search

MikeWang000000 / Natter

Expose your TCP/UDP port behind full-cone NAT to the Internet.
GNU General Public License v3.0
1.31k stars 107 forks source link

Invalid format for X-Auth-Key header #95

Open Whichbfj28 opened 3 weeks ago

Whichbfj28 commented 3 weeks ago 
 # docker logs -f  natter
2024-06-06 09:57:03 [I] Natter v2.0.1
2024-06-06 09:57:07 [I] 
2024-06-06 09:57:07 [I] tcp://192.168.0.168:82 <--socket--> tcp://192.168.0.168:35727 <--Natter--> tcp://120..*.*.*:13055
2024-06-06 09:57:07 [I] 
2024-06-06 09:57:07 [I] Calling script: /opt/cf-redir.py
Setting [ nat.*.com ] DNS to [ 120.*.*.*] proxied by CloudFlare...
Traceback (most recent call last):
  File "/opt/cf-redir.py", line 228, in <module>
    main()
  File "/opt/cf-redir.py", line 20, in main
    cf.set_a_record(cf_redirect_host, public_ip, proxied=True)
  File "/opt/cf-redir.py", line 39, in set_a_record
    zone_id = self._find_zone_id(name)
              ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/cf-redir.py", line 79, in _find_zone_id
    data = self._url_req(
           ^^^^^^^^^^^^^^
  File "/opt/cf-redir.py", line 74, in _url_req
    raise RuntimeError(ret["errors"])
RuntimeError: [{'code': 6003, 'message': 'Invalid request headers', 'error_chain': [{'code': 6103, 'message': 'Invalid format for X-Auth-Key header'}]}]
2024-06-06 09:57:12 [I] LAN > 192.168.0.168:82      [ OPEN ]
2024-06-06 09:57:12 [I] LAN > 192.168.0.168:35727   [ OPEN ]
2024-06-06 09:57:12 [I] LAN > 120.*.*.*:13055 [ OPEN ]
2024-06-06 09:57:13 [I] WAN > 120.*.*.*:13055 [ OPEN ]
2024-06-06 09:57:13 [I]

发生 'Invalid format for X-Auth-Key header错误 nginx-cf【docker】 cf-redir.py代码如下。其他的未修改

cf_redirect_to_https    = False
cf_redirect_host        = "nat.*.com"
cf_direct_host          = "nat1.*.com"
cf_auth_email           = "email@example.com"
cf_auth_key             = "lSnikL-***"

cf的api测试命令运行结果: {"result":{"id":"244d0da","status":"active"},"success":true,"errors":[],"messages":[{"code":10000,"message":"This API Token is valid and active","type":null}]}

Whichbfj28 commented 3 weeks ago

已经找到问题了 不支持权限控制的api令牌。只支持全局的api令牌 image

建议增加支持权限控制的api。比较安全

MikeWang000000 commented 2 days ago

仓库内置的脚本是作为示例使用的,所以选择了步骤比较简单的 Global API key。

https://github.com/MikeWang000000/Natter/blob/f8257e8cff8f013202d9af9d0f9af4d986c1c718/natter-docker/minecraft/cf-srv.py#L28-L32

上面的代码,修改为这样就可以使用 Token:

self.opener.addheaders = [
    ("X-Auth-Email",    auth_email),
    ("Authorization",   "Bearer %s" % auth_key),
    ("Content-Type",    "application/json")
]