.pass, "get_rooms", "get_rooms", true));
if (!settings.modules.http.public_roomlist && !pass_validated) {
response.writeHead(200);
response.end(addCallback(u.query.callback, '{"rooms":[{"roomid":"0","roomname":"密码错误","needpass":"true"}]}'));
......@@ -4824,7 +4826,7 @@
});
}
} else if (u.pathname === '/api/duellog' && settings.modules.tournament_mode.enabled) {
if (!auth.auth(u.query.username, u.query.pass, "duel_log", "duel_log")) {
if (!(await auth.auth(u.query.username, u.query.pass, "duel_log", "duel_log"))) {
response.writeHead(200);
response.end(addCallback(u.query.callback, "[{name:'密码错误'}]"));
return;
......@@ -4834,7 +4836,7 @@
response.end(addCallback(u.query.callback, duellog));
}
} else if (u.pathname === '/api/archive.zip' && settings.modules.tournament_mode.enabled) {
if (!auth.auth(u.query.username, u.query.pass, "download_replay", "download_replay_archive")) {
if (!(await auth.auth(u.query.username, u.query.pass, "download_replay", "download_replay_archive"))) {
response.writeHead(403);
response.end("Invalid password.");
return;
......@@ -4890,7 +4892,7 @@
}
}
} else if (u.pathname === '/api/clearlog' && settings.modules.tournament_mode.enabled) {
if (!auth.auth(u.query.username, u.query.pass, "clear_duel_log", "clear_duel_log")) {
if (!(await auth.auth(u.query.username, u.query.pass, "clear_duel_log", "clear_duel_log"))) {
response.writeHead(200);
response.end(addCallback(u.query.callback, "[{name:'密码错误'}]"));
return;
......@@ -4908,7 +4910,7 @@
response.end(addCallback(u.query.callback, "[{name:'Success'}]"));
}
} else if (_.startsWith(u.pathname, '/api/replay') && settings.modules.tournament_mode.enabled) {
if (!auth.auth(u.query.username, u.query.pass, "download_replay", "download_replay")) {
if (!(await auth.auth(u.query.username, u.query.pass, "download_replay", "download_replay"))) {
response.writeHead(403);
response.end("密码错误");
return;
......@@ -4942,7 +4944,7 @@
// response.end(addCallback(u.query.callback, "['密码错误', 0]"))
// return
if (u.query.shout) {
if (!auth.auth(u.query.username, u.query.pass, "shout", "shout")) {
if (!(await auth.auth(u.query.username, u.query.pass, "shout", "shout"))) {
response.writeHead(200);
response.end(addCallback(u.query.callback, "['密码错误', 0]"));
return;
......@@ -4956,7 +4958,7 @@
response.writeHead(200);
response.end(addCallback(u.query.callback, "['shout ok', '" + u.query.shout + "']"));
} else if (u.query.stop) {
if (!auth.auth(u.query.username, u.query.pass, "stop", "stop")) {
if (!(await auth.auth(u.query.username, u.query.pass, "stop", "stop"))) {
response.writeHead(200);
response.end(addCallback(u.query.callback, "['密码错误', 0]"));
return;
......@@ -4964,30 +4966,29 @@
if (u.query.stop === 'false') {
u.query.stop = false;
}
setting_change(settings, 'modules:stop', u.query.stop, function(err) {
response.writeHead(200);
if (err) {
return response.end(addCallback(u.query.callback, "['stop fail', '" + u.query.stop + "']"));
} else {
return response.end(addCallback(u.query.callback, "['stop ok', '" + u.query.stop + "']"));
}
});
response.writeHead(200);
try {
await util.promisfy(setting_change)(settings, 'modules:stop', u.query.stop);
response.end(addCallback(u.query.callback, "['stop ok', '" + u.query.stop + "']"));
} catch (error1) {
err = error1;
response.end(addCallback(u.query.callback, "['stop fail', '" + u.query.stop + "']"));
}
} else if (u.query.welcome) {
if (!auth.auth(u.query.username, u.query.pass, "change_settings", "change_welcome")) {
if (!(await auth.auth(u.query.username, u.query.pass, "change_settings", "change_welcome"))) {
response.writeHead(200);
response.end(addCallback(u.query.callback, "['密码错误', 0]"));
return;
}
setting_change(settings, 'modules:welcome', function(err) {
response.writeHead(200);
