ProjectHentai/nonebot2
6
0
Fork 0
mirror of https://github.com/nonebot/nonebot2.git synced 2025-09-07 04:26:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

🐛 fix cqhttp secret checking #289

Browse Source
This commit is contained in:
yanyongyu
2021-03-20 14:49:58 +08:00
parent 22033e1cfb
commit 2166595e50
11 changed files with 61 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
packages/nonebot-adapter-cqhttp/nonebot/adapters/cqhttp/bot.py
View File

@ -244,7 +244,7 @@ class Bot(BaseBot):
@classmethod
@overrides(BaseBot)
async def check_permission(cls, driver: "Driver", connection_type: str,
headers: dict, body: Optional[dict]) -> str:
headers: dict, body: Optional[bytes]) -> str:
"""
:说明:
@ -271,14 +271,13 @@ class Bot(BaseBot):
if not x_signature:
log("WARNING", "Missing Signature Header")
raise RequestDenied(401, "Missing Signature")
sig = hmac.new(secret.encode("utf-8"),
json.dumps(body).encode(), "sha1").hexdigest()
sig = hmac.new(secret.encode("utf-8"), body, "sha1").hexdigest()
if x_signature != "sha1=" + sig:
log("WARNING", "Signature Header is invalid")
raise RequestDenied(403, "Signature is invalid")
access_token = cqhttp_config.access_token
if access_token and access_token != token:
if access_token and access_token != token and connection_type == "websocket":
log(
"WARNING", "Authorization Header is invalid"
if token else "Missing Authorization Header")

7
packages/nonebot-adapter-ding/nonebot/adapters/ding/bot.py
View File

@ -1,5 +1,4 @@
import hmac
import base64
import json
import urllib.parse
from datetime import datetime
@ -51,7 +50,7 @@ class Bot(BaseBot):
@classmethod
@overrides(BaseBot)
async def check_permission(cls, driver: "Driver", connection_type: str,
headers: dict, body: Optional[dict]) -> str:
headers: dict, body: Optional[bytes]) -> str:
"""
:说明:
@ -81,7 +80,7 @@ class Bot(BaseBot):
raise RequestDenied(403, "Signature is invalid")
else:
log("WARNING", "Ding signature check ignored!")
return body["chatbotUserId"]
return json.loads(body.decode())["chatbotUserId"]
@overrides(BaseBot)
async def handle_message(self, message: dict):

6
packages/nonebot-adapter-ding/nonebot/adapters/ding/utils.py
View File

@ -1,7 +1,9 @@
import hmac
from nonebot.utils import logger_wrapper
import hashlib
import base64
import hashlib
from nonebot.utils import logger_wrapper
log = logger_wrapper("DING")

10
packages/nonebot-adapter-mirai/nonebot/adapters/mirai/bot.py
View File

@ -178,7 +178,7 @@ class Bot(BaseBot):
@classmethod
@overrides(BaseBot)
async def check_permission(cls, driver: "Driver", connection_type: str,
headers: dict, body: Optional[dict]) -> str:
headers: dict, body: Optional[bytes]) -> str:
if connection_type == 'ws':
raise RequestDenied(
status_code=501,
@ -224,7 +224,7 @@ class Bot(BaseBot):
\:\:\: danger
由于Mirai的HTTP API特殊性, 该API暂时无法实现
\:\:\:
\:\:\: tip
你可以使用 ``MiraiBot.api`` 中提供的调用方法来代替
\:\:\:
@ -447,7 +447,7 @@ class Bot(BaseBot):
:说明:
使用此方法获取bot接收到的最老消息和最老各类事件
(不会从MiraiApiHttp消息记录中删除)
(不会从MiraiApiHttp消息记录中删除)
:参数:
@ -462,7 +462,7 @@ class Bot(BaseBot):
使用此方法获取bot接收到的最新消息和最新各类事件
(不会从MiraiApiHttp消息记录中删除)
:参数:
* ``count: int``: 获取消息和事件的数量
@ -599,7 +599,7 @@ class Bot(BaseBot):
"""
:说明:
使用此方法使Bot退出群聊
使用此方法使Bot退出群聊
:参数:

5
packages/nonebot-adapter-mirai/nonebot/adapters/mirai/bot_ws.py
View File

@ -116,7 +116,8 @@ class WebsocketBot(Bot):
@classmethod
@overrides(Bot)
async def check_permission(cls, driver: "Driver", connection_type: str,
headers: dict, body: Optional[dict]) -> NoReturn:
headers: dict,
body: Optional[bytes]) -> NoReturn:
raise RequestDenied(
status_code=501,
reason=f'Connection {connection_type} not implented')
@ -127,7 +128,7 @@ class WebsocketBot(Bot):
"""
:说明:
注册该Adapter
注册该Adapter
:参数: