Bennett/Arcaea-server
1
0
Fork 0
mirror of https://github.com/Lost-MSth/Arcaea-server.git synced 2026-02-15 12:57:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

Waiting for updating and fix some bugs

Browse Source 
It will be released soon because lowiro will update in some days.
Fix many bugs and I forgot them. :<

I push this because there's a small but serious safety problem. It should be fixed immediately.

Oh, and this update needs you to login in arcaea again because a new function is added.
This commit is contained in:
Lost-MSth
2021-02-08 14:45:10 +08:00
parent c6bb4c9afb
commit a890a9af4a
11 changed files with 563 additions and 574 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
latest version/database/arcaea_database.db
View File

Binary file not shown.

9
latest version/database/database_initialize.py
View File

@@ -37,10 +37,11 @@ ticket int,
prog_boost int
);''')
c.execute('''create table if not exists login(access_token text,
user_id int primary key,
last_login_time int,
last_login_ip text,
last_login_device text
user_id int,
login_time int,
login_ip text,
login_device text,
primary key(access_token, user_id)
);''')
c.execute('''create table if not exists friend(user_id_me int,
user_id_other int,

34
latest version/main.py
View File

@@ -1,6 +1,8 @@
# encoding: utf-8
from flask import Flask, request, jsonify, make_response, send_from_directory
from logging.config import dictConfig
import configparser
from setting import Config
import base64
import server.auth
import server.info
@@ -87,32 +89,29 @@ def login():
id_pwd = headers['Authorization']
id_pwd = base64.b64decode(id_pwd[6:]).decode()
name, password = id_pwd.split(':', 1)
try:
token, error_code = server.auth.arc_login(name, password)
device_id = headers['DeviceId']
token, error_code = server.auth.arc_login(name, password, device_id)
if not error_code:
r = {"success": True, "token_type": "Bearer"}
r['access_token'] = token
return jsonify(r)
else:
return error_return(error_code)
except:
return error_return(108)
@app.route('/latte/13/user/', methods=['POST']) # 注册接口
def register():
name = request.form['name']
password = request.form['password']
try:
user_id, token, error_code = server.auth.arc_register(name, password)
device_id = request.form['device_id']
user_id, token, error_code = server.auth.arc_register(
name, password, device_id)
if user_id is not None:
r = {"success": True, "value": {
'user_id': user_id, 'access_token': token}}
return jsonify(r)
else:
return error_return(error_code) # 应该是101用户名被占用毕竟电子邮箱、设备号没记录
except:
return error_return(108)
return error_return(error_code) # 应该是101用户名被占用毕竟电子邮箱没记录
# 集成式请求,没想到什么好办法处理,就先这样写着
@@ -149,7 +148,9 @@ def character_change(user_id):
@app.route('/latte/<path:path>/toggle_uncap', methods=['POST']) # 角色觉醒切换
@server.auth.auth_required(request)
def character_uncap(user_id, path):
character_id = int(path[22:])
while '//' in path:
path = path.replace('//', '/')
character_id = int(path[21:])
r = server.setme.change_char_uncap(user_id, character_id)
if r is not None:
return jsonify({
@@ -280,7 +281,7 @@ def song_score_post(user_id):
r, re = server.arcscore.arc_score_post(user_id, song_id, difficulty, score, shiny_perfect_count,
perfect_count, near_count, miss_count, health, modifier, beyond_gauge, clear_type)
if r:
if r is not None:
if re:
return jsonify({
"success": True,
@@ -512,12 +513,7 @@ def sys_set(user_id, path):
def main():
config = configparser.ConfigParser()
path = r'setting.ini'
config.read(path, encoding="utf-8")
HOST = config.get('CONFIG', 'HOST')
PORT = config.get('CONFIG', 'PORT')
app.config.from_mapping(SECRET_KEY='1145141919810')
app.config.from_mapping(SECRET_KEY=Config.SECRET_KEY)
app.register_blueprint(web.login.bp)
app.register_blueprint(web.index.bp)
@@ -541,7 +537,7 @@ def main():
else:
app.logger.info('Complete!')
app.run(HOST, PORT)
app.run(Config.HOST, Config.PORT)
if __name__ == '__main__':

2
latest version/run.bat
View File

@@ -1 +1 @@
python main.py
python -B main.py

5
latest version/server/arcdownload.py
View File

@@ -4,9 +4,10 @@ from flask import url_for
import sqlite3
from server.sql import Connect
import time
from setting import Config
time_limit = 3000 # 每个玩家24小时下载次数限制
time_gap_limit = 1000 # 下载链接有效秒数
time_limit = Config.DOWNLOAD_TIMES_LIMIT # 每个玩家24小时下载次数限制
time_gap_limit = Config.DOWNLOAD_TIME_GAP_LIMIT # 下载链接有效秒数
def get_file_md5(file_path):

2
latest version/server/arcscore.py
View File

@@ -364,7 +364,7 @@ def update_recent30(c, user_id, song_id, rating, is_protected):
def arc_score_post(user_id, song_id, difficulty, score, shiny_perfect_count, perfect_count, near_count, miss_count, health, modifier, beyond_gauge, clear_type):
# 分数上传返回变化后的ptt和世界模式变化
ptt = 0
ptt = None
re = None
with Connect() as c:
rating = get_one_ptt(song_id, difficulty, score)

38
latest version/server/auth.py
View File

@@ -3,9 +3,10 @@ import time
import server.arcworld
from server.sql import Connect
import functools
from setting import Config
def arc_login(name: str, password: str) -> str: # 登录判断
def arc_login(name: str, password: str, device_id: str): # 登录判断
# 查询数据库中的user表验证账号密码返回并记录token多返回个error code
# token采用user_id和时间戳连接后hash生成真的是瞎想的没用bear
# 密码和token的加密方式为 SHA-256
@@ -27,14 +28,29 @@ def arc_login(name: str, password: str) -> str: # 登录判断
token = hashlib.sha256(
(user_id + str(now)).encode("utf8")).hexdigest()
c.execute(
'''select exists(select * from login where user_id = :user_id)''', {"user_id": user_id})
'''select login_device from login where user_id = :user_id''', {"user_id": user_id})
y = c.fetchall()
if y:
device_list = []
for i in y:
if i[0]:
device_list.append(i[0])
else:
device_list.append('')
if device_id in device_list:
c.execute('''delete from login where login_device=:a''', {
'a': device_id})
should_delete_num = len(
device_list) - Config.LOGIN_DEVICE_NUMBER_LIMIT
else:
should_delete_num = len(
device_list) + 1 - Config.LOGIN_DEVICE_NUMBER_LIMIT
if should_delete_num >= 1: # 删掉多余token
c.execute('''delete from login where rowid in (select rowid from login where user_id=:user_id limit :a);''',
{'user_id': user_id, 'a': int(should_delete_num)})
if c.fetchone() == (1,): # 删掉多余token
c.execute('''delete from login where user_id = :user_id''',
{'user_id': user_id})
c.execute('''insert into login(access_token, user_id) values(:access_token, :user_id)''', {
'user_id': user_id, 'access_token': token})
c.execute('''insert into login(access_token, user_id, login_device) values(:access_token, :user_id, :device_id)''', {
'user_id': user_id, 'access_token': token, 'device_id': device_id})
error_code = None
else:
# 密码错误
@@ -46,7 +62,7 @@ def arc_login(name: str, password: str) -> str: # 登录判断
return token, error_code
def arc_register(name: str, password: str): # 注册
def arc_register(name: str, password: str, device_id: str): # 注册
# 账号注册只记录hash密码和用户名生成user_id和user_code自动登录返回token
# token和密码的处理同登录部分
@@ -100,8 +116,8 @@ def arc_register(name: str, password: str): # 注册
token = hashlib.sha256(
(str(user_id) + str(now)).encode("utf8")).hexdigest()
c.execute('''insert into login(access_token, user_id) values(:access_token, :user_id)''', {
'user_id': user_id, 'access_token': token})
c.execute('''insert into login(access_token, user_id, login_device) values(:access_token, :user_id, :device_id)''', {
'user_id': user_id, 'access_token': token, 'device_id': device_id})
insert_user_char(c, user_id)
error_code = 0

7
latest version/setting.ini
View File

@@ -1,7 +0,0 @@
[CONFIG]
HOST = 192.168.1.113
PORT = 80
[WEB]
USERNAME = admin
PASSWORD = admin

62
latest version/setting.py Normal file
View File

@@ -0,0 +1,62 @@
class Config():
'''
This is the setting file. You can change some parameters here.
'''
'''
--------------------
主机的地址和端口号
Host and port of your server
'''
HOST = '192.168.1.113'
PORT = '80'
'''
--------------------
'''
'''
--------------------
Web后台管理页面的用户名和密码
Username and password of web background management page
'''
USERNAME = 'admin'
PASSWORD = 'admin'
'''
--------------------
'''
'''
--------------------
Web后台管理页面的session秘钥如果不知道是什么请不要修改
Session key of web background management page
If you don't know what it is, please don't modify it.
'''
SECRET_KEY = '1145141919810'
'''
--------------------
'''
'''
--------------------
玩家歌曲下载的24小时次数限制
Player's song download limit times in 24 hours
'''
DOWNLOAD_TIMES_LIMIT = 3000
'''
歌曲下载链接的有效时长,单位:秒
Effective duration of song download link, unit: seconds
'''
DOWNLOAD_TIME_GAP_LIMIT = 1000
'''
--------------------
'''
'''
--------------------
Arcaea登录的最大允许设备数量最小值为1
The maximum number of devices allowed to log in Arcaea, minimum: 1
'''
LOGIN_DEVICE_NUMBER_LIMIT = 1
'''
--------------------
'''

134
latest version/web/index.py
View File

@@ -3,7 +3,7 @@ from flask import (
)
from web.login import login_required
from werkzeug.utils import secure_filename
import sqlite3
from server.sql import Connect
import web.webscore
import web.system
import time
@@ -43,8 +43,7 @@ def single_player_score():
user_code = request.form['user_code']
error = None
if name or user_code:
conn = sqlite3.connect('./database/arcaea_database.db')
c = conn.cursor()
with Connect() as c:
if user_code:
c.execute('''select user_id from user where user_code=:a''', {
'a': user_code})
@@ -61,8 +60,6 @@ def single_player_score():
error = '无成绩 No score.'
else:
error = '玩家不存在 The player does not exist.'
conn.commit()
conn.close()
else:
error = '输入为空 Null Input.'
@@ -84,8 +81,7 @@ def single_player_ptt():
user_code = request.form['user_code']
error = None
if name or user_code:
conn = sqlite3.connect('./database/arcaea_database.db')
c = conn.cursor()
with Connect() as c:
if user_code:
c.execute('''select user_id from user where user_code=:a''', {
'a': user_code})
@@ -99,7 +95,8 @@ def single_player_ptt():
user_id = user_id[0]
user = web.webscore.get_user(c, user_id)
posts = web.webscore.get_user_score(c, user_id, 30)
recent, recentptt = web.webscore.get_user_recent30(c, user_id)
recent, recentptt = web.webscore.get_user_recent30(
c, user_id)
if not posts:
error = '无成绩 No score.'
else:
@@ -111,8 +108,6 @@ def single_player_ptt():
else:
error = '玩家不存在 The player does not exist.'
conn.commit()
conn.close()
else:
error = '输入为空 Null Input.'
@@ -128,11 +123,10 @@ def single_player_ptt():
@login_required
def all_player():
# 所有玩家数据按照ptt排序
conn = sqlite3.connect('./database/arcaea_database.db')
c = conn.cursor()
error = None
with Connect() as c:
c.execute('''select * from user order by rating_ptt DESC''')
x = c.fetchall()
error = None
if x:
posts = []
for i in x:
@@ -164,8 +158,6 @@ def all_player():
else:
error = '没有玩家数据 No player data.'
conn.commit()
conn.close()
if error:
flash(error)
return render_template('web/allplayer.html')
@@ -184,11 +176,10 @@ def all_song():
else:
return None
conn = sqlite3.connect('./database/arcsong.db')
c = conn.cursor()
error = None
with Connect('./database/arcsong.db') as c:
c.execute('''select * from songs''')
x = c.fetchall()
error = None
if x:
posts = []
for i in x:
@@ -202,8 +193,6 @@ def all_song():
else:
error = '没有铺面数据 No song data.'
conn.commit()
conn.close()
if error:
flash(error)
return render_template('web/allsong.html')
@@ -221,15 +210,13 @@ def single_chart_top():
if difficulty.isdigit():
difficulty = int(difficulty)
error = None
conn = sqlite3.connect('./database/arcsong.db')
c = conn.cursor()
x = None
with Connect('./database/arcsong.db') as c:
song_name = '%'+song_name+'%'
c.execute('''select sid, name_en from songs where sid like :a limit 1''',
{'a': song_name})
x = c.fetchone()
conn.commit()
conn.close()
print(x)
if x:
song_id = x[0]
posts = server.arcscore.arc_score_top(song_id, difficulty, -1)
@@ -317,8 +304,8 @@ def add_song():
song_id = song_id[:200]
if len(name_en) >= 256:
name_en = name_en[:200]
conn = sqlite3.connect('./database/arcsong.db')
c = conn.cursor()
with Connect('./database/arcsong.db') as c:
c.execute(
'''select exists(select * from songs where sid=:a)''', {'a': song_id})
if c.fetchone() == (0,):
@@ -328,9 +315,6 @@ def add_song():
else:
error = '歌曲已存在 The song exists.'
conn.commit()
conn.close()
if error:
flash(error)
@@ -344,8 +328,7 @@ def delete_song():
error = None
song_id = request.form['sid']
conn = sqlite3.connect('./database/arcsong.db')
c = conn.cursor()
with Connect('./database/arcsong.db') as c:
c.execute(
'''select exists(select * from songs where sid=:a)''', {'a': song_id})
if c.fetchone() == (1,):
@@ -354,8 +337,6 @@ def delete_song():
else:
error = "歌曲不存在 The song doesn't exist."
conn.commit()
conn.close()
if error:
flash(error)
@@ -366,12 +347,10 @@ def delete_song():
@login_required
def all_character():
# 所有角色数据
conn = sqlite3.connect('./database/arcaea_database.db')
c = conn.cursor()
error = None
with Connect() as c:
c.execute('''select * from character''')
x = c.fetchall()
error = None
if x:
posts = []
for i in x:
@@ -389,8 +368,6 @@ def all_character():
else:
error = '没有角色数据 No character data.'
conn.commit()
conn.close()
if error:
flash(error)
return render_template('web/allchar.html')
@@ -443,8 +420,7 @@ def edit_char():
flash(error)
return redirect(url_for('index.change_character'))
conn = sqlite3.connect('./database/arcaea_database.db')
c = conn.cursor()
with Connect() as c:
c.execute(
'''select exists(select * from character where character_id=:a)''', {'a': character_id})
if c.fetchone() == (1,):
@@ -484,9 +460,6 @@ def edit_char():
else:
error = '角色不存在 The character does not exist.'
conn.commit()
conn.close()
if error:
flash(error)
@@ -497,11 +470,8 @@ def edit_char():
@login_required
def update_character():
# 更新角色数据
conn = sqlite3.connect('./database/arcaea_database.db')
c = conn.cursor()
with Connect() as c:
web.system.update_user_char(c)
conn.commit()
