ProjectHentai/nonebot2
6
0
Fork 0
mirror of https://github.com/nonebot/nonebot2.git synced 2025-07-28 00:31:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

🐛 fix cqhttp secret checking #289

Browse Source
This commit is contained in:
yanyongyu
2021-03-20 14:49:58 +08:00
parent 22033e1cfb
commit 2166595e50
11 changed files with 61 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
packages/nonebot-adapter-cqhttp/nonebot/adapters/cqhttp/bot.py
View File

@ -244,7 +244,7 @@ class Bot(BaseBot):
@classmethod
@overrides(BaseBot)
async def check_permission(cls, driver: "Driver", connection_type: str,
headers: dict, body: Optional[dict]) -> str:
headers: dict, body: Optional[bytes]) -> str:
"""
:说明:
@ -271,14 +271,13 @@ class Bot(BaseBot):
if not x_signature:
log("WARNING", "Missing Signature Header")
raise RequestDenied(401, "Missing Signature")
sig = hmac.new(secret.encode("utf-8"),
json.dumps(body).encode(), "sha1").hexdigest()
sig = hmac.new(secret.encode("utf-8"), body, "sha1").hexdigest()
if x_signature != "sha1=" + sig:
log("WARNING", "Signature Header is invalid")
raise RequestDenied(403, "Signature is invalid")
access_token = cqhttp_config.access_token
if access_token and access_token != token:
if access_token and access_token != token and connection_type == "websocket":
log(
"WARNING", "Authorization Header is invalid"
if token else "Missing Authorization Header")