release 5.0.2

hiltay · hiltay · commit b1af79e8ae7c · 2022-10-10T21:10:15.000+08:00
diff --git a/README.md b/README.md
@@ -5,7 +5,7 @@
 部署教程：[文档](https://fcircle-doc.yyyzyyyz.cn/) | [备用地址](https://fcircle-doc.is-a.dev/)
 
 ```
-5.0.1 支持：
+5.0.2 支持：
 - 更好的前端样式
 - 新增前端管理面板，告别繁琐的配置，管理朋友圈更加方便
 - 支持 gitee 和 github 上的 issues 友链获取
@@ -25,7 +25,7 @@
 - 提供一个简单的快速部署脚本
 
 最近改动：
-- 接口bug修复
-- 移动端适配和前端样式修复
+- 修复可能出现的安全问题
+- volantis抓取错位修复
 ```
 
diff --git a/api_dependencies/dependencies.py b/api_dependencies/dependencies.py
@@ -21,19 +21,6 @@ def verify_password(plain_password, hashed_password):
     return pwd_context.verify(plain_password, hashed_password)
 
 
-def get_or_create_token(password: str):
-    password_hash = create_password_hash(password)
-    return password_hash
-    # try:
-    #     payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
-    #     return payload
-    #     username: str = payload.get("sub")
-    #     if username is None:
-    #         raise credentials_exception
-    # except JWTError:
-    #     return "123"
-
-
 def encode_access_token(data: dict, secert_key: str,
                         expires_delta: timedelta = timedelta(days=ACCESS_TOKEN_EXPIRE_DAYS)):
     to_encode = data.copy()
diff --git a/api_dependencies/leancloud/leancloudapi.py b/api_dependencies/leancloud/leancloudapi.py
@@ -382,18 +382,14 @@ async def login_(password: str):
     query.limit(10)
 
     try:
-        query.select('password', "token")
+        query.select('password')
         res = query.first()
         obj_id = res.id
         # 保存了pwd，通过pwd验证
         if dep.verify_password(password, res.get("password")):
             # 更新token
             data = {"password_hash": res.get("password")}
             token = dep.encode_access_token(data, secret_key)
-            auth.create_without_data(obj_id).destroy()
-            auth_db.set("password", res.get("password"))
-            auth_db.set("token", token)
-            auth_db.save()
         else:
             # 401
             return format_response.CredentialsException
@@ -405,7 +401,6 @@ async def login_(password: str):
         data = {"password_hash": password_hash}
         token = dep.encode_access_token(data, secret_key)
         auth_db.set("password", password_hash)
-        auth_db.set("token", token)
         auth_db.save()
     except:
         return format_response.CredentialsException
diff --git a/api_dependencies/mongodb/mongodbapi.py b/api_dependencies/mongodb/mongodbapi.py
@@ -194,15 +194,13 @@ async def login_(password: str):
         # 未保存pwd，生成对应token并保存
         data = {"password_hash": password_hash}
         token = dep.encode_access_token(data, secret_key)
-        auth.insert_one({"password": password_hash, "token": token})
+        auth.insert_one({"password": password_hash})
     elif auth_count == 1:
         # 保存了pwd，通过pwd验证
         if dep.verify_password(password, auth_res["password"]):
             # 更新token
             data = {"password_hash": auth_res["password"]}
             token = dep.encode_access_token(data, secret_key)
-            insert_stat = {"password": auth_res["password"], "token": token}
-            auth.replace_one({"password": auth_res["password"]}, insert_stat, upsert=True)
         else:
             # 401
             return format_response.CredentialsException
diff --git a/api_dependencies/sql/sqlapi.py b/api_dependencies/sql/sqlapi.py
@@ -282,15 +282,14 @@ async def login_(password: str):
         # 未保存pwd，生成对应token并保存
         data = {"password_hash": password_hash}
         token = dep.encode_access_token(data, secret_key)
-        tb_obj = Auth(password=password_hash, token=token)
+        tb_obj = Auth(password=password_hash)
         session.add(tb_obj)
     elif len(auth) == 1:
         # 保存了pwd，通过pwd验证
         if dep.verify_password(password, auth[0].password):
             # 更新token
             data = {"password_hash": auth[0].password}
             token = dep.encode_access_token(data, secret_key)
-            session.query(Auth).filter_by(password=auth[0].password).update({"token": token})
         else:
             # 401
             return format_response.CredentialsException
diff --git a/hexo_circle_of_friends/models.py b/hexo_circle_of_friends/models.py
@@ -43,7 +43,6 @@ class Auth(AbstractBase):
     __tablename__ = 'auth'
     id = Column(Integer, primary_key=True, autoincrement=True)
     password = Column(String(1024))
-    token = Column(String(1024))
 
 
 class Secret(AbstractBase):
diff --git a/hexo_circle_of_friends/scrapy_conf.py b/hexo_circle_of_friends/scrapy_conf.py
@@ -1,5 +1,5 @@
 ############################## 除非您了解本项目，否则请勿修改本文件 ################################
-VERSION = "5.0.1"
+VERSION = "5.0.2"
 
 # debug
 # debug模式
diff --git a/hexo_circle_of_friends/utils/get_url.py b/hexo_circle_of_friends/utils/get_url.py
@@ -106,7 +106,7 @@ def get_volantis_url(self, response, queue):
         if not name:
             name = response.css('a.friend-card span::text').extract()
         if not name:
-            name = response.css('a.friend-card p::text').extract()
+            name = response.css('a.friend-card p.friend-name::text').extract()
         self.handle(avatar, link, name, queue, "volantis")
 
     def get_Yun_url(self, response, queue):
