From 56387371ab4e40310a5915ca5d6ceee91d8ff1e9 Mon Sep 17 00:00:00 2001
From: moonrailgun <moonrailgun@gmail.com>
Date: Fri, 30 Dec 2022 20:27:37 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20registerAuthWhitelist=20=E5=BC=BA?=
 =?UTF-8?q?=E5=88=B6=E5=A2=9E=E5=8A=A0=E6=8F=92=E4=BB=B6=E5=90=8D=E5=89=8D?=
 =?UTF-8?q?=E7=BC=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

避免越权申请白名单的问题(表面防止)
---
 server/packages/sdk/src/services/base.ts                    | 6 +++---
 .../com.msgbyte.github/services/subscribe.service.ts        | 4 +---
 .../services/prettyinvite.service.ts                        | 2 +-
 .../services/simplenotify.service.ts                        | 4 +---
 server/services/core/config.service.ts                      | 2 +-
 server/services/core/user/user.service.ts                   | 2 +-
 server/services/openapi/bot.service.ts                      | 2 +-
 7 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/server/packages/sdk/src/services/base.ts b/server/packages/sdk/src/services/base.ts
index 3981ef7a..cc4c91e9 100644
--- a/server/packages/sdk/src/services/base.ts
+++ b/server/packages/sdk/src/services/base.ts
@@ -285,15 +285,15 @@ export abstract class TcService extends Service {
 
   /**
    * 注册跳过token鉴权的路由地址
-   * @param urls 鉴权路由
-   * @example "/user/login"
+   * @param urls 鉴权路由 会自动添加 serviceName 前缀
+   * @example "/login"
    */
   registerAuthWhitelist(urls: string[]) {
     this.waitForServices('gateway').then(() => {
       this.broker.broadcast(
         'gateway.auth.addWhitelists',
         {
-          urls,
+          urls: urls.map((url) => `/${this.serviceName}${url}`),
         },
         'gateway'
       );
diff --git a/server/plugins/com.msgbyte.github/services/subscribe.service.ts b/server/plugins/com.msgbyte.github/services/subscribe.service.ts
index faca6fe8..ec85b33d 100644
--- a/server/plugins/com.msgbyte.github/services/subscribe.service.ts
+++ b/server/plugins/com.msgbyte.github/services/subscribe.service.ts
@@ -48,9 +48,7 @@ class GithubSubscribeService extends TcService {
     });
     this.registerAction('webhook.callback', this.webhookHandler);
 
-    this.registerAuthWhitelist([
-      '/plugin:com.msgbyte.github.subscribe/webhook/callback',
-    ]);
+    this.registerAuthWhitelist(['/webhook/callback']);
   }
 
   protected onInited(): void {
diff --git a/server/plugins/com.msgbyte.prettyinvite/services/prettyinvite.service.ts b/server/plugins/com.msgbyte.prettyinvite/services/prettyinvite.service.ts
index aa6a7658..76dd2b6f 100644
--- a/server/plugins/com.msgbyte.prettyinvite/services/prettyinvite.service.ts
+++ b/server/plugins/com.msgbyte.prettyinvite/services/prettyinvite.service.ts
@@ -68,7 +68,7 @@ class PrettyinviteService extends TcService {
       },
     });
 
-    this.registerAuthWhitelist(['/plugin:com.msgbyte.prettyinvite/badge']);
+    this.registerAuthWhitelist(['/badge']);
   }
 
   async badge(
diff --git a/server/plugins/com.msgbyte.simplenotify/services/simplenotify.service.ts b/server/plugins/com.msgbyte.simplenotify/services/simplenotify.service.ts
index bc0e8c05..4429ecda 100644
--- a/server/plugins/com.msgbyte.simplenotify/services/simplenotify.service.ts
+++ b/server/plugins/com.msgbyte.simplenotify/services/simplenotify.service.ts
@@ -58,9 +58,7 @@ class SimpleNotifyService extends TcService {
       },
     });
 
-    this.registerAuthWhitelist([
-      '/plugin:com.msgbyte.simplenotify/webhook/callback',
-    ]);
+    this.registerAuthWhitelist(['/webhook/callback']);
   }
 
   protected onInited(): void {
diff --git a/server/services/core/config.service.ts b/server/services/core/config.service.ts
index 0a3e789c..792a8225 100644
--- a/server/services/core/config.service.ts
+++ b/server/services/core/config.service.ts
@@ -42,7 +42,7 @@ class ConfigService extends TcService {
       },
     });
 
-    this.registerAuthWhitelist(['/config/client']);
+    this.registerAuthWhitelist(['/client']);
   }
 
   /**
diff --git a/server/services/core/user/user.service.ts b/server/services/core/user/user.service.ts
index 00f847ba..de55df89 100644
--- a/server/services/core/user/user.service.ts
+++ b/server/services/core/user/user.service.ts
@@ -201,7 +201,7 @@ class UserService extends TcService {
       visibility: 'public',
     });
 
-    this.registerAuthWhitelist(['/user/forgetPassword', '/user/resetPassword']);
+    this.registerAuthWhitelist(['/forgetPassword', '/resetPassword']);
   }
 
   /**
diff --git a/server/services/openapi/bot.service.ts b/server/services/openapi/bot.service.ts
index 69321821..36f40275 100644
--- a/server/services/openapi/bot.service.ts
+++ b/server/services/openapi/bot.service.ts
@@ -24,7 +24,7 @@ class OpenBotService extends TcService {
       visibility: 'public',
     });
 
-    this.registerAuthWhitelist(['/openapi/bot/login']);
+    this.registerAuthWhitelist(['/bot/login']);
   }
 
   /**