-
-
Notifications
You must be signed in to change notification settings - Fork 121
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
/api/user 失效 #643
Comments
你截个用于「检查是否经过认证」的中间件的代码说条毛线呢? 你给的信息太少,不足以判断问题所在。从你给的复现步骤里我感觉你像是在用浏览器请求 API,但我也不是很懂你拿 Safari 请求给第三方应用使用的 API 是什么操作。 请给出完整的复现步骤,包括你怎么获取 Access Token 和请求 API 的代码。 还有,我不想骂人,但你真的应该好好读一遍《提问的智慧》。 |
抱歉看错代码了,主要我也不是很会php。对不起。 #!/bin/zsh
jsonq() {
local json=$(cat)
awk -v json="$json" -v json_orgi="$json" -v key="$1" '
function strlastchar(s) {
return substr(s, length(s), 1)
}
function startwith(s, c) {
start = substr(s, 1, 1)
return start == c
}
function endwith(s, c) {
return strlastchar(s) == c
}
function innerstr(s) { # 取出括号/引号内的内容
return substr(s, 2, length(s)-2)
}
function strindex(s, n) { # 字符串通过下标取值,索引是从1开始的
return substr(s, n, 1)
}
function trim(s) {
sub("^[ \n]*", "", s);
sub("[ \n]*$", "", s);
return s
}
function findValueByKey(s, k) {
if ("\""k"\"" != substr(s, 1, length(k)+2)) {exit 0}
s = trim(s)
start = 0; stop = 0; layer = 0
for (i = 2 + length(k) + 1; i <= length(s); ++i) {
lastChar = substr(s, i - 1, 1)
currChar = substr(s, i, 1)
if (start <= 0) {
if (lastChar == ":") {
start = currChar == " " ? i + 1: i
if (currChar == "{" || currChar == "[") {
layer = 1
}
}
} else {
if (currChar == "{" || currChar == "[") {
++layer
}
if (currChar == "}" || currChar == "]") {
--layer
}
if ((currChar == "," || currChar == "}" || currChar == "]") && layer <= 0) {
stop = currChar == "," ? i : i + 1 + layer
break
}
}
}
if (start <= 0 || stop <= 0 || start > length(s) || stop > length(s) || start >= stop) {
exit 0
} else {
return trim(substr(s, start, stop - start))
}
}
function unquote(s) {
if (startwith(s, "\"")) {
s = substr(s, 2, length(s)-1)
}
if (endwith(s, "\"")) {
s = substr(s, 1, length(s)-1)
}
return s
}
BEGIN{
if (match(key, /^\./) == 0) {exit 0;}
sub(/\][ ]*\[/,"].[", key)
split(key, ks, ".")
if (length(ks) == 1) {print json; exit 0}
for (j = 2; j <= length(ks); j++) {
k = ks[j]
if (startwith(k, "[") && endwith(k, "]") == 1) { # [n]
idx = innerstr(k)
currentIdx = -1
# 找匹配对
pairs = ""
json = trim(json)
if (startwith(json, "[") == 0) {
exit 0
}
start = 2
cursor = 2
for (; cursor <= length(json); cursor++) {
current = strindex(json, cursor)
if (current == " " || current == "\n") {continue} # 忽略空白
if (current == "[" || current == "{") {
if (length(pairs) == 0) {start = cursor}
pairs = pairs""current
}
if (current == "]" || current == "}") {
if ((strlastchar(pairs) == "[" && current == "]") || (strlastchar(pairs) == "{" && current == "}")) {
pairs = substr(pairs, 1, length(pairs)-1) # 删掉最后一个字符
if (pairs == "") { # 匹配到了所有的左括号
currentIdx++
if (currentIdx == idx) {
json = substr(json, start, cursor-start+1)
break
}
}
} else {
pairs = pairs""current
}
}
}
} else {
# 到这里,就只能是{"key": "value"}或{"key":{}}或{"key":[{}]}
pairs = ""
json = trim(json)
if (startwith(json, "[")) {exit 0}
#if (!startwith(json, "\"") || !startwith(json, "{")) {json="\""json}
# 找匹配的键
start = 2
cursor = 2
noMatch = 0
for (; cursor <= length(json); cursor++) {
current = strindex(json, cursor)
if (current == " " || current == "\n" || current == ",") {continue} # 忽略空白和逗号
if (substr(json, cursor, length(k)+2) == "\""k"\"") {
json = findValueByKey(substr(json, cursor, length(json)-cursor+1), k)
break
} else {
noMatch = 1
}
if (noMatch) {
pos = match(substr(json, cursor+1, length(json)-cursor), /[^(\\")]"/)
ck = substr(substr(json, cursor+1, length(json)-cursor), 1, pos)
t = findValueByKey(substr(json, cursor, length(json)-cursor+1), ck)
tLen = length(t)
sub(/\\/, "\\\\", t)
pos = match(substr(json, cursor+1, length(json)-cursor), t)
if (pos != 0) {
cursor = cursor + pos + tLen
}
noMatch = 0
continue
}
}
}
}
if (json_orgi == json) { print;exit 0 }
print unquote(json)
}'
}
CODE=${QUERY_STRING:5}
JSON=$(curl "http://localhost:50000/oauth/token" -F code=$CODE -F client_id=7 -F "grant_type=authorization_code" -F "client_secret=U8YvCBMjRHt500vci1ZtMOZ5Yq7nqxjUkk7950Ou" -F "redirect_uri=http://localhost:50000/chat/oauth")
ATOKEN=$(echo $JSON | jsonq ".access_token")
echo Content-type:text
echo
echo --------------------------------------------------------------------------------
echo $(curl -X 'GET' "http://localhost:50000/api/players" -H "Authorization:Bearer $ATOKEN") 回复:
|
本地开发环境未能复现。 我建议你把 Access Token 打出来,看看是不是一个正常的 JWT,如果是,拿着 storage/oauth-public.key 里的公钥,去 jwt.io 验证一下 JWT 签名,再看看 JWT 有没有过期。 |
jwt.io 说有效 {"token_type":"Bearer","expires_in":31536000,"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiI3IiwianRpIjoiYjViYjYxYjIwN2ViNzg1Njk4ZmVjNjA5NTE4YzFiZTMyOGE4NDgwNWVkYjRlZmVlMDE4MDg4NjY3NjNmNWY4ZmYxNDZiMzQxNTQyZDY4OWQiLCJpYXQiOjE3MjcwMTA1MzcuNzQ5OTA4LCJuYmYiOjE3MjcwMTA1MzcuNzQ5OTEsImV4cCI6MTc1ODU0NjUzNy43NDExODMsInN1YiI6IjIiLCJzY29wZXMiOlsiVXNlci5SZWFkIl19.os2ifF7Dol4WXVxH466VlWvfU7-KXZEdIdghpGNNAYfQrwvEpB6DqtNgKG2Wo0-Vv5aSORlLNlXSNTvkzXd85Inpk2sM5136xhZerOLODOA-Sd1m28GU4leU1IOHvTu2070lewgwy7FmPp-wqjRhkOwt-q9Q5bvPDaI_omZ7UT1zB1vSVZft3MsN-P0dV8XYyQx49i3nUbK8vHel5VPSep0zx8Xnrr97aI9ytiZWZYfsdGGNt_g1IesgNvJE8c6IV3js2bgMbHkOgGRUhQjvrUz8XaazUYpLbvOpTfAxI51N2hEt5an2zyfQyyPdudN7ZtJFP7uHJ5rho8FMi6y6XWuStKlItctB8BZd14o_ufchtLx5s9FnN5LZEd3bHgLSxXl1zQGbNpg9fcPx--tzujJwiTJF37_TognewK8OSNrykvE40WW1u9Wqh9ek1hPLPlkUAXx8QTiYPIMSLlBrd4ZXIBZh2j5APgjxf73U8s3GN088t2AsBIXRP72pnpV5vUWCWv4aWhLenmdjFwb87dIHyuwe1f3ycUc4Rb6QgaN4iUoZqWAQk2uYM5RPex7aQo6iNXzlqNRdcfy2rEy3GVVFxr5hjAaZDElSiMwXQGitSCzqwdhwhjkn61Lvf5_fCPnHOoF9jLwVVmIxJs_74n6yq6W9qEnCrPBELtBODVk","refresh_token":"def5020042639308cb93606c23effe3397193c5cefd52095980f48cb9b251c6c71b316b11c355046912899d42d8c98316e21ed02acefca8ee65013097cf1115714cc8cdd1a927e028452113ffda3f2fabcaf2b310223dfa6db82f1f7db274fda5da4cc8a5486cdac7df9fe3d7f882420ea89c0a0808d1135d81f0fde84881ca2536ec1d4e20080fac956724dfea9f86aba99674f94046e19d5c17ea2b329b48de30906d1b2f30b03cf7b98ebb82aef58fe0e5eb21eb9a36798c31acc50e85cb5e77140ac959ab47ca4f30965428b4333d17920c7256ebb48b2cfe3d31d8909a5eee526eb79428b9d46659abe9532897215cff0b674ab74360f0dcb7359899a42c1116bdcbba4f6e89a0eba6fd4548b35b32a4d71706fdba224dc07ab0c87b77d91c742902fd2913e32bed8ef256cc2e277d8e2ce50dcc300e41e29effba2110d246f990da74d1ca7f3798e0f537b002a28b47ada33666d5fe089cdc22f15b1e5f11fc41849166fc188b77023"} 本地全新安装测试失败,说明和bs的配置没有关系 |
和你 PHP 是怎么安装的没关系。 当前开发版及稳定版均无法复现你的问题,无法通过现有信息判断问题所在。我们也进不到你的本地环境做进一步调试。 |
感谢。 |
Blessing Skin 版本
6.0.2
PHP 版本
8.1
出现问题时所使用的浏览器
Safari
您正在使用的 Web Server
Apache
您正在使用宝塔吗?
出现了什么问题?
GET /api/user/*, 没有返回表格,而是一个HTML,用于跳转到登录页
同时 GET /api/[其他] 能正常返回服务器信息
错误日志
No response
重现步骤
登录,然后打开/api/user
The text was updated successfully, but these errors were encountered: