尝试修复正向WebSocket下的鉴权panic

9c65ff4d · Ink-33 · d0398f30 · 9c65ff4d
Commit 9c65ff4d authored Aug 29, 2020 by Ink-33
Show whitespace changes
Inline Side-by-side

Showing with 21 additions and 3 deletions

server/websocket.go server/websocket.go +21 -3

No files found.
--- a/server/websocket.go
+++ b/server/websocket.go
@@ -206,12 +206,18 @@ func (c *websocketClient) onBotPushEvent(m coolq.MSG) {

 func (s *websocketServer) event(w http.ResponseWriter, r *http.Request) {
 	if s.token != "" {
-		if r.URL.Query().Get("access_token") != s.token && strings.SplitN(r.Header.Get("Authorization"), " ", 2)[1] != s.token {
+		if r.URL.Query().Get("access_token") != s.token {
+			log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr)
+			w.WriteHeader(401)
+			return
+		} else if auth := r.Header.Get("Authorization"); auth != "" {
+			if strings.SplitN(auth, " ", 2)[1] != s.token {
 				log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr)
 				w.WriteHeader(401)
 				return
 			}
 		}
+	}
 	c, err := upgrader.Upgrade(w, r, nil)
 	if err != nil {
 		log.Warnf("处理 Websocket 请求时出现错误: %v", err)
@@ -235,12 +241,18 @@ func (s *websocketServer) event(w http.ResponseWriter, r *http.Request) {

 func (s *websocketServer) api(w http.ResponseWriter, r *http.Request) {
 	if s.token != "" {
-		if r.URL.Query().Get("access_token") != s.token && strings.SplitN(r.Header.Get("Authorization"), " ", 2)[1] != s.token {
+		if r.URL.Query().Get("access_token") != s.token {
+			log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr)
+			w.WriteHeader(401)
+			return
+		} else if auth := r.Header.Get("Authorization"); auth != "" {
+			if strings.SplitN(auth, " ", 2)[1] != s.token {
 				log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr)
 				w.WriteHeader(401)
 				return
 			}
 		}
+	}
 	c, err := upgrader.Upgrade(w, r, nil)
 	if err != nil {
 		log.Warnf("处理 Websocket 请求时出现错误: %v", err)
@@ -253,12 +265,18 @@ func (s *websocketServer) api(w http.ResponseWriter, r *http.Request) {

 func (s *websocketServer) any(w http.ResponseWriter, r *http.Request) {
 	if s.token != "" {
-		if r.URL.Query().Get("access_token") != s.token && strings.SplitN(r.Header.Get("Authorization"), " ", 2)[1] != s.token {
+		if r.URL.Query().Get("access_token") != s.token {
+			log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr)
+			w.WriteHeader(401)
+			return
+		} else if auth := r.Header.Get("Authorization"); auth != "" {
+			if strings.SplitN(auth, " ", 2)[1] != s.token {
 				log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr)
 				w.WriteHeader(401)
 				return
 			}
 		}
+	}
 	c, err := upgrader.Upgrade(w, r, nil)
 	if err != nil {
 		log.Warnf("处理 Websocket 请求时出现错误: %v", err)