Bennett/Arcaea-server
1
0
Fork 0
mirror of https://github.com/Lost-MSth/Arcaea-server.git synced 2026-02-11 10:27:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

[Bug fix] block headers without app version

Browse Source 
- Fix a bug that headers without `AppVersion` are allowed in client version checking.
This commit is contained in:
Lost-MSth
2023-01-22 22:09:15 +08:00
parent 9636722709
commit 88d949fc18
2 changed files with 10 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
latest version/server/auth.py
View File

@@ -16,10 +16,9 @@ bp = Blueprint('auth', __name__, url_prefix='/auth')
@arc_try @arc_try
def login(): def login():
headers = request.headers headers = request.headers
if 'AppVersion' in headers: # 版本检查 if Config.ALLOW_APPVERSION: # 版本检查
if Config.ALLOW_APPVERSION: if 'AppVersion' not in headers or headers['AppVersion'] not in Config.ALLOW_APPVERSION:
if headers['AppVersion'] not in Config.ALLOW_APPVERSION: raise NoAccess('Invalid app version.', 1203)
raise NoAccess('Wrong app version.', 1203)
request.form['grant_type'] request.form['grant_type']
with Connect() as c: with Connect() as c:
@@ -45,10 +44,9 @@ def auth_required(request):
headers = request.headers headers = request.headers
if 'AppVersion' in headers: # 版本检查 if Config.ALLOW_APPVERSION: # 版本检查
if Config.ALLOW_APPVERSION: if 'AppVersion' not in headers or headers['AppVersion'] not in Config.ALLOW_APPVERSION:
if headers['AppVersion'] not in Config.ALLOW_APPVERSION: return error_return(NoAccess('Invalid app version.', 1203))
return error_return(NoAccess('Wrong app version.', 1203))
with Connect() as c: with Connect() as c:
try: try:

8
latest version/server/user.py
View File

@@ -16,10 +16,10 @@ bp = Blueprint('user', __name__, url_prefix='/user')
@bp.route('', methods=['POST']) # 注册接口 @bp.route('', methods=['POST']) # 注册接口
@arc_try @arc_try
def register(): def register():
if 'AppVersion' in request.headers: # 版本检查 headers = request.headers
if Config.ALLOW_APPVERSION: if Config.ALLOW_APPVERSION: # 版本检查
if request.headers['AppVersion'] not in Config.ALLOW_APPVERSION: if 'AppVersion' not in headers or headers['AppVersion'] not in Config.ALLOW_APPVERSION:
raise NoAccess('Wrong app version.', 1203) raise NoAccess('Invalid app version.', 1203)
with Connect() as c: with Connect() as c:
new_user = UserRegister(c) new_user = UserRegister(c)