diff --git a/nonebot/__init__.py b/nonebot/__init__.py
index 68c2a8d2..bd0ee80b 100644
--- a/nonebot/__init__.py
+++ b/nonebot/__init__.py
@@ -147,10 +147,10 @@ def init(*, _env_file: Optional[str] = None, **kwargs):
"""
global _driver
if not _driver:
- logger.debug("NoneBot is initializing...")
+ logger.info("NoneBot is initializing...")
env = Env()
logger.opt(
- colors=True).debug(f"Current Env: {env.environment}")
+ colors=True).info(f"Current Env: {env.environment}")
config = Config(**kwargs,
_env_file=_env_file or f".env.{env.environment}")
diff --git a/nonebot/config.py b/nonebot/config.py
index 7b9281fb..9a9c4ffa 100644
--- a/nonebot/config.py
+++ b/nonebot/config.py
@@ -143,19 +143,6 @@ class Config(BaseConfig):
- 说明:
NoneBot 的 HTTP 和 WebSocket 服务端监听的端口。
"""
- secret: Optional[str] = None
- """
- - 类型: ``Optional[str]``
- - 默认值: ``None``
- - 说明:
- 上报连接 NoneBot 所需的密钥。
- - 示例:
-
- .. code-block:: http
-
- POST /cqhttp/ HTTP/1.1
- Authorization: Bearer kSLuTF2GC2Q4q4ugm3
- """
debug: bool = False
"""
- 类型: ``bool``
@@ -189,7 +176,26 @@ class Config(BaseConfig):
- 类型: ``Optional[str]``
- 默认值: ``None``
- 说明:
- API 请求所需密钥,会在调用 API 时在请求头中携带。
+ API 请求以及上报所需密钥,在请求头中携带。
+ - 示例:
+
+ .. code-block:: http
+
+ POST /cqhttp/ HTTP/1.1
+ Authorization: Bearer kSLuTF2GC2Q4q4ugm3
+ """
+ secret: Optional[str] = None
+ """
+ - 类型: ``Optional[str]``
+ - 默认值: ``None``
+ - 说明:
+ HTTP POST 形式上报所需签名,在请求头中携带。
+ - 示例:
+
+ .. code-block:: http
+
+ POST /cqhttp/ HTTP/1.1
+ X-Signature: sha1=f9ddd4863ace61e64f462d41ca311e3d2c1176e2
"""
# bot runtime configs
diff --git a/nonebot/drivers/fastapi.py b/nonebot/drivers/fastapi.py
index 663998d1..9b95a462 100644
--- a/nonebot/drivers/fastapi.py
+++ b/nonebot/drivers/fastapi.py
@@ -114,7 +114,8 @@ class Driver(BaseDriver):
adapter: str,
data: dict = Body(...),
x_self_id: Optional[str] = Header(None),
- x_signature: Optional[str] = Header(None)):
+ x_signature: Optional[str] = Header(None),
+ auth: Optional[str] = Depends(get_auth_bearer)):
# 检查self_id
if not x_self_id:
logger.warning("Missing X-Self-ID Header")
@@ -135,6 +136,14 @@ class Driver(BaseDriver):
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN,
detail="Signature is invalid")
+ access_token = self.config.access_token
+ if access_token and access_token != auth:
+ logger.warning("Authorization Header is invalid"
+ if auth else "Missing Authorization Header")
+ raise HTTPException(status_code=status.HTTP_403_FORBIDDEN,
+ detail="Authorization Header is invalid"
+ if auth else "Missing Authorization Header")
+
if not isinstance(data, dict):
logger.warning("Data received is invalid")
raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST)
@@ -161,22 +170,25 @@ class Driver(BaseDriver):
adapter: str,
websocket: FastAPIWebSocket,
x_self_id: str = Header(None),
- access_token: Optional[str] = Depends(get_auth_bearer)):
+ auth: Optional[str] = Depends(get_auth_bearer)):
ws = WebSocket(websocket)
- secret = self.config.secret
- if secret is not None and secret != access_token:
+ access_token = self.config.access_token
+ if access_token and access_token != auth:
logger.warning("Authorization Header is invalid"
- if access_token else "Missing Authorization Header")
+ if auth else "Missing Authorization Header")
await ws.close(code=status.WS_1008_POLICY_VIOLATION)
+ return
if not x_self_id:
logger.warning(f"Missing X-Self-ID Header")
await ws.close(code=status.WS_1008_POLICY_VIOLATION)
+ return
if x_self_id in self._clients:
logger.warning(f"Connection Conflict: self_id {x_self_id}")
await ws.close(code=status.WS_1008_POLICY_VIOLATION)
+ return
# Create Bot Object
if adapter in self._adapters: