Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

/api/user 失效 #643

Open
1 task
xycabcd opened this issue Sep 7, 2024 · 7 comments
Open
1 task

/api/user 失效 #643

xycabcd opened this issue Sep 7, 2024 · 7 comments

Comments

@xycabcd
Copy link

xycabcd commented Sep 7, 2024

Blessing Skin 版本

6.0.2

PHP 版本

8.1

出现问题时所使用的浏览器

Safari

您正在使用的 Web Server

Apache

您正在使用宝塔吗?

出现了什么问题?

GET /api/user/*, 没有返回表格,而是一个HTML,用于跳转到登录页

<!DOCTYPE html> <html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='http://localhost:50000/auth/login'" /> <title>Redirecting to http://localhost:50000/auth/login</title> </head> <body> Redirecting to <a href="http://localhost:50000/auth/login">http://localhost:50000/auth/login</a>. </body> </html>

同时 GET /api/[其他] 能正常返回服务器信息

错误日志

No response

重现步骤

登录,然后打开/api/user

@tnqzh123
Copy link
Member

tnqzh123 commented Sep 19, 2024

你截个用于「检查是否经过认证」的中间件的代码说条毛线呢?

你给的信息太少,不足以判断问题所在。从你给的复现步骤里我感觉你像是在用浏览器请求 API,但我也不是很懂你拿 Safari 请求给第三方应用使用的 API 是什么操作。