if (err) {
return response.end(addCallback(u.query.callback, "['welcome fail', '" + u.query.welcome + "']"));
} else {
return response.end(addCallback(u.query.callback, "['welcome ok', '" + u.query.welcome + "']"));
}
});
try {
await util.promisfy(setting_change)(settings, 'modules:stop', u.query.welcome);
response.end(addCallback(u.query.callback, "['welcome ok', '" + u.query.welcome + "']"));
} catch (error1) {
err = error1;
response.end(addCallback(u.query.callback, "['welcome fail', '" + u.query.welcome + "']"));
}
} else if (u.query.getwelcome) {
if (!auth.auth(u.query.username, u.query.pass, "change_settings", "get_welcome")) {
if (!(await auth.auth(u.query.username, u.query.pass, "change_settings", "get_welcome"))) {
response.writeHead(200);
response.end(addCallback(u.query.callback, "['密码错误', 0]"));
return;
......@@ -4995,7 +4996,7 @@
response.writeHead(200);
response.end(addCallback(u.query.callback, "['get ok', '" + settings.modules.welcome + "']"));
} else if (u.query.loadtips) {
if (!auth.auth(u.query.username, u.query.pass, "change_settings", "change_tips")) {
if (!(await auth.auth(u.query.username, u.query.pass, "change_settings", "change_tips"))) {
response.writeHead(200);
response.end(addCallback(u.query.callback, "['密码错误', 0]"));
return;
......@@ -5009,7 +5010,7 @@
}
});
} else if (u.query.loaddialogues) {
if (!auth.auth(u.query.username, u.query.pass, "change_settings", "change_dialogues")) {
if (!(await auth.auth(u.query.username, u.query.pass, "change_settings", "change_dialogues"))) {
response.writeHead(200);
response.end(addCallback(u.query.callback, "['密码错误', 0]"));
return;
......@@ -5023,7 +5024,7 @@
}
});
} else if (u.query.ban) {
if (!auth.auth(u.query.username, u.query.pass, "ban_user", "ban_user")) {
if (!(await auth.auth(u.query.username, u.query.pass, "ban_user", "ban_user"))) {
response.writeHead(200);
response.end(addCallback(u.query.callback, "['密码错误', 0]"));
return;
......@@ -5037,7 +5038,7 @@
}
});
} else if (u.query.kick) {
if (!auth.auth(u.query.username, u.query.pass, "kick_user", "kick_user")) {
if (!(await auth.auth(u.query.username, u.query.pass, "kick_user", "kick_user"))) {
response.writeHead(200);
response.end(addCallback(u.query.callback, "['密码错误', 0]"));
return;
......@@ -5053,7 +5054,7 @@
}
});
} else if (u.query.death) {
if (!auth.auth(u.query.username, u.query.pass, "start_death", "start_death")) {
if (!(await auth.auth(u.query.username, u.query.pass, "start_death", "start_death"))) {
response.writeHead(200);
response.end(addCallback(u.query.callback, "['密码错误', 0]"));
return;
......@@ -5077,7 +5078,7 @@
}
});
} else if (u.query.deathcancel) {
if (!auth.auth(u.query.username, u.query.pass, "start_death", "cancel_death")) {
if (!(await auth.auth(u.query.username, u.query.pass, "start_death", "cancel_death"))) {
response.writeHead(200);
response.end(addCallback(u.query.callback, "['密码错误', 0]"));
return;
......@@ -5101,7 +5102,7 @@
}
});
} else if (u.query.reboot) {
if (!auth.auth(u.query.username, u.query.pass, "stop", "reboot")) {
if (!(await auth.auth(u.query.username, u.query.pass, "stop", "reboot"))) {
response.writeHead(200);
response.end(addCallback(u.query.callback, "['密码错误', 0]"));
return;
......
ygopro-update.js
View file @ 92e31ed9
......@@ -210,10 +210,10 @@ var pushHTMLs = function() {
//建立一个http服务器,接收API操作
function requestListener(req, res) {
async function requestListener(req, res) {
var u = url.parse(req.url, true);
if (!auth.auth(u.query.username, u.query.password, "update_dashboard", "update_dashboard")) {
if (!await auth.auth(u.query.username, u.query.password, "update_dashboard", "update_dashboard")) {
res.writeHead(403);
res.end("Auth Failed.");
return;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment