feat: 安全性提升

2025-12-19 13:10:16 +08:00 · 2025-09-06 10:49:29 +08:00 · 2025-09-06 10:49:29 +08:00 · 27af8e52ac
commit 27af8e52ac
parent 4c9a220300
10 changed files with 27 additions and 24 deletions
--- a/napcat.webui/src/components/network_edit/generic_form.tsx
+++ b/napcat.webui/src/components/network_edit/generic_form.tsx
@ -170,3 +170,11 @@ const GenericForm = <T extends keyof NetworkConfigType>({
 }

 export default GenericForm
+export function random_token(length: number) {
+  const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789@#$%^&*()-_=+[]{}|;:,.<>?'
+  let result = ''
+  for (let i = 0; i < length; i++) {
+    result += chars.charAt(Math.floor(Math.random() * chars.length))
+  }
+  return result
+}
--- a/napcat.webui/src/components/network_edit/http_client.tsx
+++ b/napcat.webui/src/components/network_edit/http_client.tsx
@ -1,4 +1,4 @@
-import GenericForm from './generic_form'
+import GenericForm, { random_token } from './generic_form'
 import type { Field } from './generic_form'

 export interface HTTPClientFormProps {
@ -20,7 +20,7 @@ const HTTPClientForm: React.FC<HTTPClientFormProps> = ({
    url: 'http://localhost:8080',
    reportSelfMessage: false,
    messagePostFormat: 'array',
-    token: '',
+    token: random_token(16),
    debug: false
  }

--- a/napcat.webui/src/components/network_edit/http_server.tsx
+++ b/napcat.webui/src/components/network_edit/http_server.tsx
@ -1,4 +1,4 @@
-import GenericForm from './generic_form'
+import GenericForm, { random_token } from './generic_form'
 import type { Field } from './generic_form'

 export interface HTTPServerFormProps {
@ -17,12 +17,12 @@ const HTTPServerForm: React.FC<HTTPServerFormProps> = ({
  const defaultValues: HTTPServerFormType[0] = {
    enable: false,
    name: '',
-    host: '0.0.0.0',
+    host: '127.0.0.1',
    port: 3000,
    enableCors: true,
    enableWebsocket: true,
    messagePostFormat: 'array',
-    token: '',
+    token: random_token(16),
    debug: false
  }

--- a/napcat.webui/src/components/network_edit/http_sse.tsx
+++ b/napcat.webui/src/components/network_edit/http_sse.tsx
@ -1,4 +1,4 @@
-import GenericForm from './generic_form'
+import GenericForm, { random_token } from './generic_form'
 import type { Field } from './generic_form'

 export interface HTTPServerSSEFormProps {
@ -19,12 +19,12 @@ const HTTPServerSSEForm: React.FC<HTTPServerSSEFormProps> = ({
  const defaultValues: HTTPServerSSEFormType[0] = {
    enable: false,
    name: '',
-    host: '0.0.0.0',
+    host: '127.0.0.1',
    port: 3000,
    enableCors: true,
    enableWebsocket: true,
    messagePostFormat: 'array',
-    token: '',
+    token: random_token(16),
    debug: false,
    reportSelfMessage: false
  }
--- a/napcat.webui/src/components/network_edit/ws_client.tsx
+++ b/napcat.webui/src/components/network_edit/ws_client.tsx
@ -1,4 +1,4 @@
-import GenericForm from './generic_form'
+import GenericForm, { random_token } from './generic_form'
 import type { Field } from './generic_form'

 export interface WebsocketClientFormProps {
@ -22,7 +22,7 @@ const WebsocketClientForm: React.FC<WebsocketClientFormProps> = ({
    url: 'ws://localhost:8082',
    reportSelfMessage: false,
    messagePostFormat: 'array',
-    token: '',
+    token: random_token(16),
    debug: false,
    heartInterval: 30000,
    reconnectInterval: 30000
--- a/napcat.webui/src/components/network_edit/ws_server.tsx
+++ b/napcat.webui/src/components/network_edit/ws_server.tsx
@ -1,4 +1,4 @@
-import GenericForm from './generic_form'
+import GenericForm, { random_token } from './generic_form'
 import type { Field } from './generic_form'

