From a850fdbfc7438e0c8ae3378839b06dde2d6f2129 Mon Sep 17 00:00:00 2001
From: CMHopeSunshine <277073121@qq.com>
Date: Fri, 18 Nov 2022 23:13:19 +0800
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20=E4=BF=AE=E5=A4=8D=E4=BD=BF?=
 =?UTF-8?q?=E7=94=A8`nginx`=E5=8F=8D=E4=BB=A3=E5=90=8E`Web=20UI`=E6=97=A5?=
 =?UTF-8?q?=E5=BF=97=E9=9D=9E=E6=B3=95=E8=AF=B7=E6=B1=82=E7=9A=84=E9=97=AE?=
 =?UTF-8?q?=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 LittlePaimon/web/api/status.py      | 14 ++++++++------
 LittlePaimon/web/pages/home_page.py |  4 ++--
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/LittlePaimon/web/api/status.py b/LittlePaimon/web/api/status.py
index 9c9af12..56bf8aa 100644
--- a/LittlePaimon/web/api/status.py
+++ b/LittlePaimon/web/api/status.py
@@ -1,7 +1,7 @@
 import asyncio
-from typing import Union
+from typing import Union, Optional
 
-from fastapi import APIRouter, Request
+from fastapi import APIRouter, Header
 from fastapi.responses import JSONResponse, StreamingResponse
 from nonebot.log import logger, default_filter, default_format
 from LittlePaimon.config import config
@@ -33,8 +33,8 @@ route = APIRouter()
 
 
 @route.get('/log')
-async def get_log(request: Request, level: str = 'info', num: Union[int, str] = 100):
-    if request.headers.get('secret_key') != config.secret_key[:10]:
+async def get_log(token: Optional[str] = Header(...), level: str = 'info', num: Union[int, str] = 100):
+    if token != config.secret_key[:16]:
         return '非法请求'
     show_logs = info_logs[-(num or 1):] if level == 'info' else debug_logs[-(num or 1):]
 
@@ -47,9 +47,11 @@ async def get_log(request: Request, level: str = 'info', num: Union[int, str] =
 
 
 @route.get('/run_cmd')
-async def run_cmd(request: Request, cmd: str):
-    if request.headers.get('secret_key') != config.secret_key[:10]:
+async def run_cmd(token: Optional[str] = Header(...), cmd: str = ''):
+    if token != config.secret_key[:16]:
         return '非法请求'
+    if not cmd:
+        return '无效命令'
     p = await asyncio.create_subprocess_shell(cmd, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE)
     return StreamingResponse(p.stdout or p.stderr)
 
diff --git a/LittlePaimon/web/pages/home_page.py b/LittlePaimon/web/pages/home_page.py
index 5b3dec4..afea4ad 100644
--- a/LittlePaimon/web/pages/home_page.py
+++ b/LittlePaimon/web/pages/home_page.py
@@ -73,7 +73,7 @@ log_page = Log(
         'method': 'get',
         'url': '/LittlePaimon/api/log?level=${log_level | raw}&num=${log_num | raw}',
         'headers': {
-            'secret_key': config.secret_key[:10]
+            'token': config.secret_key[:16]
         }
     }
 )
@@ -97,7 +97,7 @@ cmd_input = Form(
                         'method': 'get',
                         'url': '/LittlePaimon/api/run_cmd?cmd=${command | raw}',
                         'headers': {
-                            'secret_key': config.secret_key[:10]
+                            'token': config.secret_key[:16]
                         }
                     }),
             )