fix: 修复漏洞

SilianZ · SilianZ · commit d715e3fff0a3 · 2024-08-31T11:05:03.000+08:00
diff --git a/core/__init__.py b/core/__init__.py
@@ -52,8 +52,10 @@ async def syncFiles():
             await cluster.disable()
         if cluster.socket:
             await cluster.socket.socket.disconnect()
-        if cluster.site:
-            await cluster.site.stop()
+        if cluster.http_site:
+            await cluster.http_site.stop()
+        if cluster.https_site:
+            await cluster.https_site.stop()
         if scheduler.state == 1:
             scheduler.shutdown()
         logger.tsuccess("main.success.stopped")
diff --git a/core/cluster.py b/core/cluster.py
@@ -94,7 +94,8 @@ def __init__(self) -> None:
         self.server = None
         self.failed_filelist = FileList(files=[])
         self.enabled = False
-        self.site = None
+        self.https_site = None
+        self.http_site = None
 
     async def fetchFileList(self) -> None:
         logger.tinfo("cluster.info.filelist.fetching")
@@ -250,17 +251,23 @@ async def listen(self, https: bool, port: int) -> None:
         try:
             ssl_context = None
             if https:
-                ssl_context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
+                ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
                 ssl_context.load_cert_chain(
                     certfile=Path(Config.get("advanced.paths.cert")),
                     keyfile=Path(Config.get("advanced.paths.key")),
                 )
+                ssl_context.check_hostname = False
             self.server = web.AppRunner(self.application)
             await self.server.setup()
-            self.site = web.TCPSite(
-                self.server, "0.0.0.0", port, ssl_context=ssl_context
+            if https:
+                self.https_site = web.TCPSite(
+                    self.server, "0.0.0.0", port, ssl_context=ssl_context
+                )
+                await self.https_site.start()
+            self.http_site = web.TCPSite(
+                self.server, "0.0.0.0", port
             )
-            await self.site.start()
+            await self.http_site.start()
             logger.tsuccess("cluster.success.listen", port=port)
         except Exception as e:
             logger.terror("cluster.error.listen", e=e)
diff --git a/core/router.py b/core/router.py
@@ -13,20 +13,10 @@ def __init__(self, app: web.Application, storages: List[Storage]) -> None:
         self.secret = Config.get("cluster.secret")
         self.storages = storages
         self.counters = Counters(hits=0, bytes=0)
-
-    def route(self, path, method="GET"):
-        def decorator(func):
-            @wraps(func)
-            async def wrapper(request: web.Request):
-                return await func(request)
-
-            self.app.router.add_route(method, path, wrapper)
-            return wrapper
-
-        return decorator
+        self.route = web.RouteTableDef()
 
     def init(self) -> None:
-        @self.route("/download/{hash}")
+        @self.route.get("/download/{hash}")
         async def _(
             request: web.Request,
         ) -> Union[web.Response, web.FileResponse, web.StreamResponse]:
@@ -42,7 +32,7 @@ async def _(
             self.counters.hits += data["hits"]
             return response
 
-        @self.route("/measure/{size}")
+        @self.route.get("/measure/{size}")
         async def _(request: web.Request) -> web.StreamResponse:
             try:
                 size = int(request.match_info.get("size", "0"))
@@ -71,3 +61,5 @@ async def _(request: web.Request) -> web.StreamResponse:
 
             except ValueError:
                 return web.Response(status=400)
+        
+        self.app.add_routes(self.route)
