blessing-skin-server
blessing-skin-server copied to clipboard
bs-community
/api/user 失效
Blessing Skin 版本
6.0.2
PHP 版本
8.1
出现问题时所使用的浏览器
Safari
您正在使用的 Web Server
Apache
您正在使用宝塔吗?
- [ ] 是
出现了什么问题?
GET /api/user/*, 没有返回表格,而是一个HTML,用于跳转到登录页
<!DOCTYPE html> <html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='http://localhost:50000/auth/login'" /> <title>Redirecting to http://localhost:50000/auth/login</title> </head> <body> Redirecting to <a href="http://localhost:50000/auth/login">http://localhost:50000/auth/login</a>. </body> </html>
同时 GET /api/[其他] 能正常返回服务器信息
错误日志
No response
重现步骤
登录,然后打开/api/user
你截个用于「检查是否经过认证」的中间件的代码说条毛线呢?
你给的信息太少,不足以判断问题所在。从你给的复现步骤里我感觉你像是在用浏览器请求 API,但我也不是很懂你拿 Safari 请求给第三方应用使用的 API 是什么操作。
请给出完整的复现步骤,包括你怎么获取 Access Token 和请求 API 的代码。
还有,我不想骂人,但你真的应该好好读一遍《提问的智慧》。
抱歉看错代码了,主要我也不是很会php。对不起。 完整CGI请求代码及返回内容: index.sh
#!/bin/zsh
jsonq() {
local json=$(cat)
awk -v json="$json" -v json_orgi="$json" -v key="$1" '
function strlastchar(s) {
return substr(s, length(s), 1)
}
function startwith(s, c) {
start = substr(s, 1, 1)
return start == c
}
function endwith(s, c) {
return strlastchar(s) == c
}
function innerstr(s) { # 取出括号/引号内的内容
return substr(s, 2, length(s)-2)
}
function strindex(s, n) { # 字符串通过下标取值,索引是从1开始的
return substr(s, n, 1)
}
function trim(s) {
sub("^[ \n]*", "", s);
sub("[ \n]*$", "", s);
return s
}
function findValueByKey(s, k) {
if ("\""k"\"" != substr(s, 1, length(k)+2)) {exit 0}
s = trim(s)
start = 0; stop = 0; layer = 0
for (i = 2 + length(k) + 1; i <= length(s); ++i) {
lastChar = substr(s, i - 1, 1)
currChar = substr(s, i, 1)
if (start <= 0) {
if (lastChar == ":") {
start = currChar == " " ? i + 1: i
if (currChar == "{" || currChar == "[") {
layer = 1
}
}
} else {
if (currChar == "{" || currChar == "[") {
++layer
}
if (currChar == "}" || currChar == "]") {
--layer
}
if ((currChar == "," || currChar == "}" || currChar == "]") && layer <= 0) {
stop = currChar == "," ? i : i + 1 + layer
break
}
}
}
if (start <= 0 || stop <= 0 || start > length(s) || stop > length(s) || start >= stop) {
exit 0
} else {
return trim(substr(s, start, stop - start))
}
}
function unquote(s) {
if (startwith(s, "\"")) {
s = substr(s, 2, length(s)-1)
}
if (endwith(s, "\"")) {
s = substr(s, 1, length(s)-1)
}
return s
}
BEGIN{
if (match(key, /^\./) == 0) {exit 0;}
sub(/\][ ]*\[/,"].[", key)
split(key, ks, ".")
if (length(ks) == 1) {print json; exit 0}
for (j = 2; j <= length(ks); j++) {
k = ks[j]
if (startwith(k, "[") && endwith(k, "]") == 1) { # [n]
idx = innerstr(k)
currentIdx = -1
# 找匹配对
pairs = ""
json = trim(json)
if (startwith(json, "[") == 0) {
exit 0
}
start = 2
cursor = 2
for (; cursor <= length(json); cursor++) {
current = strindex(json, cursor)
if (current == " " || current == "\n") {continue} # 忽略空白
if (current == "[" || current == "{") {
if (length(pairs) == 0) {start = cursor}
pairs = pairs""current
}
if (current == "]" || current == "}") {
if ((strlastchar(pairs) == "[" && current == "]") || (strlastchar(pairs) == "{" && current == "}")) {
pairs = substr(pairs, 1, length(pairs)-1) # 删掉最后一个字符
if (pairs == "") { # 匹配到了所有的左括号
currentIdx++
if (currentIdx == idx) {
json = substr(json, start, cursor-start+1)
break
}
}
} else {
pairs = pairs""current
}
}
}
} else {
# 到这里,就只能是{"key": "value"}或{"key":{}}或{"key":[{}]}
pairs = ""
json = trim(json)
if (startwith(json, "[")) {exit 0}
#if (!startwith(json, "\"") || !startwith(json, "{")) {json="\""json}
# 找匹配的键
start = 2
cursor = 2
noMatch = 0
for (; cursor <= length(json); cursor++) {
current = strindex(json, cursor)
if (current == " " || current == "\n" || current == ",") {continue} # 忽略空白和逗号
if (substr(json, cursor, length(k)+2) == "\""k"\"") {
json = findValueByKey(substr(json, cursor, length(json)-cursor+1), k)
break
} else {
noMatch = 1
}
if (noMatch) {
pos = match(substr(json, cursor+1, length(json)-cursor), /[^(\\")]"/)
ck = substr(substr(json, cursor+1, length(json)-cursor), 1, pos)
t = findValueByKey(substr(json, cursor, length(json)-cursor+1), ck)
tLen = length(t)
sub(/\\/, "\\\\", t)
pos = match(substr(json, cursor+1, length(json)-cursor), t)
if (pos != 0) {
cursor = cursor + pos + tLen
}
noMatch = 0
continue
}
}
}
}
if (json_orgi == json) { print;exit 0 }
print unquote(json)
}'
}
CODE=${QUERY_STRING:5}
JSON=$(curl "http://localhost:50000/oauth/token" -F code=$CODE -F client_id=7 -F "grant_type=authorization_code" -F "client_secret=U8YvCBMjRHt500vci1ZtMOZ5Yq7nqxjUkk7950Ou" -F "redirect_uri=http://localhost:50000/chat/oauth")
ATOKEN=$(echo $JSON | jsonq ".access_token")
echo Content-type:text
echo
echo --------------------------------------------------------------------------------
echo $(curl -X 'GET' "http://localhost:50000/api/players" -H "Authorization:Bearer $ATOKEN")
回复:
<!DOCTYPE html> <html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh"
content="0;url='http://localhost:50000/auth/login'" /> <title>Redirecting to http://localhost:50000/auth/login</title>
</head> <body> Redirecting to <a href="http://localhost:50000/auth/login">http://localhost:50000/auth/login</a>.
</body> </html>
另外想问一下怎么看日志啊
https://blessing.netlify.app/report.html#%E6%88%91%E5%BA%94%E8%AF%A5%E6%8F%90%E4%BE%9B%E4%BB%80%E4%B9%88%E4%BF%A1%E6%81%AF%E7%BB%99%E5%BC%80%E5%8F%91%E8%80%85%E4%BB%A5%E5%B8%AE%E5%8A%A9%E8%B0%83%E8%AF%95
不喜欢看手册其实可以说
本地开发环境未能复现。
我建议你把 Access Token 打出来,看看是不是一个正常的 JWT,如果是,拿着 storage/oauth-public.key 里的公钥,去 jwt.io 验证一下 JWT 签名,再看看 JWT 有没有过期。
jwt.io 说有效
{"token_type":"Bearer","expires_in":31536000,"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiI3IiwianRpIjoiYjViYjYxYjIwN2ViNzg1Njk4ZmVjNjA5NTE4YzFiZTMyOGE4NDgwNWVkYjRlZmVlMDE4MDg4NjY3NjNmNWY4ZmYxNDZiMzQxNTQyZDY4OWQiLCJpYXQiOjE3MjcwMTA1MzcuNzQ5OTA4LCJuYmYiOjE3MjcwMTA1MzcuNzQ5OTEsImV4cCI6MTc1ODU0NjUzNy43NDExODMsInN1YiI6IjIiLCJzY29wZXMiOlsiVXNlci5SZWFkIl19.os2ifF7Dol4WXVxH466VlWvfU7-KXZEdIdghpGNNAYfQrwvEpB6DqtNgKG2Wo0-Vv5aSORlLNlXSNTvkzXd85Inpk2sM5136xhZerOLODOA-Sd1m28GU4leU1IOHvTu2070lewgwy7FmPp-wqjRhkOwt-q9Q5bvPDaI_omZ7UT1zB1vSVZft3MsN-P0dV8XYyQx49i3nUbK8vHel5VPSep0zx8Xnrr97aI9ytiZWZYfsdGGNt_g1IesgNvJE8c6IV3js2bgMbHkOgGRUhQjvrUz8XaazUYpLbvOpTfAxI51N2hEt5an2zyfQyyPdudN7ZtJFP7uHJ5rho8FMi6y6XWuStKlItctB8BZd14o_ufchtLx5s9FnN5LZEd3bHgLSxXl1zQGbNpg9fcPx--tzujJwiTJF37_TognewK8OSNrykvE40WW1u9Wqh9ek1hPLPlkUAXx8QTiYPIMSLlBrd4ZXIBZh2j5APgjxf73U8s3GN088t2AsBIXRP72pnpV5vUWCWv4aWhLenmdjFwb87dIHyuwe1f3ycUc4Rb6QgaN4iUoZqWAQk2uYM5RPex7aQo6iNXzlqNRdcfy2rEy3GVVFxr5hjAaZDElSiMwXQGitSCzqwdhwhjkn61Lvf5_fCPnHOoF9jLwVVmIxJs_74n6yq6W9qEnCrPBELtBODVk","refresh_token":"def5020042639308cb93606c23effe3397193c5cefd52095980f48cb9b251c6c71b316b11c355046912899d42d8c98316e21ed02acefca8ee65013097cf1115714cc8cdd1a927e028452113ffda3f2fabcaf2b310223dfa6db82f1f7db274fda5da4cc8a5486cdac7df9fe3d7f882420ea89c0a0808d1135d81f0fde84881ca2536ec1d4e20080fac956724dfea9f86aba99674f94046e19d5c17ea2b329b48de30906d1b2f30b03cf7b98ebb82aef58fe0e5eb21eb9a36798c31acc50e85cb5e77140ac959ab47ca4f30965428b4333d17920c7256ebb48b2cfe3d31d8909a5eee526eb79428b9d46659abe9532897215cff0b674ab74360f0dcb7359899a42c1116bdcbba4f6e89a0eba6fd4548b35b32a4d71706fdba224dc07ab0c87b77d91c742902fd2913e32bed8ef256cc2e277d8e2ce50dcc300e41e29effba2110d246f990da74d1ca7f3798e0f537b002a28b47ada33666d5fe089cdc22f15b1e5f11fc41849166fc188b77023"}
本地全新安装测试失败,说明和bs的配置没有关系
在index.php里加了一个echo $request, 结果:
GET /api/user HTTP/1.1
Accept: */*
Host: 127.0.0.1:50001
User-Agent: curl/8.7.1
根本没有Authorization
但是HTTP抓包时有这个请求头:
GET /api/user HTTP/1.1
Host: localhost:50001
User-Agent: curl/8.7.1
Accept: */*
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiIxIiwianRpIjoiMjI4NmZhNGY1ZDcyNjBhNGZlNTMzMDI4MmYxNzM4OWRkYzEyZGI0ZTI3ODNlOWVkY2Y5YTI0MDNkNDU3NTM1NjVjMjE5OWMxNGFjYjEwZTkiLCJpYXQiOjE3MzMxNzYxOTYuNzEyMjkzLCJuYmYiOjE3MzMxNzYxOTYuNzEyMjk0LCJleHAiOjE3NjQ3MTIxOTYuNzA3NDY2LCJzdWIiOiIxIiwic2NvcGVzIjpbIlVzZXIuUmVhZCJdfQ.GeHLhpgwfPqKNBTHVGskx-yEYTyHfTdiJ-_z96tn4zJYiKiS50HSHpiW0g5p7ArU_tqqFlGvSV4tPM1UXiI9CmIVJv-Q_4xF7epA_dcwgtz544GRCOtca-zorzHWN8mMXwYty5bGqM_CX1UBEBaMDECGXE-qwQLZA7nAnfTWgu0Okn2A1fQdYceJccuUffXz3zcJ_ZwBdSf4l5ud5UzarScZ5ZRnnNWaTk6nKQu9ehR7J84ZBGX14ES1u5oQw-rQ_KfYDdcl7bL6L-38IR7bS6JFfidZ2RodxIbGNzU3-GAsZXvolG1XzicEZeK6mWoacjeCNmJW3ug6eDkyFTigBg2yIBoFjvTtyzGWvDYQcKQwcaTluOE7bNeihrXmQOFzlWB7C7L2ca-lqQc-I6pUyWCMdF07X9gboX0UPTsVQF44h4rPglczvfYQF6HWpOnZ6aVQSqaVWCExf5gCiC2pKZcpPQU97wjx9hYNGfVUjpIfRUVxBegCkKFupAlMmKxlDKUMZviqZJX35HVKqXTlWHDMhy0tOpbpmLbpTtXj0vX8yGRhV_cxsRF1WdTQJUV_-yI56kK320tuYy0Bwoa1ouz52j_qZjVk7SyRNkDbRMZmQr1HYfOARumCkKR8BjNMp5xuLHPuvU1Xr-pg7QMvj9sJIwOeZ4znA25Y8FEg6hI
解决啦! 首先根据上面的结论可以看出根本不是bs的问题,然后查了一下“Apache HTTPd 丢失请求头“,按照说明加了一个"SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0"解决