Skip to content

G
go-cqhttp
Commit d35ad66a authored by Ink-33's avatar Ink-33
Browse files
Options

拒绝空Token

parent 047b5208
Hide whitespace changes
Inline Side-by-side
Showing with 15 additions and 3 deletions
server/websocket.go
View file @ d35ad66a
...@@ -206,7 +206,7 @@ func (c *websocketClient) onBotPushEvent(m coolq.MSG) { ...@@ -206,7 +206,7 @@ func (c *websocketClient) onBotPushEvent(m coolq.MSG) {
func (s *websocketServer) event(w http.ResponseWriter, r *http.Request) { func (s *websocketServer) event(w http.ResponseWriter, r *http.Request) {
if s.token != "" { if s.token != "" {
if r.URL.Query().Get("access_token") != s.token { if auth := r.URL.Query().Get("access_token"); auth != s.token && auth != "" {
log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr) log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr)
w.WriteHeader(401) w.WriteHeader(401)
return return
...@@ -216,6 +216,10 @@ func (s *websocketServer) event(w http.ResponseWriter, r *http.Request) { ...@@ -216,6 +216,10 @@ func (s *websocketServer) event(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(401) w.WriteHeader(401)
return return
} }
} else {
log.Warnf("已拒绝 %v 的 Websocket 请求: 空Token", r.RemoteAddr)
w.WriteHeader(401)
return
} }
} }
c, err := upgrader.Upgrade(w, r, nil) c, err := upgrader.Upgrade(w, r, nil)
...@@ -241,7 +245,7 @@ func (s *websocketServer) event(w http.ResponseWriter, r *http.Request) { ...@@ -241,7 +245,7 @@ func (s *websocketServer) event(w http.ResponseWriter, r *http.Request) {
func (s *websocketServer) api(w http.ResponseWriter, r *http.Request) { func (s *websocketServer) api(w http.ResponseWriter, r *http.Request) {
if s.token != "" { if s.token != "" {
if r.URL.Query().Get("access_token") != s.token { if auth := r.URL.Query().Get("access_token"); auth != s.token && auth != "" {
log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr) log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr)
w.WriteHeader(401) w.WriteHeader(401)
return return
...@@ -251,6 +255,10 @@ func (s *websocketServer) api(w http.ResponseWriter, r *http.Request) { ...@@ -251,6 +255,10 @@ func (s *websocketServer) api(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(401) w.WriteHeader(401)
return return
} }
} else {
log.Warnf("已拒绝 %v 的 Websocket 请求: 空Token", r.RemoteAddr)
w.WriteHeader(401)
return
} }
} }
c, err := upgrader.Upgrade(w, r, nil) c, err := upgrader.Upgrade(w, r, nil)
...@@ -265,7 +273,7 @@ func (s *websocketServer) api(w http.ResponseWriter, r *http.Request) { ...@@ -265,7 +273,7 @@ func (s *websocketServer) api(w http.ResponseWriter, r *http.Request) {
func (s *websocketServer) any(w http.ResponseWriter, r *http.Request) { func (s *websocketServer) any(w http.ResponseWriter, r *http.Request) {
if s.token != "" { if s.token != "" {
if r.URL.Query().Get("access_token") != s.token { if auth := r.URL.Query().Get("access_token"); auth != s.token && auth != "" {
log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr) log.Warnf("已拒绝 %v 的 Websocket 请求: Token错误", r.RemoteAddr)
w.WriteHeader(401) w.WriteHeader(401)
return return
...@@ -275,6 +283,10 @@ func (s *websocketServer) any(w http.ResponseWriter, r *http.Request) { ...@@ -275,6 +283,10 @@ func (s *websocketServer) any(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(401) w.WriteHeader(401)
return return
} }
} else {
log.Warnf("已拒绝 %v 的 Websocket 请求: 空Token", r.RemoteAddr)
w.WriteHeader(401)
return
} }
} }
c, err := upgrader.Upgrade(w, r, nil) c, err := upgrader.Upgrade(w, r, nil)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment