From 86986e2632f121e88370dbe8200eabc9a7714a9a Mon Sep 17 00:00:00 2001 From: YuKun Liu <41265098+mrxiaozhuox@users.noreply.github.com> Date: Tue, 23 Nov 2021 09:04:59 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=20ApiKey=E6=8E=A5=E5=8F=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- core/User/UserCenter.js | 317 ++++++++++++----------- package-lock.json | 4 +- route/api.js | 553 +++++++++++++++++++++------------------- 3 files changed, 456 insertions(+), 418 deletions(-) diff --git a/core/User/UserCenter.js b/core/User/UserCenter.js index ba32ea2e..4ed35e23 100644 --- a/core/User/UserCenter.js +++ b/core/User/UserCenter.js @@ -5,176 +5,195 @@ const fs = require("fs"); const USER_DIR = "./" + USER_SAVE_PATH; class UserCenter { - constructor() { - this.userList = {}; - } - - initUser() { - this.userList = {}; - let users = fs.readdirSync(USER_DIR); - let username = null; - let userTemp = null; - //当管理员忘记密码时候使用 - let masterUserCounter = 0; - for (let key in users) { - if (users[key].substr(0, 1) == "#") masterUserCounter++; - username = users[key].replace(".json", ""); - userTemp = new User(username); - userTemp.load(); - this.userList[username] = userTemp; + constructor() { + this.userList = {}; } - //删除所有管理员账号后,自动创建一个新的初始化用户 - if (masterUserCounter == 0) { - this.userList["#master"] = this.register("#master", "123456"); - MCSERVER.log("========================================================"); - MCSERVER.log("管理用户已初始化 | 创建账号: #master 密码 123456"); - MCSERVER.log("========================================================"); - MCSERVER.log("请注意!凡是以 # 符号开头的用户名,均视为管理员账号"); + + initUser() { + this.userList = {}; + let users = fs.readdirSync(USER_DIR); + let username = null; + let userTemp = null; + //当管理员忘记密码时候使用 + let masterUserCounter = 0; + for (let key in users) { + if (users[key].substr(0, 1) == "#") masterUserCounter++; + username = users[key].replace(".json", ""); + userTemp = new User(username); + userTemp.load(); + this.userList[username] = userTemp; + } + //删除所有管理员账号后,自动创建一个新的初始化用户 + if (masterUserCounter == 0) { + this.userList["#master"] = this.register("#master", "123456"); + MCSERVER.log("========================================================"); + MCSERVER.log("管理用户已初始化 | 创建账号: #master 密码 123456"); + MCSERVER.log("========================================================"); + MCSERVER.log("请注意!凡是以 # 符号开头的用户名,均视为管理员账号"); + } } - } - register(username, password) { - let data = createPassword(password, randomString(6)); - let newUser = new User(username, data.password, data.salt); - newUser.save(); - this.userList[username] = newUser; - return newUser; - } + register(username, password) { + let data = createPassword(password, randomString(6)); + let newUser = new User(username, data.password, data.salt); + newUser.save(); + this.userList[username] = newUser; + return newUser; + } - //理应只有管理员可以操作 - rePassword(username, password) { - let data = createPassword(password, randomString(6)); - this.get(username).dataModel.password = data.password; - this.get(username).dataModel.salt = data.salt; - this.userList[username].save(); - } + //理应只有管理员可以操作 + rePassword(username, password) { + let data = createPassword(password, randomString(6)); + this.get(username).dataModel.password = data.password; + this.get(username).dataModel.salt = data.salt; + this.userList[username].save(); + } - //理应只有管理员可以操作 - reUsername(username, newUsername) { - let oldDataModel = this.userList[username].dataModel; - let newUser = new User(newUsername, oldDataModel.password, oldDataModel.salt); - //移植數據 - // for (let k in oldDataModel) { - // if (k == '__filename__') continue; - // newUser.dataModel[k] = oldDataModel[k]; - // } - newUser.dataModel.createDate = oldDataModel.createDate; - newUser.dataModel.lastDate = oldDataModel.lastDate; - newUser.allowedServer(oldDataModel.allowedServer || []); - newUser.save(); - this.userList[newUsername] = newUser; - this.deleteUser(username); - } + //理应只有管理员可以操作 + reUsername(username, newUsername) { + let oldDataModel = this.userList[username].dataModel; + let newUser = new User(newUsername, oldDataModel.password, oldDataModel.salt); + //移植數據 + // for (let k in oldDataModel) { + // if (k == '__filename__') continue; + // newUser.dataModel[k] = oldDataModel[k]; + // } + newUser.dataModel.createDate = oldDataModel.createDate; + newUser.dataModel.lastDate = oldDataModel.lastDate; + newUser.allowedServer(oldDataModel.allowedServer || []); + newUser.save(); + this.userList[newUsername] = newUser; + this.deleteUser(username); + } - loginCheck(username, password, truecb, falsecb, md5key, notSafeLogin = false) { - if (this.userList.hasOwnProperty(username) && this.userList[username] != undefined) { - let loginUser = this.userList[username]; - try { - loginUser.load(); - } catch (err) { - falsecb && falsecb(); - return false; - } + loginCheck(username, password, truecb, falsecb, md5key, notSafeLogin = false) { + if (this.userList.hasOwnProperty(username) && this.userList[username] != undefined) { + let loginUser = this.userList[username]; + try { + loginUser.load(); + } catch (err) { + falsecb && falsecb(); + return false; + } - // 目前只准许 登陆时使用 md5传码方式 ,不准传输明文 - if (md5key && !notSafeLogin) { - let userMd5 = loginUser.getPasswordMD5(); - let md5Passworded = md5(userMd5 + md5key); - let isok = md5Passworded === password; - if (isok) { - loginUser.updateLastDate(); - truecb && truecb(loginUser); - return true; + // 目前只准许 登陆时使用 md5传码方式 ,不准传输明文 + if (md5key && !notSafeLogin) { + let userMd5 = loginUser.getPasswordMD5(); + let md5Passworded = md5(userMd5 + md5key); + let isok = md5Passworded === password; + if (isok) { + loginUser.updateLastDate(); + truecb && truecb(loginUser); + return true; + } + falsecb && falsecb(); + return false; + } + + // 一般模式 供可信任内部代码使用,无需要md5加密传值方式验证。 + // 感谢来自 @axuanfeng 的 BUG 反馈 + if (notSafeLogin && loginUser.isPassword(password)) { + truecb && truecb(loginUser); + return true; + } } falsecb && falsecb(); return false; - } - - // 一般模式 供可信任内部代码使用,无需要md5加密传值方式验证。 - // 感谢来自 @axuanfeng 的 BUG 反馈 - if (notSafeLogin && loginUser.isPassword(password)) { - truecb && truecb(loginUser); - return true; - } } - falsecb && falsecb(); - return false; - } - deleteUser(username) { - let filePath = "./" + USER_SAVE_PATH + username + ".json"; - if (fs.existsSync(filePath)) { - delete this.userList[username]; - fs.unlinkSync(filePath); - return true; + // 同时支持 更新和获取 apiKey + // update 为 False 则返回当前 Key + // update 为 True 则代表替换 Key + // 最终返回当前 ApiKey + apiKey(username, update) { + // 检查用户账户是否存在 + if (this.userList[username]) { + let user = this.userList[username]; + if (update) { + user.updateApiKey(); + const value = user.dataModel.apikey; + user.save(); + return value; + } + return user.dataModel.apikey; + } + return null } - return false; - } - get(username) { - if (this.userList[username]) return this.userList[username]; - return null; - } - isExist(name) { - if (this.userList.hasOwnProperty(name)) { - return true; + deleteUser(username) { + let filePath = "./" + USER_SAVE_PATH + username + ".json"; + if (fs.existsSync(filePath)) { + delete this.userList[username]; + fs.unlinkSync(filePath); + return true; + } + return false; } - return false; - } - - getUserList() { - let list = []; - let data = {}; - let tmp = null; - for (let k in this.userList) { - data = {}; //BUG Note: 引用初始化 - - if (!this.userList[k]) continue; - tmp = this.userList[k].dataModel; - //删除掉一些不可泄露的信息 - data.username = tmp.username; - data.lastDate = tmp.lastDate; - data.createDate = tmp.createDate; - list.push({ - username: this.userList[k].dataModel.username, - data: data, - }); + get(username) { + if (this.userList[username]) return this.userList[username]; + return null; } - return list; - } - getAdvancedUserList() { - const list = []; - for (const name in this.userList) { - // 暴力克隆对象 - const newData = JSON.parse(JSON.stringify(this.userList[name].dataModel)); - // 删除一部分隐私 - delete newData["password"]; - delete newData["salt"]; - delete newData["__filename__"]; - delete newData["apikey"]; - list.push(newData); + isExist(name) { + if (this.userList.hasOwnProperty(name)) { + return true; + } + return false; } - return list; - } - getUserCounter() { - let tmp = 0; - // eslint-disable-next-line no-unused-vars - for (let k in this.userList) tmp++; - return tmp; - } + getUserList() { + let list = []; + let data = {}; + let tmp = null; + for (let k in this.userList) { + data = {}; //BUG Note: 引用初始化 - saveAllUser() { - let objs = this.userList; - for (let k in objs) { - objs[k].save(); + if (!this.userList[k]) continue; + tmp = this.userList[k].dataModel; + //删除掉一些不可泄露的信息 + data.username = tmp.username; + data.lastDate = tmp.lastDate; + data.createDate = tmp.createDate; + list.push({ + username: this.userList[k].dataModel.username, + data: data, + }); + } + return list; } - } - returnUserObjList() { - return this.userList; - } + getAdvancedUserList() { + const list = []; + for (const name in this.userList) { + // 暴力克隆对象 + const newData = JSON.parse(JSON.stringify(this.userList[name].dataModel)); + // 删除一部分隐私 + delete newData["password"]; + delete newData["salt"]; + delete newData["__filename__"]; + delete newData["apikey"]; + list.push(newData); + } + return list; + } + + getUserCounter() { + let tmp = 0; + // eslint-disable-next-line no-unused-vars + for (let k in this.userList) tmp++; + return tmp; + } + + saveAllUser() { + let objs = this.userList; + for (let k in objs) { + objs[k].save(); + } + } + + returnUserObjList() { + return this.userList; + } } -module.exports = UserCenter; +module.exports = UserCenter; \ No newline at end of file diff --git a/package-lock.json b/package-lock.json index fcc5f0a3..20e19ad4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "mcsmanager", - "version": "8.6.23", + "version": "8.7.0", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "mcsmanager", - "version": "8.6.23", + "version": "8.7.0", "license": "MIT", "dependencies": { "body-parser": "^1.17.2", diff --git a/route/api.js b/route/api.js index 8efaadd0..dec2ec33 100644 --- a/route/api.js +++ b/route/api.js @@ -9,321 +9,340 @@ const tools = require("../core/tools"); // 服务端实例状态获取 | 公共性 API 接口 // 无需任何权限判定 -router.all("/status/:name", function (req, res) { - if (MCSERVER.localProperty.allow_status_api) { - res.send("管理员禁止此项功能 | Access denied"); - return; - } - let params = req.params || {}; - let serverName = params.name || ""; - let mcserver = serverModel.ServerManager().getServer(serverName.trim()); - if (mcserver == null) { - res.send("null"); - return; - } - let sendStatus = null; +router.all("/status/:name", function(req, res) { + if (MCSERVER.localProperty.allow_status_api) { + res.send("管理员禁止此项功能 | Access denied"); + return; + } + let params = req.params || {}; + let serverName = params.name || ""; + let mcserver = serverModel.ServerManager().getServer(serverName.trim()); + if (mcserver == null) { + res.send("null"); + return; + } + let sendStatus = null; - // 取缓存资料 - const mcpingResult = mcPingProtocol.QueryMCPingTask(serverName); + // 取缓存资料 + const mcpingResult = mcPingProtocol.QueryMCPingTask(serverName); - // 