 export interface WebsocketServerFormProps {
@ -19,12 +19,12 @@ const WebsocketServerForm: React.FC<WebsocketServerFormProps> = ({
  const defaultValues: WebsocketServerFormType[0] = {
    enable: false,
    name: '',
-    host: '0.0.0.0',
+    host: '127.0.0.1',
    port: 3001,
    reportSelfMessage: false,
    enableForcePushEvent: true,
    messagePostFormat: 'array',
-    token: '',
+    token: random_token(16),
    debug: false,
    heartInterval: 30000
  }
--- a/src/onebot/config/config.ts
+++ b/src/onebot/config/config.ts
@ -1,11 +1,10 @@
 import { Type, Static } from '@sinclair/typebox';
 import Ajv from 'ajv';
-
 const HttpServerConfigSchema = Type.Object({
    name: Type.String({ default: 'http-server' }),
    enable: Type.Boolean({ default: false }),
    port: Type.Number({ default: 3000 }),
-    host: Type.String({ default: '0.0.0.0' }),
+    host: Type.String({ default: '127.0.0.1' }),
    enableCors: Type.Boolean({ default: true }),
    enableWebsocket: Type.Boolean({ default: true }),
    messagePostFormat: Type.String({ default: 'array' }),
@ -17,7 +16,7 @@ const HttpSseServerConfigSchema = Type.Object({
    name: Type.String({ default: 'http-sse-server' }),
    enable: Type.Boolean({ default: false }),
    port: Type.Number({ default: 3000 }),
-    host: Type.String({ default: '0.0.0.0' }),
+    host: Type.String({ default: '127.0.0.1' }),
    enableCors: Type.Boolean({ default: true }),
    enableWebsocket: Type.Boolean({ default: true }),
    messagePostFormat: Type.String({ default: 'array' }),
@ -39,7 +38,7 @@ const HttpClientConfigSchema = Type.Object({
 const WebsocketServerConfigSchema = Type.Object({
    name: Type.String({ default: 'websocket-server' }),
    enable: Type.Boolean({ default: false }),
-    host: Type.String({ default: '0.0.0.0' }),
+    host: Type.String({ default: '127.0.0.1' }),
    port: Type.Number({ default: 3001 }),
    messagePostFormat: Type.String({ default: 'array' }),
    reportSelfMessage: Type.Boolean({ default: false }),
--- a/src/webui/index.ts
+++ b/src/webui/index.ts
@ -163,14 +163,11 @@ export async function InitWebUi(logger: LogWrapper, pathWrapper: NapCatPathWrapp
    server.listen(port, host, async () => {
        // 启动后打印出相关地址
        let searchParams = { token: token };
-        if (host !== '' && host !== '0.0.0.0') {
+        if (host !== '') {
            logger.log(
                `[NapCat] [WebUi] WebUi User Panel Url: ${createUrl(host, port.toString(), '/webui', searchParams)}`
            );
        }
-        logger.log(
-            `[NapCat] [WebUi] WebUi Local Panel Url: ${createUrl('127.0.0.1', port.toString(), '/webui', searchParams)}`
-        );
    });
    // ------------Over！------------
 }
--- a/src/webui/src/helper/config.ts
+++ b/src/webui/src/helper/config.ts
@ -9,12 +9,12 @@ import { deepMerge } from '../utils/object';
 import { themeType } from '../types/theme';

 // 限制尝试端口的次数，避免死循环
-
 // 定义配置的类型
 const WebUiConfigSchema = Type.Object({
    host: Type.String({ default: '0.0.0.0' }),
    port: Type.Number({ default: 6099 }),
-    token: Type.String({ default: 'napcat' }),
+    // napcat+<月份日>，例如 napcat0625
+    token: Type.String({ default: 'napcat' + (new Date().getMonth() + 1).toString().padStart(2, '0') + new Date().getDate().toString().padStart(2, '0') }),
    loginRate: Type.Number({ default: 10 }),
    autoLoginAccount: Type.String({ default: '' }),
    theme: themeType,
--- a/src/webui/src/utils/url.ts
+++ b/src/webui/src/utils/url.ts
@ -13,7 +13,6 @@ import { isIP } from 'node:net';
 * @example normalizeHost('2001:4860:4801:51::27') => '[2001:4860:4801:51::27]'
 */
 export const normalizeHost = (host: string) => {
-    if (host === '0.0.0.0') return '127.0.0.1';
    if (isIP(host) === 6) return `[${host}]`;
    return host;
 };