Northern_Lights/NapCatQQ
1
0
Fork 0
mirror of https://github.com/NapNeko/NapCatQQ.git synced 2025-12-21 14:20:06 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

refactor: 将默认密码相关逻辑重构为后端处理

Browse Source
This commit is contained in:
时瑾 2025-09-08 22:13:56 +08:00
parent 5e032fcc6a
commit ed0b8408df
No known key found for this signature in database
GPG Key ID: 023F70A1B8F8C196
8 changed files with 206 additions and 207 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
napcat.webui/src/controllers/webui_manager.ts
View File

@ -33,21 +33,6 @@ export default class WebUIManager {
return data.data
}
public static async changePasswordFromDefault(newToken: string) {
const { data } = await serverRequest.post<ServerResponse<boolean>>(
'/auth/update_token',
{ newToken, fromDefault: true }
)
return data.data
}
public static async checkUsingDefaultToken() {
const { data } = await serverRequest.get<ServerResponse<boolean>>(
'/auth/check_using_default_token'
)
return data.data
}
public static async proxy<T>(url = '') {
const data = await serverRequest.get<ServerResponse<string>>(
'/base/proxy?url=' + encodeURIComponent(url)

52
napcat.webui/src/pages/dashboard/config/change_password.tsx
View File

@ -1,6 +1,5 @@
import { Input } from '@heroui/input'
import { useLocalStorage } from '@uidotdev/usehooks'
import { useEffect, useState } from 'react'
import { Controller, useForm } from 'react-hook-form'
import toast from 'react-hot-toast'
import { useNavigate } from 'react-router-dom'
@ -12,9 +11,6 @@ import SaveButtons from '@/components/button/save_buttons'
import WebUIManager from '@/controllers/webui_manager'
const ChangePasswordCard = () => {
const [isDefaultToken, setIsDefaultToken] = useState<boolean>(false)
const [isLoadingCheck, setIsLoadingCheck] = useState<boolean>(true)
const {
control,
handleSubmit: handleWebuiSubmit,
@ -33,31 +29,10 @@ const ChangePasswordCard = () => {
const navigate = useNavigate()
const [_, setToken] = useLocalStorage(key.token, '')
// 检查是否使用默认密码
useEffect(() => {
const checkDefaultToken = async () => {
try {
const isDefault = await WebUIManager.checkUsingDefaultToken()
setIsDefaultToken(isDefault)
} catch (error) {
console.error('检查默认密码状态失败:', error)
} finally {
setIsLoadingCheck(false)
}
}
checkDefaultToken()
}, [])
const onSubmit = handleWebuiSubmit(async (data) => {
try {
if (isDefaultToken) {
// 从默认密码更新
await WebUIManager.changePasswordFromDefault(data.newToken)
} else {
// 正常密码更新
// 使用正常密码更新流程
await WebUIManager.changePassword(data.oldToken, data.newToken)
}
toast.success('修改成功')
setToken('')
@ -69,30 +44,10 @@ const ChangePasswordCard = () => {
}
})
if (isLoadingCheck) {
return (
<>
<title> - NapCat WebUI</title>
<div className="flex justify-center items-center h-32">
<div className="text-center">...</div>
</div>
</>
)
}
return (
<>
<title> - NapCat WebUI</title>
{isDefaultToken && (
<div className="mb-4 p-3 bg-warning-50 border border-warning-200 rounded-lg">
<p className="text-warning-700 text-sm">
使
</p>
</div>
)}
{!isDefaultToken && (
<Controller
control={control}
name="oldToken"
@ -105,7 +60,6 @@ const ChangePasswordCard = () => {
/>
)}
/>
)}
<Controller
control={control}
@ -113,8 +67,8 @@ const ChangePasswordCard = () => {
render={({ field }) => (
<Input
{...field}
label={isDefaultToken ? "设置新密码" : "新密码"}
placeholder={isDefaultToken ? "请设置一个安全的新密码" : "请输入新密码"}
label="新密码"
placeholder="请输入新密码"
type="password"
/>
)}

