LamGC/oracle-manager
1
0
Fork 0
mirror of https://github.com/LamGC/oracle-manager.git synced 2025-04-29 22:27:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: 默认启用 Profile 所有人检查, 以防止潜在的欺诈攻击.

Browse Source
This commit is contained in:
LamGC 2022-04-22 13:38:10 +08:00
parent 5f245513f0
commit f8a94e42d4
Signed by: LamGC
GPG Key ID: 6C5AE2A913941E1D
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/main/kotlin/OracleAccountExtension.kt
View File

@ -297,7 +297,7 @@ class OracleAccountManagerExtension(private val bot: BaseAbilityBot) : AbilityEx
.replyMarkup(newKeyboardMarkup) .replyMarkup(newKeyboardMarkup)
.build() .build()
bot.silent().execute(editMessageText) bot.silent().execute(editMessageText)
}, callbackQueryAt("oc_account_manager")) }, callbackQueryAt("oc_account_manager"), checkCallbackQueryIsProfileOwner())
fun editOracleAccount(): Reply = Reply.of({ bot, upd -> fun editOracleAccount(): Reply = Reply.of({ bot, upd ->
val keyboardCallback = upd.callbackQuery.callbackData val keyboardCallback = upd.callbackQuery.callbackData
@ -321,7 +321,7 @@ class OracleAccountManagerExtension(private val bot: BaseAbilityBot) : AbilityEx
.replyMarkup(newKeyboardMarkup) .replyMarkup(newKeyboardMarkup)
.build() .build()
bot.silent().execute(editMessageReplyMarkup) bot.silent().execute(editMessageReplyMarkup)
}, callbackQueryAt("oc_account_edit")) }, callbackQueryAt("oc_account_edit"), checkCallbackQueryIsProfileOwner())
fun removeOracleAccount(): Reply = ReplyFlow.builder(bot.db()) fun removeOracleAccount(): Reply = ReplyFlow.builder(bot.db())
.action { bot, upd -> .action { bot, upd ->
@ -345,7 +345,9 @@ class OracleAccountManagerExtension(private val bot: BaseAbilityBot) : AbilityEx
.build() .build()
.execute(bot.silent()) .execute(bot.silent())
} }
.onlyIf(callbackQueryAt("oc_account_remove")) .onlyIf {
callbackQueryAt("oc_account_remove")(it) && checkCallbackQueryIsProfileOwner()(it)
}
.next(Reply.of({ bot, upd -> .next(Reply.of({ bot, upd ->
val profile = getProfileByCallback(upd.callbackQuery.callbackData) val profile = getProfileByCallback(upd.callbackQuery.callbackData)
val result = val result =
@ -362,7 +364,7 @@ class OracleAccountManagerExtension(private val bot: BaseAbilityBot) : AbilityEx
.replyMarkup(InlineKeyboardMarkup.builder().clearKeyboard().build()) .replyMarkup(InlineKeyboardMarkup.builder().clearKeyboard().build())
.build() .build()
.execute(bot.silent()) .execute(bot.silent())
}, callbackQueryAt("oc_account_remove_yes"))) }, callbackQueryAt("oc_account_remove_yes"), checkCallbackQueryIsProfileOwner()))
.build() .build()
fun changeOracleAccountName(): Reply = ReplyFlow.builder(bot.db()) fun changeOracleAccountName(): Reply = ReplyFlow.builder(bot.db())
@ -404,7 +406,12 @@ class OracleAccountManagerExtension(private val bot: BaseAbilityBot) : AbilityEx
logger.error(e) { "更新 Oracle 账号时发生错误." } logger.error(e) { "更新 Oracle 账号时发生错误." }
bot.silent().send("更新 Oracle 账号名称时发生错误,请联系机器人管理员。", upd.message.chatId) bot.silent().send("更新 Oracle 账号名称时发生错误,请联系机器人管理员。", upd.message.chatId)
} }
}, { upd -> upd.hasMessage() && upd.message.hasText() })) }, { upd ->
upd.hasMessage() && upd.message.hasText() && bot.db().getVar<String>(
"oc_account_change_name::cache::chat_${upd.message.chatId}::user_${upd.message.from.id}::profile"
)
.get() != null
}))
.build() .build()
fun clearUnusedAccessKey(): Ability = Ability.builder() fun clearUnusedAccessKey(): Ability = Ability.builder()