Skip to content

Feat on_websocket_receive #59

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Ice9Coffee wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Feat on_websocket_receive #59

Ice9Coffee wants to merge 2 commits into from

Conversation

@Ice9Coffee
Copy link

@Ice9Coffee Ice9Coffee commented Sep 7, 2021

现有的hook函数无法在ws收到消息时,对不可信的OneBot进行验证。

添加on_websocket_receive接口,在每次调用websocket.receice()后、其他处理前调用钩子函数,可用于实现安全认证。

stdrc
stdrc reviewed Sep 11, 2021
View reviewed changes
@stdrc stdrc requested a review from cleoold September 11, 2021 03:06
@cleoold
Copy link
Member

cleoold commented Sep 14, 2021
edited
Loading

有什麽特別的用處嗎;可信是什麽意思;ws 需要在每個 packet 中每次都發驗證信息嗎?

@stdrc
Copy link
Member

stdrc commented Sep 14, 2021

有什麽特別的用處嗎;可信是什麽意思

之前咖啡佬跟我讨论了,这个作用在于当用 aiocqhttp 作为一个公开 OneBot 服务端时,可能会有恶意用户发来过长、过分复杂(导致 json.loads 失败/耗时)的消息,允许设置一个过滤函数,可以避免这种情况

@cleoold
Copy link
Member

cleoold commented Sep 14, 2021

please rebase commits into one; 'fxxking' is annoying

@Ice9Coffee Ice9Coffee force-pushed the feat-on_websocket_receive branch from e3b49b5 to 44d5e5b Compare September 14, 2021 09:32
@Ice9Coffee Ice9Coffee force-pushed the feat-on_websocket_receive branch from 44d5e5b to 3768b26 Compare September 14, 2021 09:46
stdrc
stdrc requested changes Sep 21, 2021
View reviewed changes
aiocqhttp/__init__.py
self._add_wsr_api_client()
try:
while True:
payload = await websocket.receive()
Copy link
Member

@stdrc stdrc Sep 21, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

突然一下有点迷惑了,这里返回的是 str 还是 bytes,下面用的是 json.loads,但 _on_wsr_receive_func 的参数却是 bytes

另外就是,_on_wsr_receive_func 如何表达“payload 不合法”呢?是不是 563 行调用的时候接个异常、或检查是否为 None 会比较好;或者干脆让 _on_wsr_receive_func 不能修改 payload,只需要返回 bool 就行了(为什么会需要修改 payload 呢)。

on_websocket_receive 注释里应该写 _on_wsr_receive_func 中判断到不合法 payload 报错的例子,毕竟这才是它真正的用处,而不是直接原样返回的例子。

Copy link
Member

@stdrc stdrc Sep 21, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

对了,docs/changelog.md 也需要改下,小标题先用 master

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stdrc stdrc stdrc requested changes

@cleoold cleoold Awaiting requested review from cleoold

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Ice9Coffee @cleoold @stdrc