请给出完整的复现步骤,包括你怎么获取 Access Token 和请求 API 的代码。

还有,我不想骂人,但你真的应该好好读一遍《提问的智慧》。

@xycabcd
Copy link
Author

xycabcd commented Sep 19, 2024

抱歉看错代码了,主要我也不是很会php。对不起。
完整CGI请求代码及返回内容:
index.sh

#!/bin/zsh
jsonq() {
    local json=$(cat)
    awk -v json="$json" -v json_orgi="$json" -v key="$1" '
    function strlastchar(s) {
        return substr(s, length(s), 1)
    }
    function startwith(s, c) {
        start = substr(s, 1, 1)
        return start == c
    }
    function endwith(s, c) {
        return strlastchar(s) == c
    }
    function innerstr(s) { # 取出括号/引号内的内容
        return substr(s, 2, length(s)-2)
    }
    function strindex(s, n) { # 字符串通过下标取值,索引是从1开始的
        return substr(s, n, 1)
    }
    function trim(s) {
        sub("^[ \n]*", "", s);
        sub("[ \n]*$", "", s);
        return s
    }
    function findValueByKey(s, k) {
        if ("\""k"\"" != substr(s, 1, length(k)+2)) {exit 0}
        s = trim(s)
        start = 0; stop = 0; layer = 0
        for (i = 2 + length(k) + 1; i <= length(s); ++i) {
            lastChar = substr(s, i - 1, 1)
            currChar = substr(s, i, 1)
            if (start <= 0) {
                if (lastChar == ":") {
                    start = currChar == " " ? i + 1: i
                    if (currChar == "{" || currChar == "[") {
                        layer = 1
                    }
                }
            } else {
                if (currChar == "{" || currChar == "[") {
                    ++layer
                }
                if (currChar == "}" || currChar == "]") {
                    --layer
                }
                if ((currChar == "," || currChar == "}" || currChar == "]") && layer <= 0) {
                    stop = currChar == "," ? i : i + 1 + layer
                    break
                }
            }
        }
        if (start <= 0 || stop <= 0 || start > length(s) || stop > length(s) || start >= stop) {
            exit 0
        } else {
            return trim(substr(s, start, stop - start))
        }
    }
    function unquote(s) {
        if (startwith(s, "\"")) {
            s = substr(s, 2, length(s)-1)
        }
        if (endwith(s, "\"")) {
            s = substr(s, 1, length(s)-1)
        }
        return s
    }
    BEGIN{
        if (match(key, /^\./) == 0) {exit 0;}
        sub(/\][ ]*\[/,"].[", key)
        split(key, ks, ".")
        if (length(ks) == 1) {print json; exit 0}
        for (j = 2; j <= length(ks); j++) {
            k = ks[j]
            if (startwith(k, "[") && endwith(k, "]") == 1) { # [n]
                idx = innerstr(k)
                currentIdx = -1
                # 找匹配对
                pairs = ""
                json = trim(json)
                if (startwith(json, "[") == 0) {
                    exit 0
                }
                start = 2
                cursor = 2
                for (; cursor <= length(json); cursor++) {
                    current = strindex(json, cursor)
                    if (current == " " || current == "\n") {continue} # 忽略空白
                    if (current == "[" || current == "{") {
                        if (length(pairs) == 0) {start = cursor}
                        pairs = pairs""current
                    }
                    if (current == "]" || current == "}") {
                        if ((strlastchar(pairs) == "[" && current == "]") || (strlastchar(pairs) == "{" && current == "}")) {
                            pairs = substr(pairs, 1, length(pairs)-1) # 删掉最后一个字符
                            if (pairs == "") { # 匹配到了所有的左括号
                                currentIdx++
                                if (currentIdx == idx) {
                                    json = substr(json, start, cursor-start+1)
                                    break
                                }
                            }
                        } else {
                            pairs = pairs""current
                        }
                    }
                }
            } else {
                # 到这里,就只能是{"key": "value"}或{"key":{}}或{"key":[{}]}
                pairs = ""
                json = trim(json)
                if (startwith(json, "[")) {exit 0}
                #if (!startwith(json, "\"") || !startwith(json, "{")) {json="\""json}
                # 找匹配的键
                start = 2
                cursor = 2
                noMatch = 0
                for (; cursor <= length(json); cursor++) {
                    current = strindex(json, cursor)
                    if (current == " " || current == "\n" || current == ",") {continue} # 忽略空白和逗号
                    if (substr(json, cursor, length(k)+2) == "\""k"\"") {
                        json = findValueByKey(substr(json, cursor, length(json)-cursor+1), k)
                        break
                    } else {
                        noMatch = 1
                    }
                    if (noMatch) {
                        pos = match(substr(json, cursor+1, length(json)-cursor), /[^(\\")]"/)
                        ck = substr(substr(json, cursor+1, length(json)-cursor), 1, pos)
                        t = findValueByKey(substr(json, cursor, length(json)-cursor+1), ck)
                        tLen = length(t)
                        sub(/\\/, "\\\\", t)
                        pos = match(substr(json, cursor+1, length(json)-cursor), t)
                        if (pos != 0) {
                            cursor = cursor + pos + tLen
                        }
                        noMatch = 0
                        continue
                    }
                }
            }
        }
        if (json_orgi == json) { print;exit 0 }
        print unquote(json)
    }'
}

CODE=${QUERY_STRING:5}
JSON=$(curl "http://localhost:50000/oauth/token" -F code=$CODE -F client_id=7 -F "grant_type=authorization_code" -F "client_secret=U8YvCBMjRHt500vci1ZtMOZ5Yq7nqxjUkk7950Ou" -F "redirect_uri=http://localhost:50000/chat/oauth")
ATOKEN=$(echo $JSON | jsonq ".access_token")
echo Content-type:text
echo 
echo --------------------------------------------------------------------------------
echo $(curl -X 'GET' "http://localhost:50000/api/players" -H "Authorization:Bearer $ATOKEN") 

回复:

<!DOCTYPE html> <html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" 
content="0;url='http://localhost:50000/auth/login'" /> <title>Redirecting to http://localhost:50000/auth/login</title> 
</head> <body> Redirecting to <a href="http://localhost:50000/auth/login">http://localhost:50000/auth/login</a>. 
</body> </html>

@gxres042
Copy link
Contributor

@tnqzh123
Copy link
Member

本地开发环境未能复现。

我建议你把 Access Token 打出来,看看是不是一个正常的 JWT,如果是,拿着 storage/oauth-public.key 里的公钥,去 jwt.io 验证一下 JWT 签名,再看看 JWT 有没有过期。

