search

Innei / Shiro

📜 A minimalist personal website embodying the purity of paper and freshness of snow.
https://innei.in
Other
3.47k stars 757 forks source link

登录后马上登出 #472

Closed SkyDependence closed 3 weeks ago

SkyDependence commented 1 month ago

Describe the bug

在页面使用主人账号登录后,会马上登出:

15:31:09  WARN   [UserService]  主人已登录,IP: 141.25.45.145
15:31:09  WARN   [AllExceptionsFilter]  IP: 141.25.45.145 错误信息:(401) 未登录 Path: /api/v2/options/url

shiro版本: 1.2.2 Mixspace面板版本: 4.7.3 Mixspace系统版本:7.1.7

我是在自己的一台服务器上用docker部署的Mixspace和shiro,使用nginx反代,nginx配置如下:

server {
    listen 80;
    listen 443 ssl http2 ; 
    ## 绑定域名 
    server_name www.skydevs.link; 
    index index.html; 
    proxy_set_header Host $host; 
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
    proxy_set_header X-Forwarded-Host $server_name; 
    proxy_set_header Upgrade $http_upgrade; 
    proxy_set_header Connection "upgrade"; 
    error_log /www/sites/www.skydevs.link/log/error.log;
    access_log /www/sites/www.skydevs.link/log/access.log; 
    location /socket.io {
        proxy_set_header Upgrade $http_upgrade; 
        proxy_set_header Connection "Upgrade"; 
        proxy_set_header Host $host; 
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
        proxy_set_header X-Forwarded-Proto $scheme; 
        proxy_pass http://127.0.0.1:2333/socket.io; 
    }
    location /api/v2 {
        proxy_pass http://127.0.0.1:2333/api/v2; 
    }
    location /render {
        proxy_pass http://127.0.0.1:2333/render; 
    }
    location / {
        proxy_pass http://127.0.0.1:2323; 
    }
    location /qaqdmin {
        proxy_pass http://127.0.0.1:2333/proxy/qaqdmin;
    }
    location /proxy {
        proxy_pass http://127.0.0.1:2333/proxy;
    }
    location ~* \/(feed|sitemap|atom.xml) {
        proxy_pass http://127.0.0.1:2333/$1; 
    }
    ssl_certificate /www/sites/www.skydevs.link/ssl/fullchain.pem; 
    ssl_certificate_key /www/sites/www.skydevs.link/ssl/private.key; 
    ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1; 
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; 
    ssl_prefer_server_ciphers on; 
    ssl_session_cache shared:SSL:10m; 
    ssl_session_timeout 10m; 
    error_page 497 https://$host$request_uri; 
    limit_conn perserver 300; 
    limit_conn perip 25; 
    limit_rate 512k; 
}

当我在服务器内使用命令:curl -X GET https://skydevs.link/api/v2/options/url \ -H "Authorization: Bearer $TOKEN" \ -v,TOKEN为我浏览器中存在Cookies里的mx-token的值,请求是成功的:

< HTTP/2 200
< date: Sat, 12 Oct 2024 03:40:17 GMT
< content-type: application/json; charset=utf-8
< content-length: 167
< vary: Origin
< access-control-allow-origin: skydevs.link
< access-control-allow-credentials: true
< cdn-cache-control: private, max-age=0, no-cache, no-store, must-revalidate
< cache-control: private, max-age=0, no-cache, no-store, must-revalidate
< cf-cache-status: DYNAMIC
{
  "data": {
    "ws_url": "https://skydevs.link",
    "admin_url": "https://skydevs.link/proxy/qaqdmin",
    "server_url": "https://skydevs.link/api/v2",
    "web_url": "https://skydevs.link"
  }
}

我的浏览器请求https://skydevs.link/api/v2/options/url时的请求头为:

:authority: skydevs.link
:method: GET
:path: /api/v2/options/url
:scheme: https

accept: */*
accept-encoding: gzip, deflate, br, zstd
accept-language: zh-CN,zh;q=0.9
cookie: 
  __Host-authjs.csrf-token=token; 
  __Secure-authjs.callback-url=https%3A%2F%2Fskydevs.link%2Fproxy%2Fqaqdmin%23%2Fmaintenance%2Flog%3Ftab%3D1; 
  mx-token=token
priority: u=1, i
referer: https://skydevs.link/login?redirect=%2F

sec-ch-ua: "Google Chrome";v="129", "Not=A?Brand";v="8", "Chromium";v="129"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-origin
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

另:我的mixspace后台总是有奇奇怪怪(?)的警告和报错,而且ip都是来自我自己的服务器的,不清楚这个是否和我登入后会退出有关:

03:26:36  WARN   [AllExceptionsFilter]  IP: 141.56.45.233 错误信息:(404) 数据..不小心丢失了啦 π_π Path: /api/v2/posts/get-url/My-new-post
06:05:22  WARN   [AllExceptionsFilter]  IP: 141.56.45.233 错误信息:(404) 数据..不小心丢失了啦 π_π Path: /api/v2/pages/slug/odinhttpcall1728684321
06:05:22  WARN   [AllExceptionsFilter]  IP: 141.56.45.233 错误信息:(404) 真不巧,内容走丢了 o(╥﹏╥)o Path: /api/v2/pages/slug/odinhttpcall1728684321
06:05:22  WARN   [AllExceptionsFilter]  IP: 141.56.45.233 错误信息:(404) 数据..不小心丢失了啦 π_π Path: /api/v2/pages/slug/sdk
06:05:22  WARN   [AllExceptionsFilter]  IP: 141.56.45.233 错误信息:(404) 电波无法到达 ωω Path: /api/v2/pages/slug/sdk
06:05:23  WARN   [AllExceptionsFilter]  IP: 141.56.45.233 错误信息:(404) 404, 这也不是我的错啦 (๐•̆ ·̭ •̆๐) Path: /api/v2/pages/slug/OdinHttpCall1728684321
06:05:23  WARN   [AllExceptionsFilter]  IP: 141.56.45.233 错误信息:(404) 嘿,这里空空如也,不如别处走走? Path: /api/v2/pages/slug/OdinHttpCall1728684321
06:05:26  WARN   [AllExceptionsFilter]  IP: 141.56.45.233 错误信息:(404) 404, 这也不是我的错啦 (๐•̆ ·̭ •̆๐) Path: /api/v2/pages/slug/HNAP1
06:05:26  WARN   [AllExceptionsFilter]  IP: 141.56.45.233 错误信息:(404) 电波无法到达 ωω Path: /api/v2/pages/slug/HNAP1
06:05:29  WARN   [AllExceptionsFilter]  IP: 141.56.45.233 错误信息:(404) 404, 这也不是我的错啦 (๐•̆ ·̭ •̆๐) Path: /api/v2/pages/slug/query
06:05:29  WARN   [AllExceptionsFilter]  IP: 141.56.45.233 错误信息:(404) 嘿,这里空空如也,不如别处走走? Path: /api/v2/pages/slug/query
06:14:52  WARN   [AllExceptionsFilter]  IP: 141.56.45.233 错误信息:(404) 404, 这也不是我的错啦 (๐•̆ ·̭ •̆๐) Path: /api/v2/pages/slug/WuEL
06:14:52  WARN   [AllExceptionsFilter]  IP: 141.56.45.233 错误信息:(404) 嘿,这里空空如也,不如别处走走? Path: /api/v2/pages/slug/WuEL
06:15:00  WARN   [AllExceptionsFilter]  IP: 141.56.45.233 错误信息:(404) 数据..不小心丢失了啦 π_π Path: /api/v2/pages/slug/a
06:15:00  WARN   [AllExceptionsFilter]  IP: 141.56.45.233 错误信息:(404) 电波无法到达 ωω Path: /api/v2/pages/slug/a
06:15:08  WARN   [AllExceptionsFilter]  IP: 141.56.45.233 错误信息:(404) 电波无法到达 ωω Path: /api/v2/pages/slug/SiteLoader
06:15:08  WARN   [AllExceptionsFilter]  IP: 141.56.45.233 错误信息:(404) 404, 这也不是我的错啦 (๐•̆ ·̭ •̆๐) Path: /api/v2/pages/slug/SiteLoader
06:15:12  WARN   [AllExceptionsFilter]  IP: 141.56.45.233 错误信息:(404) 电波无法到达 ωω Path: /api/v2/pages/slug/mPlayer
06:15:12  WARN   [AllExceptionsFilter]  IP: 141.56.45.233 错误信息:(404) 数据..不小心丢失了啦 π_π Path: /api/v2/pages/slug/mPlayer
06:44:54  ERROR   [Catch]  EISDIR: illegal operation on a directory, read
07:26:50 ℹ  [GodPHP]  注意了,有人正在搞渗透,让我看看是谁,是哪个小坏蛋这么不听话。

Path: /api/v2/pages/slug/.env
IP: 141.56.45.233
UA: node

而且我的mixspace后端的总点赞数一直都是0:

image

但是前端是有计数的:

image

(>人<;) 拜托大佬帮我解答疑惑!

Reproduction

在主页双击左上角头像,进入登录页面,登录成功后,网站右上角会显示主人头像,但是不能在网站进行任何管理操作,点击进入轻面板会显示未授权,MixSpace后台日志为:

15:31:09  WARN   [UserService]  主人已登录,IP: 141.25.45.145
15:31:09  WARN   [AllExceptionsFilter]  IP: 141.25.45.145 错误信息:(401) 未登录 Path: /api/v2/options/url

Validations

Alcexn commented 1 month ago

遇到了一样的问题。我是迁移后出现的问题

Alcexn commented 1 month ago

问问你解决了吗

Alcexn commented 1 month ago

新版貌似有bug。我回退到1.20版本正常,你可以试试。

SkyDependence commented 1 month ago

问问你解决了吗

还没有

SkyDependence commented 1 month ago

新版貌似有bug。我回退到1.20版本正常,你可以试试。

好的,谢谢你

Illustar0 commented 1 month ago

Shiroi也有这个问题

liyown commented 3 weeks ago

新版貌似有bug。我回退到1.20版本正常,你可以试试。

好的,谢谢你

我回滚到1.2依然是这样的,你的好了吗

Innei commented 3 weeks ago

Fixed in 7a3aab68086ea60585d32bf849f46e1a36412b85