41
napcat.webui/src/pages/index.tsx
View File

@ -1,52 +1,15 @@
import { Spinner } from '@heroui/spinner'
import { AnimatePresence, motion } from 'motion/react'
import { Suspense, useEffect } from 'react'
import { Outlet, useLocation, useNavigate } from 'react-router-dom'
import { Suspense } from 'react'
import { Outlet, useLocation } from 'react-router-dom'
import useAuth from '@/hooks/auth'
import useDialog from '@/hooks/use-dialog'
import WebUIManager from '@/controllers/webui_manager'
import DefaultLayout from '@/layouts/default'
const CheckDefaultPassword = () => {
const { isAuth } = useAuth()
const dialog = useDialog()
const navigate = useNavigate()
const checkDefaultPassword = async () => {
const data = await WebUIManager.checkUsingDefaultToken()
if (data) {
dialog.confirm({
title: '修改默认密码',
content: '检测到当前密码为默认密码,为了您的安全,必须立即修改密码。',
confirmText: '前往修改',
onConfirm: () => {
navigate('/config?tab=token')
},
onCancel: () => {
navigate('/config?tab=token')
},
onClose() {
navigate('/config?tab=token')
},
})
}
}
useEffect(() => {
if (isAuth) {
checkDefaultPassword()
}
}, [isAuth])
return null
}
export default function IndexPage() {
const location = useLocation()
return (
<DefaultLayout>
<CheckDefaultPassword />
<Suspense
fallback={
<div className="flex justify-center px-10">

63
src/onebot/index.ts
View File

@ -17,6 +17,7 @@ import {
NTMsgAtType,
} from '@/core';
import { OB11ConfigLoader } from '@/onebot/config';
import { pendingTokenToSend } from '@/webui/index';
import {
OB11HttpClientAdapter,
OB11WebSocketClientAdapter,
@ -64,7 +65,7 @@ export class NapCatOneBot11Adapter {
networkManager: OB11NetworkManager;
actions: ActionMap;
private readonly bootTime = Date.now() / 1000;
recallEventCache = new Map<string, any>();
recallEventCache = new Map<string, NodeJS.Timeout>();
constructor (core: NapCatCore, context: InstanceContext, pathWrapper: NapCatPathWrapper) {
this.core = core;
this.context = context;
@ -103,9 +104,38 @@ export class NapCatOneBot11Adapter {
const ob11Config = this.configLoader.configData;
this.core.apis.UserApi.getUserDetailInfo(selfInfo.uid, false)
.then((user) => {
.then(async (user) => {
selfInfo.nick = user.nick;
this.context.logger.setLogSelfInfo(selfInfo);
// 检查是否有待发送的token
if (pendingTokenToSend) {
this.context.logger.log('[NapCat] [OneBot] 🔐 检测到待发送的WebUI Token开始发送');
try {
await this.core.apis.MsgApi.sendMsg(
{ chatType: ChatType.KCHATTYPEC2C, peerUid: selfInfo.uid, guildId: '' },
[{
elementType: ElementType.TEXT,
elementId: '',
textElement: {
content:
'[NapCat] 温馨提示:\n'+
'WebUI密码为默认密码已进行强制修改\n'+
'新密码: ' +pendingTokenToSend,
atType: NTMsgAtType.ATTYPEUNKNOWN,
atUid: '',
atTinyId: '',
atNtUid: '',
}
}],
5000
);
this.context.logger.log('[NapCat] [OneBot] ✅ WebUI Token 消息发送成功');
} catch (error) {
this.context.logger.logError('[NapCat] [OneBot] ❌ WebUI Token 消息发送失败:', error);
}
}
WebUiDataRuntime.getQQLoginCallback()(true);
})
.catch(e => this.context.logger.logError(e));
@ -120,7 +150,7 @@ export class NapCatOneBot11Adapter {
// new OB11PluginAdapter('myPlugin', this.core, this,this.actions)
// );
if (existsSync(this.context.pathWrapper.pluginPath)) {
this.context.logger.log(`[Plugins] 插件目录存在,开始加载插件`);
this.context.logger.log('[Plugins] 插件目录存在,开始加载插件');
this.networkManager.registerAdapter(
new OB11PluginMangerAdapter('plugin_manager', this.core, this, this.actions)
);
@ -181,25 +211,6 @@ export class NapCatOneBot11Adapter {
WebUiDataRuntime.setQQVersion(this.core.context.basicInfoWrapper.getFullQQVersion());
WebUiDataRuntime.setQQLoginInfo(selfInfo);
WebUiDataRuntime.setQQLoginStatus(true);
let sendWebUiToken = async (token: string) => {
await this.core.apis.MsgApi.sendMsg(
{ chatType: ChatType.KCHATTYPEC2C, peerUid: selfInfo.uid, guildId: '' },
[{
elementType: ElementType.TEXT,
elementId: '',
textElement: {
content: 'Update WebUi Token: ' + token,
atType: NTMsgAtType.ATTYPEUNKNOWN,
atUid: '',
atTinyId: '',
atNtUid: '',
}
}],
5000
)
};
WebUiDataRuntime.setWebUiTokenChangeCallback(sendWebUiToken);
WebUiDataRuntime.setOnOB11ConfigChanged(async (newConfig) => {
const prev = this.configLoader.configData;
this.configLoader.save(newConfig);
@ -523,16 +534,16 @@ export class NapCatOneBot11Adapter {
}
private isSelfMessage (ob11Msg: {
stringMsg: OB11Message;
arrayMsg: OB11Message;
stringMsg: OB11Message
arrayMsg: OB11Message
}): boolean {
return ob11Msg.stringMsg.user_id.toString() == this.core.selfInfo.uin ||
ob11Msg.arrayMsg.user_id.toString() == this.core.selfInfo.uin;
}
private createMsgMap (network: Array<NetworkAdapterConfig>, ob11Msg: {
stringMsg: OB11Message;
arrayMsg: OB11Message;
stringMsg: OB11Message
arrayMsg: OB11Message
}, isSelfMsg: boolean, message: RawMessage): Map<string, OB11Message> {
const msgMap: Map<string, OB11Message> = new Map();
network.filter(e => e.enable).forEach(e => {

