Northern_Lights/NapCatQQ
1
0
Fork 0
mirror of https://github.com/NapNeko/NapCatQQ.git synced 2026-02-06 13:05:09 +00:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

Validate pluginId and use localStorage token

Browse Source 
Return a 400 error when the /call-plugin/:pluginId route is requested without a pluginId to avoid calling getPluginExports with an undefined id (packages/napcat-plugin-builtin/index.ts).

Update the dashboard UI to read the auth token from localStorage (same-origin) instead of relying on a URL parameter; a comment about legacy webui_token in the URL was added while the implementation currently prefers localStorage.getItem('token') (packages/napcat-plugin-builtin/webui/dashboard.html).
This commit is contained in:
手瓜一十雪
2026-02-02 16:17:03 +08:00
parent a5769b6a62
commit 52b6627ebd
2 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
packages/napcat-plugin-builtin/webui/dashboard.html
View File

@@ -279,9 +279,10 @@
</div>
<script>
// 从 URL 参数获取 webui_token
// 从 localStorage 获取 token与父页面同源可直接访问
// 兼容旧版:如果 URL 有 webui_token 参数则优先使用
const urlParams = new URLSearchParams(window.location.search);
const webuiToken = urlParams.get('webui_token') || '';
const webuiToken = localStorage.getItem('token') || '';
// 插件 API 基础路径(需要鉴权)
const apiBase = '/api/Plugin/ext/napcat-plugin-builtin';