Lama3L9R/lsp-yggdrasil
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

修复 Bugs
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
Qumolama.d
2022-07-14 04:06:35 +08:00
parent 5f52abba97
commit 9fb90bef0e
4 changed files with 79 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/index.js
View File

@ -125,6 +125,7 @@ export const setup = async () => {
server.route(SessionServerRoutings.profile) server.route(SessionServerRoutings.profile)
server.route(SessionServerRoutings.profiles) server.route(SessionServerRoutings.profiles)
server.route(WebAPIRoutings.CORS_BYPASS)
server.route(WebAPIRoutings.meta) server.route(WebAPIRoutings.meta)
server.route(WebAPIRoutings.status) server.route(WebAPIRoutings.status)
server.route(WebAPIRoutings.telegramBind) server.route(WebAPIRoutings.telegramBind)

32
src/models/player.js
View File

@ -87,20 +87,32 @@ export async function getPlayerSerialization(player) {
} }
if(player.textures.skin && player.textures.skin != 0) { // Must be '!=' if this change to '!==' will never works if(player.textures.skin && player.textures.skin != 0) { // Must be '!=' if this change to '!==' will never works
textures.textures.SKIN = { if(player.textures.skin.indexOf("http") === -1) {
url: await getSignedUrl(s3Instance, new GetObjectCommand({ textures.textures.SKIN = {
Bucket: config.storage.bucket, url: await getSignedUrl(s3Instance, new GetObjectCommand({
Key: player.textures.skin Bucket: config.storage.bucket,
}), { expiresIn: 3 * 24 * 60 * 60 }) // 3 days Key: player.textures.skin
}), { expiresIn: 3 * 24 * 60 * 60 }) // 3 days
}
} else {
textures.textures.SKIN = {
url: player.textures.skin
}
} }
} }
if(player.textures.cape && player.textures.cape != 0) { // Must be '!=' if this change to '!==' will never works if(player.textures.cape && player.textures.cape != 0) { // Must be '!=' if this change to '!==' will never works
textures.textures.CAPE = { if(player.textures.cape.indexOf("http") === -1) {
url: await getSignedUrl(s3Instance, new GetObjectCommand({ textures.textures.CAPE = {
Bucket: config.storage.bucket, url: await getSignedUrl(s3Instance, new GetObjectCommand({
Key: player.textures.cape Bucket: config.storage.bucket,
}), { expiresIn: 3 * 24 * 60 * 60 }) // 3 days Key: player.textures.cape
}), { expiresIn: 3 * 24 * 60 * 60 }) // 3 days
}
} else {
textures.textures.CAPE = {
url: player.textures.cape
}
} }
} }
const val = Buffer.from(JSON.stringify(textures)).toString('base64') const val = Buffer.from(JSON.stringify(textures)).toString('base64')

62
src/routes/web-api.js
View File

@ -28,14 +28,14 @@ const identifiers = new Map()
async function identifierValidator(req, rep) { async function identifierValidator(req, rep) {
const identifier = req.headers['x-lsp-identifier'] const identifier = req.headers['x-lsp-identifier']
if(!identifier) { if(!identifier) {
return await rep.code(400).send({ return await rep.code(200).send({
err: 1.143688, err: 1.143688,
msg: "请求格式不正确" msg: "请求格式不正确"
}) })
} }
if(!identifiers.has(identifier)) { if(!identifiers.has(identifier)) {
return await rep.code(401).send({ return await rep.code(200).send({
err: 0.456914, err: 0.456914,
msg: "用户不存在" msg: "用户不存在"
}) })
@ -43,7 +43,7 @@ async function identifierValidator(req, rep) {
const {t, uuid} = identifiers.get(identifier) const {t, uuid} = identifiers.get(identifier)
if(t < Date.now()) { if(t < Date.now()) {
return await rep.code(401).send({ return await rep.code(200).send({
err: 1.143688, err: 1.143688,
msg: "令牌超时" msg: "令牌超时"
}) })
@ -146,14 +146,14 @@ export const login = {
const { username, password, createToken } = req.body; const { username, password, createToken } = req.body;
const user = await Player.findOne({ email: username, password: createHash("sha256").update(password).digest('hex') }); const user = await Player.findOne({ email: username, password: createHash("sha256").update(password).digest('hex') });
if (!user) { if (!user) {
return rep.code(401).send({ return rep.code(200).send({
err: 1.143688, err: 1.143688,
msg: "用户名或密码错误" msg: "用户名或密码错误"
}); });
} }
if(user.permissions.indexOf("login") === -1) { if(user.permissions.indexOf("login") === -1) {
return await rep.code(401).send({ return await rep.code(200).send({
err: 0.337187, err: 0.337187,
msg: "泻药,宁滴账号已被封禁" msg: "泻药,宁滴账号已被封禁"
}); });
@ -261,14 +261,14 @@ export const register = {
{ email: email }, { username: username } { email: email }, { username: username }
] }) ] })
if (user) { if (user) {
return await rep.code(401).send({ return await rep.code(200).send({
err: 1.143688, err: 1.143688,
msg: "用户名已存在" msg: "用户名已存在"
}) })
} }
if(username == 0 || password == 0 || email == 0 || telegramId == 0) { if(username == 0 || password == 0 || email == 0 || invitationCode == 0 || validationCode == 0) {
return await rep.code(401).send({ return await rep.code(200).send({
err: 1.143688, err: 1.143688,
msg: "用户名/密码/邮箱/telegramId不能为空" msg: "用户名/密码/邮箱/telegramId不能为空"
}) })
@ -296,17 +296,23 @@ export const register = {
v -> Signature v -> Signature
*/ */
const { p, n, t, v } = JSON.parse(crypto.privateDecrypt(server.keys.privateKey, Buffer.from(invitationCode)).toString()) const raw = Buffer.from(invitationCode, 'base64').toString().split(';').filter(it => it.indexOf('=') >= 0)
const fields = new Map()
raw.forEach(kvPair => {
const [k, v] = kvPair.split('=', 2)
req.log.info(`k: ${k} v: ${v}`)
if(!crypto.createVerify('rsa-sha1').update(Buffer.from(invitationCode)).verify(server.keys.publicKey, Buffer.from(v, 'hex'))) { fields.set(k, v)
return await rep.code(401).send({ })
if(!crypto.createVerify('rsa-sha1').update(Buffer.from(invitationCode)).verify(server.keys.publicKey, Buffer.from(validationCode, 'hex'))) {
return await rep.code(200).send({
err: 1.143688, err: 1.143688,
msg: "邀请码验证失败!非法邀请码!" msg: "邀请码验证失败!非法邀请码!"
}) })
} }
if(fields.get('t') !== email) {
if(t !== email) { return await rep.code(200).send({
return await rep.code(401).send({
err: 1.143688, err: 1.143688,
msg: "邀请码验证失败!这邀请码不属于你!" msg: "邀请码验证失败!这邀请码不属于你!"
}) })
@ -321,8 +327,8 @@ export const register = {
registerDate: Date.now(), registerDate: Date.now(),
permissions: ['login'], permissions: ['login'],
binding: { binding: {
platform: p, platform: fields.get('p'),
username: n, username: fields.get('n'),
verified: true, verified: true,
} }
}); });
@ -411,7 +417,7 @@ export const uploadTexture = {
const { type } = req.params const { type } = req.params
if(type !== 'skin' && type !== 'cape') { if(type !== 'skin' && type !== 'cape') {
rep.code(400).send({ rep.code(200).send({
err: 1.143688, err: 1.143688,
msg: "请求格式不正确" msg: "请求格式不正确"
}) })
@ -452,7 +458,7 @@ export const uploadTexture = {
await rep.code(200).send({ await rep.code(200).send({
err: 1.048596, err: 1.048596,
msg: "" msg: JSON.stringify(update)
}) })
} }
} }
@ -616,3 +622,23 @@ export const status = {
}) })
} }
} }
export const CORS_BYPASS = {
method: "OPTIONS",
url: "/*",
schema: {
summary: "跨域访问",
description: "跨域访问",
tags: [ "webapi" ],
response: {
200: {
type: "null"
},
},
},
preHandler: getOverridePreHandler("/*"),
handler: getOverrideHandler("/*") ?? function(req, rep) {
rep.header("Access-Control-Allow-Origin", "*").code(200).send()
}
}

18
src/telegram/player-commands.js
View File

@ -21,10 +21,10 @@ const adminCreateInvitation = () => {
const player = await Player.findOne({ 'binding.platform': 'telegram', 'binding.username': ctx.message.from.username }) const player = await Player.findOne({ 'binding.platform': 'telegram', 'binding.username': ctx.message.from.username })
if(!player || player.permissions.indexOf('admin') === -1) { if(!player || player.permissions.indexOf('admin') === -1) {
return ctx.reply('配钥匙吗?什么?你配?哦不你不配!') return ctx.reply('配钥匙吗?什么?你配?你配几把?')
} }
const [invitation, v] = makeInvitation(args[0], args[1], args[2] || 'telegram') const [invitation, v] = makeInvitation(args[0], args[2], args[1] || 'telegram')
ctx.replyWithMarkdownV2('邀请码:\n```' + invitation + '```\n\n验证码\n```' + v + "```") ctx.replyWithMarkdownV2('邀请码:\n```' + invitation + '```\n\n验证码\n```' + v + "```")
}) })
} }
@ -54,7 +54,7 @@ const adminRevokeBan = () => {
const player = await Player.findOne({ 'binding.platform': 'telegram', 'binding.username': ctx.message.from.username }) const player = await Player.findOne({ 'binding.platform': 'telegram', 'binding.username': ctx.message.from.username })
if(!player || player.permissions.indexOf('admin') === -1) { if(!player || player.permissions.indexOf('admin') === -1) {
return ctx.reply('配钥匙吗?什么?你配?哦不你不配!') return ctx.reply('配钥匙吗?什么?你配?你配几把?')
} }
const args = ctx.update.message.text.split(' ').slice(1) const args = ctx.update.message.text.split(' ').slice(1)
@ -100,12 +100,14 @@ const userCreateInvitation = () => {
t(o): "email", t(o): "email",
} }
*/ */
const templete = "p=$0;n=$1;t=$2"
const makeInvitation = (username, platform, email) => { const makeInvitation = (username, platform, email) => {
const invitation = crypto.publicEncrypt(server.keys.publicKey, Buffer.from(JSON.stringify({ let i = templete.replace('$0', platform)
p: platform, .replace('$1', username)
n: username, .replace('$2', email)
t: email, i = i.padEnd(i.length + 3 - i.length % 3, ';')
}))).toString('hex')
const invitation = Buffer.from(i).toString('base64')
const v = crypto.createSign('RSA-SHA1').update(invitation).sign(server.keys.privateKey, 'hex') const v = crypto.createSign('RSA-SHA1').update(invitation).sign(server.keys.privateKey, 'hex')
return [invitation, v] return [invitation, v]