判断服务器启动状态发送不同的数据 - if (mcserver.isRun() && mcpingResult) { - sendStatus = { - id: serverName, - serverName: mcserver.dataModel.mcpingConfig.mcpingName, - lastDate: mcserver.dataModel.mcpingConfig.lastDate, - status: mcserver.isRun(), - current_players: mcpingResult.current_players, - max_players: mcpingResult.max_players, - motd: mcserver.dataModel.mcpingConfig.mcpingMotd || mcpingResult.motd, - version: mcpingResult.version, - }; - } else { - sendStatus = { - id: serverName, - lastDate: mcserver.dataModel.lastDate, - status: mcserver.isRun(), - }; - } + // 判断服务器启动状态发送不同的数据 + if (mcserver.isRun() && mcpingResult) { + sendStatus = { + id: serverName, + serverName: mcserver.dataModel.mcpingConfig.mcpingName, + lastDate: mcserver.dataModel.mcpingConfig.lastDate, + status: mcserver.isRun(), + current_players: mcpingResult.current_players, + max_players: mcpingResult.max_players, + motd: mcserver.dataModel.mcpingConfig.mcpingMotd || mcpingResult.motd, + version: mcpingResult.version, + }; + } else { + sendStatus = { + id: serverName, + lastDate: mcserver.dataModel.lastDate, + status: mcserver.isRun(), + }; + } - res.send(JSON.stringify(sendStatus)); - res.end(); + res.send(JSON.stringify(sendStatus)); + res.end(); }); // 获取所有实例 | API -router.all("/server_list", function (req, res) { - // 仅仅准许管理员使用 - if (!keyManager.isMaster(apiResponse.key(req))) { - apiResponse.forbidden(res); - return; - } - const list = serverModel.ServerManager().getServerList(); - apiResponse.send(res, list); +router.all("/server_list", function(req, res) { + // 仅仅准许管理员使用 + if (!keyManager.isMaster(apiResponse.key(req))) { + apiResponse.forbidden(res); + return; + } + const list = serverModel.ServerManager().getServerList(); + apiResponse.send(res, list); }); // 创建服务器实例 | API -router.post("/create_server", function (req, res) { - // 仅仅准许管理员使用 - if (!keyManager.isMaster(apiResponse.key(req))) { - apiResponse.forbidden(res); - return; - } - // 解析请求参数 - try { - const params = req.body; - // 创建名判定 - if (!tools.between(params.serverName, 6, 32)) { - apiResponse.error(res, new Error("名字格式不正确")); - return; +router.post("/create_server", function(req, res) { + // 仅仅准许管理员使用 + if (!keyManager.isMaster(apiResponse.key(req))) { + apiResponse.forbidden(res); + return; + } + // 解析请求参数 + try { + const params = req.body; + // 创建名判定 + if (!tools.between(params.serverName, 6, 32)) { + apiResponse.error(res, new Error("名字格式不正确")); + return; + } + // 附加参数解析 + const addList = (params.addCmd || "").split(" "); + params.addCmd = addList; + // 工作目录确定 + params.cwd = params.cwd || ""; + // 创建 + const result = serverModel.createServer(params.serverName, params); + // 返回状态码 + result ? apiResponse.ok(res) : apiResponse.error(res); + } catch (err) { + apiResponse.error(res, err); } - // 附加参数解析 - const addList = (params.addCmd || "").split(" "); - params.addCmd = addList; - // 工作目录确定 - params.cwd = params.cwd || ""; - // 创建 - const result = serverModel.createServer(params.serverName, params); - // 返回状态码 - result ? apiResponse.ok(res) : apiResponse.error(res); - } catch (err) { - apiResponse.error(res, err); - } }); // 删除实例 API -router.all("/delete_server/:name", function (req, res) { - // 仅仅准许管理员使用 - if (!keyManager.isMaster(apiResponse.key(req))) { - apiResponse.forbidden(res); - return; - } - // 解析请求参数 - const params = req.params.name; - try { - serverModel.deleteServer(params); - apiResponse.ok(res); - } catch (err) { - apiResponse.error(res, err); - } - res.end(); +router.all("/delete_server/:name", function(req, res) { + // 仅仅准许管理员使用 + if (!keyManager.isMaster(apiResponse.key(req))) { + apiResponse.forbidden(res); + return; + } + // 解析请求参数 + const params = req.params.name; + try { + serverModel.deleteServer(params); + apiResponse.ok(res); + } catch (err) { + apiResponse.error(res, err); + } + res.end(); }); // 获取所有用户 | API -router.all("/user_list", function (req, res) { - // 仅仅准许管理员使用 - if (!keyManager.isMaster(apiResponse.key(req))) { - apiResponse.forbidden(res); - return; - } - const list = userModel.userCenter().getAdvancedUserList(); - apiResponse.send(res, list); +router.all("/user_list", function(req, res) { + // 仅仅准许管理员使用 + if (!keyManager.isMaster(apiResponse.key(req))) { + apiResponse.forbidden(res); + return; + } + const list = userModel.userCenter().getAdvancedUserList(); + apiResponse.send(res, list); +}); + +// 生成用户KeyAPI | API +router.all("/user_apikey", function(req, res) { + + // 仅仅准许管理员使用 + if (!keyManager.isMaster(apiResponse.key(req))) { + apiResponse.forbidden(res); + return; + } + + const users = userModel.userCenter(); + + let curr_key = users.apiKey(req.query.username, false); + if (curr_key == "") { + curr_key = users.apiKey(req.query.username, true); + } + + apiResponse.send(res, curr_key); }); // 创建用户 | API // params.username // params.password // params.serverList -router.post("/create_user", function (req, res) { - // 仅仅准许管理员使用 - if (!keyManager.isMaster(apiResponse.key(req))) { - apiResponse.forbidden(res); - return; - } - try { - // 账号密码判定 - const uPattern = /^[a-zA-Z0-9_#$]{4,18}$/; - if (!uPattern.test(req.body.username) || !tools.between(req.body.password, 6, 18)) { - apiResponse.error(res, new Error("用户名或密码格式不正确")); - return; +router.post("/create_user", function(req, res) { + // 仅仅准许管理员使用 + if (!keyManager.isMaster(apiResponse.key(req))) { + apiResponse.forbidden(res); + return; } - // 注册用户 - userModel.userCenter().register(req.body.username, req.body.password); - // 注册其名下的服务端实例 - const allowedServerList = []; - const serverList = req.body.serverlist.split(" "); - for (const k in serverList) { - if (serverList[k] != " " && serverList.length > 0) { - allowedServerList.push(serverList[k]); - } + try { + // 账号密码判定 + const uPattern = /^[a-zA-Z0-9_#$]{4,18}$/; + if (!uPattern.test(req.body.username) || !tools.between(req.body.password, 6, 18)) { + apiResponse.error(res, new Error("用户名或密码格式不正确")); + return; + } + // 注册用户 + userModel.userCenter().register(req.body.username, req.body.password); + // 注册其名下的服务端实例 + const allowedServerList = []; + const serverList = req.body.serverlist.split(" "); + for (const k in serverList) { + if (serverList[k] != " " && serverList.length > 0) { + allowedServerList.push(serverList[k]); + } + } + userModel.userCenter().get(req.body.username).allowedServer(allowedServerList); + // 数据模型保存 + userModel.userCenter().get(req.body.username).dataModel.save(); + // 返回状态码 + apiResponse.ok(res); + } catch (err) { + apiResponse.error(res, err); } - userModel.userCenter().get(req.body.username).allowedServer(allowedServerList); - // 数据模型保存 - userModel.userCenter().get(req.body.username).dataModel.save(); - // 返回状态码 - apiResponse.ok(res); - } catch (err) { - apiResponse.error(res, err); - } }); // 删除用户 API -router.all("/delete_user/:name", function (req, res) { - // 仅仅准许管理员使用 - if (!keyManager.isMaster(apiResponse.key(req))) { - apiResponse.forbidden(res); - return; - } - try { - // 解析请求参数 - const userName = req.params.name; - // 注册用户 - userModel.userCenter().deleteUser(userName); - // 返回状态码 - apiResponse.ok(res); - } catch (err) { - apiResponse.error(res, err); - } +router.all("/delete_user/:name", function(req, res) { + // 仅仅准许管理员使用 + if (!keyManager.isMaster(apiResponse.key(req))) { + apiResponse.forbidden(res); + return; + } + try { + // 解析请求参数 + const userName = req.params.name; + // 注册用户 + userModel.userCenter().deleteUser(userName); + // 返回状态码 + apiResponse.ok(res); + } catch (err) { + apiResponse.error(res, err); + } }); // 启动服务器 | API -router.all("/start_server/:name", function (req, res) { - // 用户权限判定 - if (!keyManager.hasServer(apiResponse.key(req), req.params.name)) { - apiResponse.forbidden(res); - return; - } - // 流量限制 | 10 秒间隔 - if (!requestLimit.execute(apiResponse.key(req) + "start_server", 1000 * 10)) { - apiResponse.unavailable(res); - return; - } - try { - // 解析请求参数 - const name = req.params.name; - // 启动服务器 - const result = serverModel.ServerManager().startMinecraftServer(name); - // 返回状态码 - result ? apiResponse.ok(res) : apiResponse.error(res); - } catch (err) { - apiResponse.error(res, err); - } +router.all("/start_server/:name", function(req, res) { + // 用户权限判定 + if (!keyManager.hasServer(apiResponse.key(req), req.params.name)) { + apiResponse.forbidden(res); + return; + } + // 流量限制 | 10 秒间隔 + if (!requestLimit.execute(apiResponse.key(req) + "start_server", 1000 * 10)) { + apiResponse.unavailable(res); + return; + } + try { + // 解析请求参数 + const name = req.params.name; + // 启动服务器 + const result = serverModel.ServerManager().startMinecraftServer(name); + // 返回状态码 + result ? apiResponse.ok(res) : apiResponse.error(res); + } catch (err) { + apiResponse.error(res, err); + } }); // 重启服务器 | API -router.all("/restart_server/:name", function (req, res) { - // 用户权限判定 - if (!keyManager.hasServer(apiResponse.key(req), req.params.name)) { - apiResponse.forbidden(res); - return; - } - // 流量限制 | 60 秒执行一次 - if (!requestLimit.execute(apiResponse.key(req) + "restart_server", 1000 * 60)) { - apiResponse.unavailable(res); - return; - } - try { - // 解析请求参数 - const name = req.params.name; - // 启动服务器 - const result = serverModel.ServerManager().restartServer(name); - // 返回状态码 - result ? apiResponse.ok(res) : apiResponse.error(res); - } catch (err) { - apiResponse.error(res, err); - } +router.all("/restart_server/:name", function(req, res) { + // 用户权限判定 + if (!keyManager.hasServer(apiResponse.key(req), req.params.name)) { + apiResponse.forbidden(res); + return; + } + // 流量限制 | 60 秒执行一次 + if (!requestLimit.execute(apiResponse.key(req) + "restart_server", 1000 * 60)) { + apiResponse.unavailable(res); + return; + } + try { + // 解析请求参数 + const name = req.params.name; + // 启动服务器 + const result = serverModel.ServerManager().restartServer(name); + // 返回状态码 + result ? apiResponse.ok(res) : apiResponse.error(res); + } catch (err) { + apiResponse.error(res, err); + } }); // 关闭服务器 | API -router.all("/stop_server/:name", function (req, res) { - // 用户权限判定 - if (!keyManager.hasServer(apiResponse.key(req), req.params.name)) { - apiResponse.forbidden(res); - return; - } - // 流量限制 | 1 秒间隔 - if (!requestLimit.execute(apiResponse.key(req) + "stop_server", 1000 * 1)) { - apiResponse.unavailable(res); - return; - } - try { - // 解析请求参数 - const name = req.params.name; - // 启动服务器 - const result = serverModel.ServerManager().stopMinecraftServer(name); - // 返回状态码 - result ? apiResponse.ok(res) : apiResponse.error(res); - } catch (err) { - apiResponse.error(res, err); - } +router.all("/stop_server/:name", function(req, res) { + // 用户权限判定 + if (!keyManager.hasServer(apiResponse.key(req), req.params.name)) { + apiResponse.forbidden(res); + return; + } + // 流量限制 | 1 秒间隔 + if (!requestLimit.execute(apiResponse.key(req) + "stop_server", 1000 * 1)) { + apiResponse.unavailable(res); + return; + } + try { + // 解析请求参数 + const name = req.params.name; + // 启动服务器 + const result = serverModel.ServerManager().stopMinecraftServer(name); + // 返回状态码 + result ? apiResponse.ok(res) : apiResponse.error(res); + } catch (err) { + apiResponse.error(res, err); + } }); // 向某服务器执行命令 | API // params.name, params.command -router.post("/execute/", function (req, res) { - // 用户权限判定 - if (!keyManager.hasServer(apiResponse.key(req), req.body.name)) { - apiResponse.forbidden(res); - return; - } - // 流量限制 | 0.5 秒间隔 - if (!requestLimit.execute(apiResponse.key(req) + "execute", 500)) { - apiResponse.unavailable(res); - return; - } - try { - // 解析请求参数 - const params = req.body; - // 判定服务器是否运行 - const server = serverModel.ServerManager().getServer(params.name); - if (!server) return; - if (!server.isRun()) { - apiResponse.error(res, new Error("服务器非运行状态,无法投递命令")); - return; +router.post("/execute/", function(req, res) { + // 用户权限判定 + if (!keyManager.hasServer(apiResponse.key(req), req.body.name)) { + apiResponse.forbidden(res); + return; + } + // 流量限制 | 0.5 秒间隔 + if (!requestLimit.execute(apiResponse.key(req) + "execute", 500)) { + apiResponse.unavailable(res); + return; + } + try { + // 解析请求参数 + const params = req.body; + // 判定服务器是否运行 + const server = serverModel.ServerManager().getServer(params.name); + if (!server) return; + if (!server.isRun()) { + apiResponse.error(res, new Error("服务器非运行状态,无法投递命令")); + return; + } + // 启动服务器 + const result = serverModel.ServerManager().sendMinecraftServer(params.name, params.command); + // 返回状态码 + result ? apiResponse.ok(res) : apiResponse.error(res); + } catch (err) { + apiResponse.error(res, err); } - // 启动服务器 - const result = serverModel.ServerManager().sendMinecraftServer(params.name, params.command); - // 返回状态码 - result ? apiResponse.ok(res) : apiResponse.error(res); - } catch (err) { - apiResponse.error(res, err); - } }); // 创建服务器实例(JSON) | API -router.post("/advanced_create_server", function (req, res) { - // 仅仅准许管理员使用 - if (!keyManager.isMaster(apiResponse.key(req))) { - apiResponse.forbidden(res); - return; - } - // 解析请求参数 - try { - const params = req.body; - const config = JSON.parse(params.config); - // 创建 - const result = serverModel.createServer(params.serverName, config); - // 返回状态码 - result ? apiResponse.ok(res) : apiResponse.error(res); - } catch (err) { - apiResponse.error(res, err); - } +router.post("/advanced_create_server", function(req, res) { + // 仅仅准许管理员使用 + if (!keyManager.isMaster(apiResponse.key(req))) { + apiResponse.forbidden(res); + return; + } + // 解析请求参数 + try { + const params = req.body; + const config = JSON.parse(params.config); + // 创建 + const result = serverModel.createServer(params.serverName, config); + // 返回状态码 + result ? apiResponse.ok(res) : apiResponse.error(res); + } catch (err) { + apiResponse.error(res, err); + } }); // 修改服务器实例(JSON) | API -router.post("/advanced_configure_server", function (req, res) { - // 仅仅准许管理员使用 - if (!keyManager.isMaster(apiResponse.key(req))) { - apiResponse.forbidden(res); - return; - } - // 解析请求参数 - try { - const params = req.body; - const config = JSON.parse(params.config); - // 使用松散配置模式 - config.modify = true; - const server = serverModel.ServerManager().getServer(params.serverName); - if (!server) { - apiResponse.error(res, "服务器并不存在"); - return; +router.post("/advanced_configure_server", function(req, res) { + // 仅仅准许管理员使用 + if (!keyManager.isMaster(apiResponse.key(req))) { + apiResponse.forbidden(res); + return; + } + // 解析请求参数 + try { + const params = req.body; + const config = JSON.parse(params.config); + // 使用松散配置模式 + config.modify = true; + const server = serverModel.ServerManager().getServer(params.serverName); + if (!server) { + apiResponse.error(res, "服务器并不存在"); + return; + } + // 不更名的情况重新构建服务器实例 + server.builder(config); + apiResponse.ok(res); + } catch (err) { + apiResponse.error(res, err); } - // 不更名的情况重新构建服务器实例 - server.builder(config); - apiResponse.ok(res); - } catch (err) { - apiResponse.error(res, err); - } }); //模块导出 -module.exports = router; +module.exports = router; \ No newline at end of file