diff --git a/src/index.js b/src/index.js index 17ddd98..8cb0b7e 100644 --- a/src/index.js +++ b/src/index.js @@ -125,6 +125,7 @@ export const setup = async () => { server.route(SessionServerRoutings.profile) server.route(SessionServerRoutings.profiles) + server.route(WebAPIRoutings.CORS_BYPASS) server.route(WebAPIRoutings.meta) server.route(WebAPIRoutings.status) server.route(WebAPIRoutings.telegramBind) diff --git a/src/models/player.js b/src/models/player.js index 353ae18..654453c 100644 --- a/src/models/player.js +++ b/src/models/player.js @@ -87,21 +87,33 @@ export async function getPlayerSerialization(player) { } if(player.textures.skin && player.textures.skin != 0) { // Must be '!=' if this change to '!==' will never works - textures.textures.SKIN = { - url: await getSignedUrl(s3Instance, new GetObjectCommand({ - Bucket: config.storage.bucket, - Key: player.textures.skin - }), { expiresIn: 3 * 24 * 60 * 60 }) // 3 days - } + if(player.textures.skin.indexOf("http") === -1) { + textures.textures.SKIN = { + url: await getSignedUrl(s3Instance, new GetObjectCommand({ + Bucket: config.storage.bucket, + Key: player.textures.skin + }), { expiresIn: 3 * 24 * 60 * 60 }) // 3 days + } + } else { + textures.textures.SKIN = { + url: player.textures.skin + } + } } if(player.textures.cape && player.textures.cape != 0) { // Must be '!=' if this change to '!==' will never works - textures.textures.CAPE = { - url: await getSignedUrl(s3Instance, new GetObjectCommand({ - Bucket: config.storage.bucket, - Key: player.textures.cape - }), { expiresIn: 3 * 24 * 60 * 60 }) // 3 days - } + if(player.textures.cape.indexOf("http") === -1) { + textures.textures.CAPE = { + url: await getSignedUrl(s3Instance, new GetObjectCommand({ + Bucket: config.storage.bucket, + Key: player.textures.cape + }), { expiresIn: 3 * 24 * 60 * 60 }) // 3 days + } + } else { + textures.textures.CAPE = { + url: player.textures.cape + } + } } const val = Buffer.from(JSON.stringify(textures)).toString('base64') diff --git a/src/routes/web-api.js b/src/routes/web-api.js index f67d3d6..fd4d03c 100644 --- a/src/routes/web-api.js +++ b/src/routes/web-api.js @@ -28,14 +28,14 @@ const identifiers = new Map() async function identifierValidator(req, rep) { const identifier = req.headers['x-lsp-identifier'] if(!identifier) { - return await rep.code(400).send({ + return await rep.code(200).send({ err: 1.143688, msg: "请求格式不正确" }) } if(!identifiers.has(identifier)) { - return await rep.code(401).send({ + return await rep.code(200).send({ err: 0.456914, msg: "用户不存在" }) @@ -43,7 +43,7 @@ async function identifierValidator(req, rep) { const {t, uuid} = identifiers.get(identifier) if(t < Date.now()) { - return await rep.code(401).send({ + return await rep.code(200).send({ err: 1.143688, msg: "令牌超时" }) @@ -146,14 +146,14 @@ export const login = { const { username, password, createToken } = req.body; const user = await Player.findOne({ email: username, password: createHash("sha256").update(password).digest('hex') }); if (!user) { - return rep.code(401).send({ + return rep.code(200).send({ err: 1.143688, msg: "用户名或密码错误" }); } if(user.permissions.indexOf("login") === -1) { - return await rep.code(401).send({ + return await rep.code(200).send({ err: 0.337187, msg: "泻药,宁滴账号已被封禁" }); @@ -261,14 +261,14 @@ export const register = { { email: email }, { username: username } ] }) if (user) { - return await rep.code(401).send({ + return await rep.code(200).send({ err: 1.143688, msg: "用户名已存在" }) } - if(username == 0 || password == 0 || email == 0 || telegramId == 0) { - return await rep.code(401).send({ + if(username == 0 || password == 0 || email == 0 || invitationCode == 0 || validationCode == 0) { + return await rep.code(200).send({ err: 1.143688, msg: "用户名/密码/邮箱/telegramId不能为空" }) @@ -296,17 +296,23 @@ export const register = { v -> Signature */ - const { p, n, t, v } = JSON.parse(crypto.privateDecrypt(server.keys.privateKey, Buffer.from(invitationCode)).toString()) + const raw = Buffer.from(invitationCode, 'base64').toString().split(';').filter(it => it.indexOf('=') >= 0) + const fields = new Map() + raw.forEach(kvPair => { + const [k, v] = kvPair.split('=', 2) + req.log.info(`k: ${k} v: ${v}`) - if(!crypto.createVerify('rsa-sha1').update(Buffer.from(invitationCode)).verify(server.keys.publicKey, Buffer.from(v, 'hex'))) { - return await rep.code(401).send({ + fields.set(k, v) + }) + + if(!crypto.createVerify('rsa-sha1').update(Buffer.from(invitationCode)).verify(server.keys.publicKey, Buffer.from(validationCode, 'hex'))) { + return await rep.code(200).send({ err: 1.143688, msg: "邀请码验证失败!非法邀请码!" }) } - - if(t !== email) { - return await rep.code(401).send({ + if(fields.get('t') !== email) { + return await rep.code(200).send({ err: 1.143688, msg: "邀请码验证失败!这邀请码不属于你!" }) @@ -321,8 +327,8 @@ export const register = { registerDate: Date.now(), permissions: ['login'], binding: { - platform: p, - username: n, + platform: fields.get('p'), + username: fields.get('n'), verified: true, } }); @@ -411,7 +417,7 @@ export const uploadTexture = { const { type } = req.params if(type !== 'skin' && type !== 'cape') { - rep.code(400).send({ + rep.code(200).send({ err: 1.143688, msg: "请求格式不正确" }) @@ -452,7 +458,7 @@ export const uploadTexture = { await rep.code(200).send({ err: 1.048596, - msg: "" + msg: JSON.stringify(update) }) } } @@ -615,4 +621,24 @@ export const status = { } }) } +} + +export const CORS_BYPASS = { + method: "OPTIONS", + url: "/*", + schema: { + summary: "跨域访问", + description: "跨域访问", + tags: [ "webapi" ], + response: { + 200: { + type: "null" + }, + }, + }, + preHandler: getOverridePreHandler("/*"), + handler: getOverrideHandler("/*") ?? function(req, rep) { + rep.header("Access-Control-Allow-Origin", "*").code(200).send() + } + } \ No newline at end of file diff --git a/src/telegram/player-commands.js b/src/telegram/player-commands.js index f0fb93c..a080f5c 100644 --- a/src/telegram/player-commands.js +++ b/src/telegram/player-commands.js @@ -21,10 +21,10 @@ const adminCreateInvitation = () => { const player = await Player.findOne({ 'binding.platform': 'telegram', 'binding.username': ctx.message.from.username }) if(!player || player.permissions.indexOf('admin') === -1) { - return ctx.reply('配钥匙吗?什么?你配?哦不你不配!') + return ctx.reply('配钥匙吗?什么?你配?你配几把?') } - const [invitation, v] = makeInvitation(args[0], args[1], args[2] || 'telegram') + const [invitation, v] = makeInvitation(args[0], args[2], args[1] || 'telegram') ctx.replyWithMarkdownV2('邀请码:\n```' + invitation + '```\n\n验证码:\n```' + v + "```") }) } @@ -54,7 +54,7 @@ const adminRevokeBan = () => { const player = await Player.findOne({ 'binding.platform': 'telegram', 'binding.username': ctx.message.from.username }) if(!player || player.permissions.indexOf('admin') === -1) { - return ctx.reply('配钥匙吗?什么?你配?哦不你不配!') + return ctx.reply('配钥匙吗?什么?你配?你配几把?') } const args = ctx.update.message.text.split(' ').slice(1) @@ -100,12 +100,14 @@ const userCreateInvitation = () => { t(o): "email", } */ +const templete = "p=$0;n=$1;t=$2" const makeInvitation = (username, platform, email) => { - const invitation = crypto.publicEncrypt(server.keys.publicKey, Buffer.from(JSON.stringify({ - p: platform, - n: username, - t: email, - }))).toString('hex') + let i = templete.replace('$0', platform) + .replace('$1', username) + .replace('$2', email) + i = i.padEnd(i.length + 3 - i.length % 3, ';') + + const invitation = Buffer.from(i).toString('base64') const v = crypto.createSign('RSA-SHA1').update(invitation).sign(server.keys.privateKey, 'hex') return [invitation, v]