conn.close()
flash('数据更新成功 Success update data.')
return redirect(url_for('index.change_character'))
@@ -535,8 +505,7 @@ def edit_user():
flash(error)
return redirect(url_for('index.change_user'))
conn = sqlite3.connect('./database/arcaea_database.db')
c = conn.cursor()
with Connect() as c:
# 全修改
if 'name' not in request.form and 'user_code' not in request.form:
@@ -583,8 +552,6 @@ def edit_user():
if flag:
error = '输入为空 Null Input.'
conn.commit()
conn.close()
if error:
flash(error)
@@ -614,8 +581,7 @@ def edit_user_purchase():
flash('输入为空 Null Input.')
return redirect(url_for('index.change_user_purchase'))
conn = sqlite3.connect('./database/arcaea_database.db')
c = conn.cursor()
with Connect() as c:
# 全修改
if 'name' not in request.form and 'user_code' not in request.form:
@@ -659,8 +625,6 @@ def edit_user_purchase():
if flag:
error = '输入为空 Null Input.'
conn.commit()
conn.close()
if error:
flash(error)
@@ -730,8 +694,7 @@ def change_item():
flash(error)
return redirect(url_for('index.change_item'))
conn = sqlite3.connect('./database/arcaea_database.db')
c = conn.cursor()
with Connect() as c:
c.execute(
'''select exists(select * from item where item_id=:a and type=:b)''', {'a': item_id, 'b': item_type})
if c.fetchone() == (1,):
@@ -762,8 +725,6 @@ def change_item():
else:
error = '购买项目不存在 The item does not exist.'
conn.commit()
conn.close()
if error:
flash(error)
@@ -783,8 +744,7 @@ def update_user_save():
name = None
user_code = None
conn = sqlite3.connect('./database/arcaea_database.db')
c = conn.cursor()
with Connect() as c:
# 全修改
if 'name' not in request.form and 'user_code' not in request.form:
@@ -819,8 +779,6 @@ def update_user_save():
if flag:
error = '输入为空 Null Input.'
conn.commit()
conn.close()
if error:
flash(error)
@@ -832,11 +790,10 @@ def update_user_save():
def all_present():
# 所有奖励数据
conn = sqlite3.connect('./database/arcaea_database.db')
c = conn.cursor()
error = None
with Connect() as c:
c.execute('''select * from present''')
x = c.fetchall()
error = None
if x:
posts = []
for i in x:
@@ -854,8 +811,6 @@ def all_present():
else:
error = '没有奖励数据 No present data.'
conn.commit()
conn.close()
if error:
flash(error)
return render_template('web/allpresent.html')
@@ -941,12 +896,9 @@ def deliver_present():
user_code = None
present_id = request.form['present_id']
conn = sqlite3.connect('./database/arcaea_database.db')
c = conn.cursor()
with Connect() as c:
if not web.system.is_present_available(c, present_id):
flash("奖励不存在 The present does not exist.")
conn.commit()
conn.close()
return render_template('web/deliverpresent.html')
# 全修改
@@ -980,8 +932,6 @@ def deliver_present():
if flag:
error = '输入为空 Null Input.'
conn.commit()
conn.close()
if error:
flash(error)
@@ -993,11 +943,10 @@ def deliver_present():
def all_redeem():
# 所有兑换码数据
conn = sqlite3.connect('./database/arcaea_database.db')
c = conn.cursor()
error = None
with Connect() as c:
c.execute('''select * from redeem''')
x = c.fetchall()
error = None
if x:
posts = []
for i in x:
@@ -1014,8 +963,6 @@ def all_redeem():
else:
error = '没有兑换码数据 No redeem code data.'
conn.commit()
conn.close()
if error:
flash(error)
return render_template('web/allredeem.html')
@@ -1106,12 +1053,11 @@ def delete_redeem():
def one_redeem(code):
# 某个兑换码的用户使用情况数据
conn = sqlite3.connect('./database/arcaea_database.db')
c = conn.cursor()
error = None
with Connect() as c:
c.execute(
'''select user_id, name, user_code from user where user_id in (select user_id from user_redeem where code=:a)''', {'a': code})
x = c.fetchall()
error = None
if x:
posts = []
for i in x:
@@ -1122,8 +1068,6 @@ def one_redeem(code):
else:
error = '没有数据 No data.'
conn.commit()
conn.close()
if error:
flash(error)
return render_template('web/redeem.html', code=code)
@@ -1152,9 +1096,7 @@ def edit_userpwd():
flash('密码太长或太短 Password is too long or too short!')
return render_template('web/changeuserpwd.html')
conn = sqlite3.connect('./database/arcaea_database.db')
c = conn.cursor()
with Connect() as c:
if name or user_code:
if user_code:
@@ -1176,8 +1118,6 @@ def edit_userpwd():
else:
error = '输入为空 Null Input.'
conn.commit()
conn.close()
if error:
flash(error)
@@ -1196,9 +1136,7 @@ def ban_user():
name = request.form['name']
user_code = request.form['user_code']
conn = sqlite3.connect('./database/arcaea_database.db')
c = conn.cursor()
with Connect() as c:
if name or user_code:
if user_code:
c.execute('''select user_id from user where user_code=:a''', {
@@ -1219,8 +1157,6 @@ def ban_user():
else:
error = '输入为空 Null Input.'
conn.commit()
conn.close()
if error:
flash(error)
@@ -1236,9 +1172,7 @@ def delete_user_score():
name = request.form['name']
user_code = request.form['user_code']
conn = sqlite3.connect('./database/arcaea_database.db')
c = conn.cursor()
with Connect() as c:
if name or user_code:
if user_code:
c.execute('''select user_id from user where user_code=:a''', {
@@ -1259,8 +1193,6 @@ def delete_user_score():
else:
error = '输入为空 Null Input.'
conn.commit()
conn.close()
if error:
flash(error)

