Skip to content

Commit

Permalink
更新至0.3.1(修复了一些安全性问题)
Browse files Browse the repository at this point in the history 
1. 修复了一些安全性的问题
2. 修复了初始化时fixed_properties表中无属性设定数据的bug
  • Loading branch information
@Misaka12456
Misaka12456 committed Apr 10, 2022
1 parent d9de81b commit e6b9dc6
Show file tree
Hide file tree
Showing 25 changed files with 225 additions and 534 deletions.
1 change: 0 additions & 1 deletion Team123it.Arcaea.MarveCube.Standalone/Startup.cs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
using Microsoft.AspNetCore.Http.Features;
using Microsoft.AspNetCore.HttpOverrides;
using System.Enhance.AspNetCore;

namespace Team123it.Arcaea.MarveCube.Standalone
{
Expand Down
6 changes: 3 additions & 3 deletions Team123it.Arcaea.MarveCube.Standalone/Team123it.Arcaea.MarveCube.Standalone.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,11 @@
<PropertyGroup>
<TargetFramework>net6.0</TargetFramework>
<AssemblyName>MarveCube.Standalone</AssemblyName>
<Version>0.3.0</Version>
<Version>0.3.1</Version>
<Company>123 Open-Source Organization</Company>
<Product>Arcaea Server 2(123 Marvelous Cube) Standalone Version</Product>
<AssemblyVersion>0.3.0</AssemblyVersion>
<FileVersion>0.3.0</FileVersion>
<AssemblyVersion>0.3.1</AssemblyVersion>
<FileVersion>0.3.1</FileVersion>
<Copyright>(C)Copyright 2015-2022 123 Open-Source Organization. All rights reserved.</Copyright>
<AssemblyTitle>123 Marvelous Cube Standalone Version</AssemblyTitle>
<Platforms>x64;ARM64</Platforms>
Expand Down
92 changes: 39 additions & 53 deletions Team123it.Arcaea.MarveCube/Bots/Backgrounds.cs
View file
Original file line number Diff line number Diff line change
@@ -1,60 +1,46 @@
using Microsoft.AspNetCore.Http;
using MySql.Data.MySqlClient;
using Team123it.Arcaea.MarveCube.Controllers;
using Team123it.Arcaea.MarveCube.Core;
using static Team123it.Arcaea.MarveCube.GlobalProperties;


namespace Team123it.Arcaea.MarveCube.Bots
{
public static class Background
{
/// <summary>
/// 检查Apikey的有效性。
/// </summary>
/// <exception cref="BotAPIException" />
public static void CheckApiKey(string apikey)
{
var conn = new MySqlConnection(DatabaseConnectURL);
try
{
conn.Open();
var cmd = conn.CreateCommand();
cmd.CommandText = "SELECT COUNT(*),is_banned FROM bots WHERE apikey=?apikey;";
cmd.Parameters.Add(new MySqlParameter("?apikey", apikey));
var rd = cmd.ExecuteReader();
rd.Read();
if (rd.GetInt32(0) == 1)
{
if (rd.GetBoolean(1))
{
throw new BotAPIException(BotAPIException.APIExceptionType.BotIsBlocked,null);
}
}
else
{
throw new BotAPIException(BotAPIException.APIExceptionType.InvalidApiKey,null);
}
}
catch (BotAPIException)
{
throw;
}
finally
{
conn.Close();
}
}

public static bool IsSafeArgument(this HttpRequest req)
{
foreach (var queryStr in req.Query)
{
if (!BotController.IsSafeArgument(queryStr.Key)) return false;
if (!BotController.IsSafeArgument(queryStr.Value)) return false;
continue;
}
return true;
}
}
public static class Background
{
/// <summary>
/// 检查Apikey的有效性。
/// </summary>
/// <exception cref="BotAPIException" />
public static void CheckApiKey(string apikey)
{
var conn = new MySqlConnection(DatabaseConnectURL);
try
{
conn.Open();
var cmd = conn.CreateCommand();
cmd.CommandText = "SELECT COUNT(*),is_banned FROM bots WHERE apikey=?apikey;";
cmd.Parameters.Add(new MySqlParameter("?apikey", apikey));
var rd = cmd.ExecuteReader();
rd.Read();
if (rd.GetInt32(0) == 1)
{
if (rd.GetBoolean(1))
{
throw new BotAPIException(BotAPIException.APIExceptionType.BotIsBlocked,null);
}
}
else
{
throw new BotAPIException(BotAPIException.APIExceptionType.InvalidApiKey,null);
}
}
catch (BotAPIException)
{
throw;
}
finally
{
conn.Close();
}
}
}
}
Loading

0 comments on commit e6b9dc6

Please sign in to comment.