New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

添加获取客户端鉴权token的能力 #249

Closed

HollisMeynell opened this issue Oct 22, 2024 · 0 comments

Labels

Contributor

HollisMeynell commented Oct 22, 2024

详细描述
对开放的服务端口, 如果有特殊的功能有权限限制(比如管理员 qq 才能响应), 目前没办法验证消息是否是真的来自qq还是伪造的, onebot 协议是可以伪造客户端 qq, 发送群号跟发送者 qq, 甚至消息内容都可以捏个合法的包并且没法验证

希望利用 onebot 的连接token功能, 既可以公开无 token 连接, 也可以给有提供正确token的客户端进行"安全认证"

HollisMeynell added the enhancement label

HollisMeynell mentioned this issue

✨ Added get bot authorization token #250

Merged

MisakaTAT closed this as completed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment