Open
Conversation
stdrc
reviewed
Sep 11, 2021
Member
|
有什麽特別的用處嗎;可信是什麽意思;ws 需要在每個 packet 中每次都發驗證信息嗎? |
Member
之前咖啡佬跟我讨论了,这个作用在于当用 aiocqhttp 作为一个公开 OneBot 服务端时,可能会有恶意用户发来过长、过分复杂(导致 |
Member
|
please rebase commits into one; 'fxxking' is annoying |
Ice9Coffee
force-pushed
the
feat-on_websocket_receive
branch
from
e3b49b5 to
44d5e5b
Compare
Ice9Coffee
force-pushed
the
feat-on_websocket_receive
branch
from
44d5e5b to
3768b26
Compare
stdrc
requested changes
Sep 21, 2021
| self._add_wsr_api_client() | ||
| try: | ||
| while True: | ||
| payload = await websocket.receive() |
Member
There was a problem hiding this comment.
突然一下有点迷惑了,这里返回的是 str 还是 bytes,下面用的是 json.loads,但 _on_wsr_receive_func 的参数却是 bytes。
另外就是,_on_wsr_receive_func 如何表达“payload 不合法”呢?是不是 563 行调用的时候接个异常、或检查是否为 None 会比较好;或者干脆让 _on_wsr_receive_func 不能修改 payload,只需要返回 bool 就行了(为什么会需要修改 payload 呢)。
on_websocket_receive 注释里应该写 _on_wsr_receive_func 中判断到不合法 payload 报错的例子,毕竟这才是它真正的用处,而不是直接原样返回的例子。
Member
There was a problem hiding this comment.
对了,docs/changelog.md 也需要改下,小标题先用 master
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
现有的hook函数无法在ws收到消息时,对不可信的OneBot进行验证。
添加on_websocket_receive接口,在每次调用websocket.receice()后、其他处理前调用钩子函数,可用于实现安全认证。