Fix HTTP API server and Websocket not parsing Authorization header pr…

…operly
yyuueexxiinngg · Aug 22, 2020 · 25e0e75 · 25e0e75
1 parent 5c866e4
commit 25e0e75
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/src/main/kotlin/tech/mihoyo/mirai/web/http/HttpApiModule.kt b/src/main/kotlin/tech/mihoyo/mirai/web/http/HttpApiModule.kt
@@ -214,7 +214,10 @@ internal suspend fun ApplicationCall.responseDTO(dto: CQResponseDTO) {
 
 suspend fun checkAccessToken(call: ApplicationCall, serviceConfig: HttpApiServerServiceConfig): Boolean {
     if (serviceConfig.accessToken != null && serviceConfig.accessToken != "") {
-        val accessToken = call.parameters["access_token"] ?: call.request.headers["Authorization"]
+        val accessToken =
+            call.parameters["access_token"] ?: call.request.headers["Authorization"]?.let {
+                Regex("""(?:[Tt]oken|Bearer)\s+(.*)""").find(it)?.groupValues?.get(1)
+            }
         if (accessToken != null) {
             if (accessToken != serviceConfig.accessToken) {
                 call.respond(HttpStatusCode.Forbidden)

diff --git a/src/main/kotlin/tech/mihoyo/mirai/web/websocket/WebsocketServer.kt b/src/main/kotlin/tech/mihoyo/mirai/web/websocket/WebsocketServer.kt
@@ -177,7 +177,10 @@ private inline fun Route.cqWebsocket(
 ) {
     webSocket(path) {
         if (serviceConfig.accessToken != null && serviceConfig.accessToken != "") {
-            val accessToken = call.parameters["access_token"]
+            val accessToken =
+                call.parameters["access_token"] ?: call.request.headers["Authorization"]?.let {
+                    Regex("""(?:[Tt]oken|Bearer)\s+(.*)""").find(it)?.groupValues?.get(1)
+                }
             if (accessToken != serviceConfig.accessToken) {
                 close(CloseReason(CloseReason.Codes.NORMAL, "accessToken不正确"))
                 return@webSocket