64
src/webui/index.ts
View File

@ -4,6 +4,7 @@
import express from 'express';
import { createServer } from 'http';
import { randomUUID } from 'node:crypto'
import { createServer as createHttpsServer } from 'https';
import { LogWrapper } from '@/common/log';
import { NapCatPathWrapper } from '@/common/path';
@ -30,7 +31,31 @@ const MAX_PORT_TRY = 100;
import * as net from 'node:net';
import { WebUiDataRuntime } from './src/helper/Data';
import { existsSync, readFileSync } from 'node:fs';
export let webUiRuntimePort = 6099;
// 全局变量存储需要在QQ登录成功后发送的新token
export let pendingTokenToSend: string | null = null;
/**
* WebUI启动时的初始token
* - 使token进行鉴权
* - napcat重启后生效
* -
*/
let initialWebUiToken: string = '';
export function setInitialWebUiToken(token: string) {
initialWebUiToken = token;
}
export function getInitialWebUiToken(): string {
return initialWebUiToken;
}
export function setPendingTokenToSend(token: string | null) {
pendingTokenToSend = token;
}
export async function InitPort(parsedConfig: WebUiConfigType): Promise<[string, number,string]> {
try {
await tryUseHost(parsedConfig.host);
@ -38,9 +63,10 @@ export async function InitPort(parsedConfig: WebUiConfigType): Promise<[string,
return [parsedConfig.host, port, parsedConfig.token];
} catch (error) {
console.log('host或port不可用', error);
return ['', 0, ''];
return ['', 0, randomUUID()];
}
}
async function checkCertificates(logger: LogWrapper): Promise<{ key: string, cert: string } | null> {
try {
const certPath = join(webUiPathWrapper.configPath, 'cert.pem');
@ -61,7 +87,27 @@ async function checkCertificates(logger: LogWrapper): Promise<{ key: string, cer
export async function InitWebUi(logger: LogWrapper, pathWrapper: NapCatPathWrapper) {
webUiPathWrapper = pathWrapper;
WebUiConfig = new WebUiConfigWrapper();
const config = await WebUiConfig.GetWebUIConfig();
let config = await WebUiConfig.GetWebUIConfig();
// 检查并更新默认密码 - 最高优先级
if (config.defaultToken || config.token === 'napcat' || !config.token) {
const randomToken = Math.random().toString(36).slice(-8);
await WebUiConfig.UpdateWebUIConfig({ token: randomToken, defaultToken: false });
logger.log(`[NapCat] [WebUi] 🔐 检测到默认密码,已自动更新为安全密码: ${randomToken}`);
// 存储token到全局变量等待QQ登录成功后发送
setPendingTokenToSend(randomToken);
logger.log(`[NapCat] [WebUi] 📤 新密码将在QQ登录成功后发送给用户`);
// 重新获取更新后的配置
config = await WebUiConfig.GetWebUIConfig();
} else {
logger.log(`[NapCat] [WebUi] ✅ 当前使用安全密码: ${config.token}`);
}
// 存储启动时的初始token用于鉴权
setInitialWebUiToken(config.token);
logger.log(`[NapCat] [WebUi] 🔑 已缓存启动时的token用于鉴权运行时手动修改配置文件密码将不会生效`);
// 检查是否禁用WebUI
if (config.disableWebUI) {
@ -90,19 +136,6 @@ export async function InitWebUi(logger: LogWrapper, pathWrapper: NapCatPathWrapp
}
}
});
WebUiDataRuntime.setQQLoginCallback(async (_status: boolean) => {
try {
if ((await WebUiConfig.GetWebUIConfig()).defaultToken) {
let randomToken = Math.random().toString(36).slice(-8);
await WebUiConfig.UpdateWebUIConfig({ token: randomToken });
console.log(`[NapCat] [WebUi] Update WebUi Token: ${randomToken}`);
await WebUiDataRuntime.getWebUiTokenChangeCallback()(randomToken);
}
} catch (error) {
console.log(`[NapCat] [WebUi] Update WebUi Token failed.` + error);
}
});
// ------------注册中间件------------
// 使用express的json中间件
app.use(express.json());
@ -182,7 +215,6 @@ export async function InitWebUi(logger: LogWrapper, pathWrapper: NapCatPathWrapp
// ------------启动服务------------
server.listen(port, host, async () => {
// 启动后打印出相关地址
let searchParams = { token: token };
logger.log(
`[NapCat] [WebUi] WebUi User Panel Url: ${createUrl('127.0.0.1', port.toString(), '/webui', searchParams)}`