@xycabcd
Copy link
Author

xycabcd commented Sep 21, 2024

jwt.io 说有效

{"token_type":"Bearer","expires_in":31536000,"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiI3IiwianRpIjoiYjViYjYxYjIwN2ViNzg1Njk4ZmVjNjA5NTE4YzFiZTMyOGE4NDgwNWVkYjRlZmVlMDE4MDg4NjY3NjNmNWY4ZmYxNDZiMzQxNTQyZDY4OWQiLCJpYXQiOjE3MjcwMTA1MzcuNzQ5OTA4LCJuYmYiOjE3MjcwMTA1MzcuNzQ5OTEsImV4cCI6MTc1ODU0NjUzNy43NDExODMsInN1YiI6IjIiLCJzY29wZXMiOlsiVXNlci5SZWFkIl19.os2ifF7Dol4WXVxH466VlWvfU7-KXZEdIdghpGNNAYfQrwvEpB6DqtNgKG2Wo0-Vv5aSORlLNlXSNTvkzXd85Inpk2sM5136xhZerOLODOA-Sd1m28GU4leU1IOHvTu2070lewgwy7FmPp-wqjRhkOwt-q9Q5bvPDaI_omZ7UT1zB1vSVZft3MsN-P0dV8XYyQx49i3nUbK8vHel5VPSep0zx8Xnrr97aI9ytiZWZYfsdGGNt_g1IesgNvJE8c6IV3js2bgMbHkOgGRUhQjvrUz8XaazUYpLbvOpTfAxI51N2hEt5an2zyfQyyPdudN7ZtJFP7uHJ5rho8FMi6y6XWuStKlItctB8BZd14o_ufchtLx5s9FnN5LZEd3bHgLSxXl1zQGbNpg9fcPx--tzujJwiTJF37_TognewK8OSNrykvE40WW1u9Wqh9ek1hPLPlkUAXx8QTiYPIMSLlBrd4ZXIBZh2j5APgjxf73U8s3GN088t2AsBIXRP72pnpV5vUWCWv4aWhLenmdjFwb87dIHyuwe1f3ycUc4Rb6QgaN4iUoZqWAQk2uYM5RPex7aQo6iNXzlqNRdcfy2rEy3GVVFxr5hjAaZDElSiMwXQGitSCzqwdhwhjkn61Lvf5_fCPnHOoF9jLwVVmIxJs_74n6yq6W9qEnCrPBELtBODVk","refresh_token":"def5020042639308cb93606c23effe3397193c5cefd52095980f48cb9b251c6c71b316b11c355046912899d42d8c98316e21ed02acefca8ee65013097cf1115714cc8cdd1a927e028452113ffda3f2fabcaf2b310223dfa6db82f1f7db274fda5da4cc8a5486cdac7df9fe3d7f882420ea89c0a0808d1135d81f0fde84881ca2536ec1d4e20080fac956724dfea9f86aba99674f94046e19d5c17ea2b329b48de30906d1b2f30b03cf7b98ebb82aef58fe0e5eb21eb9a36798c31acc50e85cb5e77140ac959ab47ca4f30965428b4333d17920c7256ebb48b2cfe3d31d8909a5eee526eb79428b9d46659abe9532897215cff0b674ab74360f0dcb7359899a42c1116bdcbba4f6e89a0eba6fd4548b35b32a4d71706fdba224dc07ab0c87b77d91c742902fd2913e32bed8ef256cc2e277d8e2ce50dcc300e41e29effba2110d246f990da74d1ca7f3798e0f537b002a28b47ada33666d5fe089cdc22f15b1e5f11fc41849166fc188b77023"}

本地全新安装测试失败,说明和bs的配置没有关系

@tnqzh123
Copy link
Member

和你 PHP 是怎么安装的没关系。

当前开发版及稳定版均无法复现你的问题,无法通过现有信息判断问题所在。我们也进不到你的本地环境做进一步调试。

@xycabcd
Copy link
Author

xycabcd commented Nov 14, 2024

感谢。
想问一下有没有一个设置可以让程序纪录机器详细的日志,这样方便找到原因

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants