From c62e95fda621b188ac132bc8f7419f7b1eaa49eb Mon Sep 17 00:00:00 2001 From: CwkDark <177549718+CwkDark@users.noreply.github.com> Date: Fri, 23 Aug 2024 01:59:46 +0800 Subject: [PATCH] [All] signer version verification (#541) * [All] signer version verification * add empty signer version info warning --- Lagrange.Core/BotContext.cs | 10 +++---- Lagrange.OneBot/Utility/OneBotSigner.cs | 39 +++++++++++++++++++++++-- 2 files changed, 42 insertions(+), 7 deletions(-) diff --git a/Lagrange.Core/BotContext.cs b/Lagrange.Core/BotContext.cs index 1544cad04..6892a33a1 100644 --- a/Lagrange.Core/BotContext.cs +++ b/Lagrange.Core/BotContext.cs @@ -16,9 +16,9 @@ public class BotContext : IDisposable internal readonly ContextCollection ContextCollection; - private readonly BotAppInfo _appInfo; + public BotAppInfo AppInfo { get; } - private readonly BotConfig _config; + public BotConfig Config { get; } private readonly BotDeviceInfo _deviceInfo; @@ -29,12 +29,12 @@ internal BotContext(BotConfig config, BotDeviceInfo deviceInfo, BotKeystore keys Invoker = new EventInvoker(this); Scheduler = new Utility.TaskScheduler(); - _config = config; - _appInfo = BotAppInfo.ProtocolToAppInfo[config.Protocol]; + Config = config; + AppInfo = BotAppInfo.ProtocolToAppInfo[config.Protocol]; _deviceInfo = deviceInfo; _keystore = keystore; - ContextCollection = new ContextCollection(_keystore, _appInfo, _deviceInfo, _config, Invoker, Scheduler); + ContextCollection = new ContextCollection(_keystore, AppInfo, _deviceInfo, Config, Invoker, Scheduler); } public void Dispose() diff --git a/Lagrange.OneBot/Utility/OneBotSigner.cs b/Lagrange.OneBot/Utility/OneBotSigner.cs index 7112c4e43..fece40cda 100644 --- a/Lagrange.OneBot/Utility/OneBotSigner.cs +++ b/Lagrange.OneBot/Utility/OneBotSigner.cs @@ -1,10 +1,10 @@ using System.Diagnostics.CodeAnalysis; using System.Net; -using System.Net.Http.Headers; using System.Net.Http.Json; using System.Text; using System.Text.Json; using System.Text.Json.Nodes; +using Lagrange.Core; using Lagrange.Core.Utility.Sign; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Logging; @@ -13,12 +13,20 @@ namespace Lagrange.OneBot.Utility; public class OneBotSigner : SignProvider { + private ILogger _logger; + private readonly string? _signServer; private readonly HttpClient _client; - public OneBotSigner(IConfiguration config, ILogger logger) + private readonly string platform; + + private readonly string version; + + public OneBotSigner(IConfiguration config, ILogger logger, BotContext bot) { + _logger = logger; + _signServer = config["SignServerUrl"] ?? ""; string? signProxyUrl = config["SignProxyUrl"]; // Only support HTTP proxy @@ -33,6 +41,15 @@ public OneBotSigner(IConfiguration config, ILogger logger) }, disposeHandler: true); if (string.IsNullOrEmpty(_signServer)) logger.LogWarning("Signature Service is not available, login may be failed"); + + platform = bot.Config.Protocol switch + { + Lagrange.Core.Common.Protocols.Windows => "Windows", + Lagrange.Core.Common.Protocols.MacOs => "MacOs", + Lagrange.Core.Common.Protocols.Linux => "Linux", + _ => "Unknown" + }; + version = bot.AppInfo.CurrentVersion; } public override byte[]? Sign(string cmd, uint seq, byte[] body, [UnscopedRef] out byte[]? e, [UnscopedRef] out string? t) @@ -59,6 +76,24 @@ public OneBotSigner(IConfiguration config, ILogger logger) if (message.StatusCode != HttpStatusCode.OK) throw new Exception($"Signer server returned a {message.StatusCode}"); var json = JsonDocument.Parse(message.Content.ReadAsStream()).RootElement; + if (json.TryGetProperty("platform", out JsonElement platformJson)) + { + if (platformJson.GetString() != platform) throw new Exception("Signer platform mismatch"); + } + else + { + _logger.LogWarning("Signer platform miss"); + } + + if (json.TryGetProperty("version", out JsonElement versionJson)) + { + if (versionJson.GetString() != version) throw new Exception("Signer version mismatch"); + } + else + { + _logger.LogWarning("Signer version miss"); + } + var valueJson = json.GetProperty("value"); var extraJson = valueJson.GetProperty("extra"); var tokenJson = valueJson.GetProperty("token");