41
src/webui/src/api/Auth.ts
View File

@ -1,6 +1,6 @@
import { RequestHandler } from 'express';
import { WebUiConfig } from '@/webui';
import { WebUiConfig, getInitialWebUiToken, setInitialWebUiToken } from '@/webui';
import { AuthHelper } from '@webapi/helper/SignToken';
import { WebUiDataRuntime } from '@webapi/helper/Data';
@ -9,10 +9,7 @@ import { isEmpty } from '@webapi/utils/check';
// 检查是否使用默认Token
export const CheckDefaultTokenHandler: RequestHandler = async (_, res) => {
const webuiToken = await WebUiConfig.GetWebUIConfig();
if (webuiToken.defaultToken) {
return sendSuccess(res, true);
}
// 由于密码在WebUI启动时已经确保不是默认密码这里总是返回false
return sendSuccess(res, false);
};
@ -33,8 +30,13 @@ export const LoginHandler: RequestHandler = async (req, res) => {
if (!WebUiDataRuntime.checkLoginRate(clientIP, WebUiConfigData.loginRate)) {
return sendError(res, 'login rate limit');
}
//验证config.token hash是否等于token hash
if (!AuthHelper.comparePasswordHash(WebUiConfigData.token, hash)) {
// 使用启动时缓存的token进行验证而不是动态读取配置文件
const initialToken = getInitialWebUiToken();
if (!initialToken) {
return sendError(res, 'Server token not initialized');
}
//验证初始token hash是否等于提交的token hash
if (!AuthHelper.comparePasswordHash(initialToken, hash)) {
return sendError(res, 'token is invalid');
}
@ -63,8 +65,6 @@ export const LogoutHandler: RequestHandler = async (req, res) => {
// 检查登录状态
export const checkHandler: RequestHandler = async (req, res) => {
// 获取WebUI配置
const WebUiConfigData = await WebUiConfig.GetWebUIConfig();
// 获取请求头中的Authorization
const authorization = req.headers.authorization;
// 检查凭证
@ -79,8 +79,13 @@ export const checkHandler: RequestHandler = async (req, res) => {
return sendError(res, 'Token has been revoked');
}
// 使用启动时缓存的token进行验证
const initialToken = getInitialWebUiToken();
if (!initialToken) {
return sendError(res, 'Server token not initialized');
}
// 验证凭证是否在一小时内有效
const valid = AuthHelper.validateCredentialWithinOneHour(WebUiConfigData.token, Credential);
const valid = AuthHelper.validateCredentialWithinOneHour(initialToken, Credential);
// 返回成功信息
if (valid) return sendSuccess(res, null);
// 返回错误信息
@ -120,9 +125,21 @@ export const UpdateTokenHandler: RequestHandler = async (req, res) => {
return sendError(res, 'Current password is not default password');
}
await WebUiConfig.UpdateWebUIConfig({ token: newToken, defaultToken: false });
// 更新内存中的缓存token使新密码立即生效
setInitialWebUiToken(newToken);
} else {
// 正常的密码更新流程
await WebUiConfig.UpdateToken(oldToken, newToken);
// 正常的密码更新流程 - 使用启动时缓存的token进行验证
const initialToken = getInitialWebUiToken();
if (!initialToken) {
return sendError(res, 'Server token not initialized');
}
if (initialToken !== oldToken) {
return sendError(res, '旧 token 不匹配');
}
// 直接更新配置文件中的token不需要通过WebUiConfig.UpdateToken方法
await WebUiConfig.UpdateWebUIConfig({ token: newToken, defaultToken: false });
// 更新内存中的缓存token使新密码立即生效
setInitialWebUiToken(newToken);
}
return sendSuccess(res, 'Token updated successfully');