22
latest version/web/login.py
View File

@@ -2,7 +2,7 @@
from flask import (Blueprint, flash, g, redirect,
render_template, request, session, url_for)
import functools
import configparser
from setting import Config
bp = Blueprint('login', __name__, url_prefix='/web')
@@ -15,18 +15,12 @@ def login():
password = request.form['password']
error = None
config = configparser.ConfigParser()
path = r'setting.ini'
config.read(path, encoding="utf-8")
USERNAME = config.get('WEB', 'USERNAME')
PASSWORD = config.get('WEB', 'PASSWORD')
if username != USERNAME and password != PASSWORD:
if username != Config.USERNAME or password != Config.PASSWORD:
error = '错误的用户名或密码 Incorrect username or password.'
if error is None:
session.clear()
session['user_id'] = USERNAME + PASSWORD
session['user_id'] = Config.USERNAME + Config.PASSWORD
return redirect(url_for('index.index'))
flash(error)
@@ -48,16 +42,10 @@ def login_required(view):
def wrapped_view(**kwargs):
x = session.get('user_id')
config = configparser.ConfigParser()
path = r'setting.ini'
config.read(path, encoding="utf-8")
USERNAME = config.get('WEB', 'USERNAME')
PASSWORD = config.get('WEB', 'PASSWORD')
if x != USERNAME + PASSWORD:
if x != Config.USERNAME + Config.PASSWORD:
return redirect(url_for('login.login'))
g.user = {'user_id': x, 'username': USERNAME}
g.user = {'user_id': x, 'username': Config.USERNAME}
return view(**kwargs)
return wrapped_view