diff --git a/src/webui/index.ts b/src/webui/index.ts index e1f2e576..c7b37273 100644 --- a/src/webui/index.ts +++ b/src/webui/index.ts @@ -4,7 +4,7 @@ import express from 'express'; import { createServer } from 'http'; -import { randomUUID } from 'node:crypto' +import { randomUUID, randomBytes } from 'node:crypto' import { createServer as createHttpsServer } from 'https'; import { LogWrapper } from '@/common/log'; import { NapCatPathWrapper } from '@/common/path'; @@ -91,9 +91,9 @@ export async function InitWebUi(logger: LogWrapper, pathWrapper: NapCatPathWrapp // 检查并更新默认密码 - 最高优先级 if (config.defaultToken || config.token === 'napcat' || !config.token) { - const randomToken = Math.random().toString(36).slice(-8); + const randomToken = randomBytes(6).toString('hex'); await WebUiConfig.UpdateWebUIConfig({ token: randomToken, defaultToken: false }); - logger.log(`[NapCat] [WebUi] 🔐 检测到默认密码,已自动更新为安全密码: ${randomToken}`); + logger.log(`[NapCat] [WebUi] 🔐 检测到默认密码,已自动更新为安全密码`); // 存储token到全局变量,等待QQ登录成功后发送 setPendingTokenToSend(randomToken); @@ -102,7 +102,7 @@ export async function InitWebUi(logger: LogWrapper, pathWrapper: NapCatPathWrapp // 重新获取更新后的配置 config = await WebUiConfig.GetWebUIConfig(); } else { - logger.log(`[NapCat] [WebUi] ✅ 当前使用安全密码: ${config.token}`); + logger.log(`[NapCat] [WebUi] ✅ 当前使用安全密码`); } // 存储启动时的初始token用于鉴权 diff --git a/src/webui/src/api/Auth.ts b/src/webui/src/api/Auth.ts index de244d83..bb450d99 100644 --- a/src/webui/src/api/Auth.ts +++ b/src/webui/src/api/Auth.ts @@ -7,12 +7,6 @@ import { WebUiDataRuntime } from '@webapi/helper/Data'; import { sendSuccess, sendError } from '@webapi/utils/response'; import { isEmpty } from '@webapi/utils/check'; -// 检查是否使用默认Token -export const CheckDefaultTokenHandler: RequestHandler = async (_, res) => { - // 由于密码在WebUI启动时已经确保不是默认密码,这里总是返回false - return sendSuccess(res, false); -}; - // 登录 export const LoginHandler: RequestHandler = async (req, res) => { // 获取WebUI配置 diff --git a/src/webui/src/api/Log.ts b/src/webui/src/api/Log.ts index 355d0826..275fb713 100644 --- a/src/webui/src/api/Log.ts +++ b/src/webui/src/api/Log.ts @@ -5,6 +5,12 @@ import { terminalManager } from '../terminal/terminal_manager'; import { WebUiConfig } from '@/webui'; // 判断是否是 macos const isMacOS = process.platform === 'darwin'; + +// 日志脱敏函数 +const sanitizeLog = (log: string): string => { + // 脱敏 token 参数,将 token=xxx 替换为 token=*** + return log.replace(/token=[\w\d]+/gi, 'token=***'); +}; // 日志记录 export const LogHandler: RequestHandler = async (req, res) => { const filename = req.query['id']; @@ -16,7 +22,8 @@ export const LogHandler: RequestHandler = async (req, res) => { return sendError(res, 'ID不合法'); } const logContent = await WebUiConfig.GetLogContent(filename); - return sendSuccess(res, logContent); + const sanitizedLogContent = sanitizeLog(logContent); + return sendSuccess(res, sanitizedLogContent); }; // 日志列表 @@ -31,7 +38,8 @@ export const LogRealTimeHandler: RequestHandler = async (req, res) => { res.setHeader('Connection', 'keep-alive'); const listener = (log: string) => { try { - res.write(`data: ${log}\n\n`); + const sanitizedLog = sanitizeLog(log); + res.write(`data: ${sanitizedLog}\n\n`); } catch (error) { console.error('向客户端写入日志数据时出错:', error); } diff --git a/src/webui/src/router/auth.ts b/src/webui/src/router/auth.ts index 79dcacb0..9aea1b8d 100644 --- a/src/webui/src/router/auth.ts +++ b/src/webui/src/router/auth.ts @@ -17,7 +17,5 @@ router.post('/check', checkHandler); router.post('/logout', LogoutHandler); // router:更新token router.post('/update_token', UpdateTokenHandler); -// router:检查默认token -router.get('/check_using_default_token', CheckDefaultTokenHandler); export { router as AuthRouter };