58
src/webui/src/helper/config.ts
View File

@ -1,4 +1,4 @@
import { webUiPathWrapper } from '@/webui';
import { webUiPathWrapper, getInitialWebUiToken } from '@/webui';
import { Type, Static } from '@sinclair/typebox';
import Ajv from 'ajv';
import fs, { constants } from 'node:fs/promises';
@ -63,6 +63,46 @@ export class WebUiConfigWrapper {
}
async GetWebUIConfig(): Promise<WebUiConfigType> {
if (this.WebUiConfigData) {
return this.WebUiConfigData
}
try {
const configPath = resolve(webUiPathWrapper.configPath, './webui.json');
await this.ensureConfigFileExists(configPath);
const parsedConfig = await this.readAndValidateConfig(configPath);
// 使用内存中缓存的token进行覆盖确保强兼容性
this.WebUiConfigData = {
...parsedConfig,
// 首次读取内存中是没有token的需要进行一层兜底
token: getInitialWebUiToken() || parsedConfig.token
};
return this.WebUiConfigData;
} catch (e) {
console.log('读取配置文件失败', e);
const defaultConfig = this.validateAndApplyDefaults({});
return {
...defaultConfig,
token: defaultConfig.token
};
}
}
async UpdateWebUIConfig(newConfig: Partial<WebUiConfigType>): Promise<void> {
const configPath = resolve(webUiPathWrapper.configPath, './webui.json');
// 使用原始配置进行合并避免内存token覆盖影响配置更新
const currentConfig = await this.GetRawWebUIConfig();
const mergedConfig = deepMerge({ ...currentConfig }, newConfig);
const updatedConfig = this.validateAndApplyDefaults(mergedConfig);
await this.writeConfig(configPath, updatedConfig);
this.WebUiConfigData = updatedConfig;
}
/**
* token覆盖
*
*/
async GetRawWebUIConfig(): Promise<WebUiConfigType> {
if (this.WebUiConfigData) {
return this.WebUiConfigData;
}
@ -78,18 +118,12 @@ export class WebUiConfigWrapper {
}
}
async UpdateWebUIConfig(newConfig: Partial<WebUiConfigType>): Promise<void> {
const configPath = resolve(webUiPathWrapper.configPath, './webui.json');
const currentConfig = await this.GetWebUIConfig();
const mergedConfig = deepMerge({ ...currentConfig }, newConfig);
const updatedConfig = this.validateAndApplyDefaults(mergedConfig);
await this.writeConfig(configPath, updatedConfig);
this.WebUiConfigData = updatedConfig;
}
async UpdateToken(oldToken: string, newToken: string): Promise<void> {
const currentConfig = await this.GetWebUIConfig();
if (currentConfig.token !== oldToken) {
// 使用内存中缓存的token进行验证确保强兼容性
const cachedToken = getInitialWebUiToken();
const tokenToCheck = cachedToken || (await this.GetWebUIConfig()).token;
if (tokenToCheck !== oldToken) {
throw new Error('旧 token 不匹配');
}
await this.UpdateWebUIConfig({ token: newToken, defaultToken: false });

11
src/webui/src/middleware/auth.ts
View File

@ -1,6 +1,6 @@
import { NextFunction, Request, Response } from 'express';
import { WebUiConfig } from '@/webui';
import { getInitialWebUiToken } from '@/webui';
import { AuthHelper } from '@webapi/helper/SignToken';
import { sendError } from '@webapi/utils/response';
@ -30,10 +30,13 @@ export async function auth(req: Request, res: Response, next: NextFunction) {
} catch (e) {
return sendError(res, 'Unauthorized');
}
// 获取配置
const config = await WebUiConfig.GetWebUIConfig();
// 使用启动时缓存的token进行验证而不是动态读取配置文件 因为有可能运行时手动修改了密码
const initialToken = getInitialWebUiToken();
if (!initialToken) {
return sendError(res, 'Server token not initialized');
}
// 验证凭证在1小时内有效
const credentialJson = AuthHelper.validateCredentialWithinOneHour(config.token, Credential);
const credentialJson = AuthHelper.validateCredentialWithinOneHour(initialToken, Credential);
if (credentialJson) {
// 通过验证
return next();