diff --git a/composer.json b/composer.json index 7d3444dc98..a1300c179b 100644 --- a/composer.json +++ b/composer.json @@ -22,7 +22,6 @@ "illuminate/database": "^10.0", "illuminate/pagination": "^10.0", "irazasyed/telegram-bot-sdk": "^3", - "khanamiryan/qrcode-detector-decoder": "*", "lcobucci/jwt": "^5.0", "league/omnipay": "^3.2.1", "mailgun/mailgun-php": "^3", @@ -59,7 +58,7 @@ }, "require-dev": { "nunomaduro/phpinsights": "*", - "phpunit/phpunit": "^10.2" + "phpunit/phpunit": "^10.4" }, "scripts": { "update-dev-windows": [ diff --git a/composer.lock b/composer.lock index 2fdeca9631..f0704c821c 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "f976870cacdcfc65b6258d49ca0ff3af", + "content-hash": "a968baf5a7521ed5df3bc6127e9230c7", "packages": [ { "name": "anankke/omnipay-alipay", @@ -123,16 +123,16 @@ }, { "name": "aws/aws-sdk-php", - "version": "3.283.1", + "version": "3.283.2", "source": { "type": "git", "url": "https://github.com/aws/aws-sdk-php.git", - "reference": "0d1857ca3392ec9f8ee0b1605ba09842cced6351" + "reference": "6616677d76e39af28138512740199d38a461859f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/0d1857ca3392ec9f8ee0b1605ba09842cced6351", - "reference": "0d1857ca3392ec9f8ee0b1605ba09842cced6351", + "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/6616677d76e39af28138512740199d38a461859f", + "reference": "6616677d76e39af28138512740199d38a461859f", "shasum": "" }, "require": { @@ -212,9 +212,9 @@ "support": { "forum": "https://forums.aws.amazon.com/forum.jspa?forumID=80", "issues": "https://github.com/aws/aws-sdk-php/issues", - "source": "https://github.com/aws/aws-sdk-php/tree/3.283.1" + "source": "https://github.com/aws/aws-sdk-php/tree/3.283.2" }, - "time": "2023-10-05T18:07:42+00:00" + "time": "2023-10-06T18:09:54+00:00" }, { "name": "bacon/bacon-qr-code", @@ -1813,64 +1813,6 @@ }, "time": "2021-10-08T21:21:46+00:00" }, - { - "name": "khanamiryan/qrcode-detector-decoder", - "version": "2.0.2", - "source": { - "type": "git", - "url": "https://github.com/khanamiryan/php-qrcode-detector-decoder.git", - "reference": "8d53cbecaa32f1e56a3be58bb3055ac31774ecd0" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/khanamiryan/php-qrcode-detector-decoder/zipball/8d53cbecaa32f1e56a3be58bb3055ac31774ecd0", - "reference": "8d53cbecaa32f1e56a3be58bb3055ac31774ecd0", - "shasum": "" - }, - "require": { - "php": ">=8.1" - }, - "require-dev": { - "phpunit/phpunit": "^7.5 | ^8.0 | ^9.0", - "rector/rector": "^0.13.6", - "symplify/easy-coding-standard": "^11.0", - "vimeo/psalm": "^4.24" - }, - "type": "library", - "autoload": { - "files": [ - "lib/Common/customFunctions.php" - ], - "psr-4": { - "Zxing\\": "lib/" - } - }, - "notification-url": "https://packagist.org/downloads/", - "license": [ - "MIT", - "Apache-2.0" - ], - "authors": [ - { - "name": "Ashot Khanamiryan", - "email": "a.khanamiryan@gmail.com", - "homepage": "https://github.com/khanamiryan", - "role": "Developer" - } - ], - "description": "QR code decoder / reader", - "homepage": "https://github.com/khanamiryan/php-qrcode-detector-decoder/", - "keywords": [ - "barcode", - "qr", - "zxing" - ], - "support": { - "issues": "https://github.com/khanamiryan/php-qrcode-detector-decoder/issues", - "source": "https://github.com/khanamiryan/php-qrcode-detector-decoder/tree/2.0.2" - }, - "time": "2022-11-17T10:54:53+00:00" - }, { "name": "lcobucci/jwt", "version": "5.0.0", @@ -8113,16 +8055,16 @@ }, { "name": "phpunit/phpunit", - "version": "10.4.0", + "version": "10.4.1", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/phpunit.git", - "reference": "9784e877e3700de37475545bdbdce8383ff53d25" + "reference": "62bd7af13d282deeb95650077d28ba3600ca321c" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/9784e877e3700de37475545bdbdce8383ff53d25", - "reference": "9784e877e3700de37475545bdbdce8383ff53d25", + "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/62bd7af13d282deeb95650077d28ba3600ca321c", + "reference": "62bd7af13d282deeb95650077d28ba3600ca321c", "shasum": "" }, "require": { @@ -8194,7 +8136,7 @@ "support": { "issues": "https://github.com/sebastianbergmann/phpunit/issues", "security": "https://github.com/sebastianbergmann/phpunit/security/policy", - "source": "https://github.com/sebastianbergmann/phpunit/tree/10.4.0" + "source": "https://github.com/sebastianbergmann/phpunit/tree/10.4.1" }, "funding": [ { @@ -8210,7 +8152,7 @@ "type": "tidelift" } ], - "time": "2023-10-06T03:41:22+00:00" + "time": "2023-10-08T05:01:11+00:00" }, { "name": "psr/cache", @@ -9178,32 +9120,32 @@ }, { "name": "slevomat/coding-standard", - "version": "8.13.4", + "version": "8.14.0", "source": { "type": "git", "url": "https://github.com/slevomat/coding-standard.git", - "reference": "4b2af2fb17773656d02fbfb5d18024ebd19fe322" + "reference": "5cb40fa9c1808efad471f8db5ee795ef36720d5f" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/slevomat/coding-standard/zipball/4b2af2fb17773656d02fbfb5d18024ebd19fe322", - "reference": "4b2af2fb17773656d02fbfb5d18024ebd19fe322", + "url": "https://api.github.com/repos/slevomat/coding-standard/zipball/5cb40fa9c1808efad471f8db5ee795ef36720d5f", + "reference": "5cb40fa9c1808efad471f8db5ee795ef36720d5f", "shasum": "" }, "require": { "dealerdirect/phpcodesniffer-composer-installer": "^0.6.2 || ^0.7 || ^1.0", "php": "^7.2 || ^8.0", - "phpstan/phpdoc-parser": "^1.23.0", + "phpstan/phpdoc-parser": "^1.23.1", "squizlabs/php_codesniffer": "^3.7.1" }, "require-dev": { "phing/phing": "2.17.4", "php-parallel-lint/php-parallel-lint": "1.3.2", - "phpstan/phpstan": "1.10.26", - "phpstan/phpstan-deprecation-rules": "1.1.3", - "phpstan/phpstan-phpunit": "1.3.13", + "phpstan/phpstan": "1.10.37", + "phpstan/phpstan-deprecation-rules": "1.1.4", + "phpstan/phpstan-phpunit": "1.3.14", "phpstan/phpstan-strict-rules": "1.5.1", - "phpunit/phpunit": "7.5.20|8.5.21|9.6.8|10.2.6" + "phpunit/phpunit": "8.5.21|9.6.8|10.3.5" }, "type": "phpcodesniffer-standard", "extra": { @@ -9227,7 +9169,7 @@ ], "support": { "issues": "https://github.com/slevomat/coding-standard/issues", - "source": "https://github.com/slevomat/coding-standard/tree/8.13.4" + "source": "https://github.com/slevomat/coding-standard/tree/8.14.0" }, "funding": [ { @@ -9239,7 +9181,7 @@ "type": "tidelift" } ], - "time": "2023-07-25T10:28:55+00:00" + "time": "2023-10-07T09:18:52+00:00" }, { "name": "squizlabs/php_codesniffer", diff --git a/config/.config.example.php b/config/.config.example.php index 8af0b95eca..097b374764 100644 --- a/config/.config.example.php +++ b/config/.config.example.php @@ -89,7 +89,8 @@ $_ENV['rememberMeDuration'] = 7; //登录时记住账号时长天数 $_ENV['timeZone'] = 'Asia/Taipei'; //需使用 PHP 兼容的时区格式 $_ENV['theme'] = 'tabler'; //默认主题 -$_ENV['jump_delay'] = 1200; //跳转延时,单位ms,不建议太长 +$_ENV['locale'] = 'zh-TW'; //默认语言 +$_ENV['jump_delay'] = 1200; //跳转延时,单位ms $_ENV['keep_connect'] = false; // 流量耗尽用户限速至 1Mbps // cdn.jsdelivr.net / fastly.jsdelivr.net / gcore.jsdelivr.net / testingcf.jsdelivr.net diff --git a/phpunit.xml b/phpunit.xml index 18307b791e..961fe9fae7 100644 --- a/phpunit.xml +++ b/phpunit.xml @@ -1,6 +1,6 @@ node_iplimit = 0; $user->node_speedlimit = 0; $user->theme = $_ENV['theme']; + $user->locale = $_ENV['locale']; $user->ga_token = MFA::generateGaToken(); $user->ga_enable = 0; diff --git a/src/Controllers/AuthController.php b/src/Controllers/AuthController.php index a4e4405e44..9f2fb0f7b6 100644 --- a/src/Controllers/AuthController.php +++ b/src/Controllers/AuthController.php @@ -65,15 +65,11 @@ public function login(ServerRequest $request, Response $response, array $args): */ public function loginHandle(ServerRequest $request, Response $response, array $args): Response|ResponseInterface { - if (Setting::obtain('enable_login_captcha')) { - $ret = Captcha::verify($request->getParams()); - - if (! $ret) { - return $response->withJson([ - 'ret' => 0, - 'msg' => '系统无法接受你的验证结果,请刷新页面后重试。', - ]); - } + if (Setting::obtain('enable_login_captcha') && ! Captcha::verify($request->getParams())) { + return $response->withJson([ + 'ret' => 0, + 'msg' => '系统无法接受你的验证结果,请刷新页面后重试。', + ]); } $antiXss = new AntiXSS(); @@ -83,9 +79,10 @@ public function loginHandle(ServerRequest $request, Response $response, array $a $email = strtolower(trim($antiXss->xss_clean($request->getParam('email')))); $redir = Cookie::get('redir') === '' ? $antiXss->xss_clean(Cookie::get('redir')) : '/user'; $user = User::where('email', $email)->first(); + $loginIp = new LoginIp(); if ($user === null) { - (new LoginIp())->collectLoginIP($_SERVER['REMOTE_ADDR'], 1); + $loginIp->collectLoginIP($_SERVER['REMOTE_ADDR'], 1); return $response->withJson([ 'ret' => 0, @@ -94,7 +91,7 @@ public function loginHandle(ServerRequest $request, Response $response, array $a } if (! Hash::checkPassword($user->pass, $passwd)) { - (new LoginIp())->collectLoginIP($_SERVER['REMOTE_ADDR'], 1, $user->id); + $loginIp->collectLoginIP($_SERVER['REMOTE_ADDR'], 1, $user->id); return $response->withJson([ 'ret' => 0, @@ -102,24 +99,13 @@ public function loginHandle(ServerRequest $request, Response $response, array $a ]); } - if ($user->ga_enable) { - if (strlen($code) !== 6) { - (new LoginIp())->collectLoginIP($_SERVER['REMOTE_ADDR'], 1, $user->id); + if ($user->ga_enable && (strlen($code) !== 6 || ! MFA::verifyGa($user, $code))) { + $loginIp->collectLoginIP($_SERVER['REMOTE_ADDR'], 1, $user->id); - return $response->withJson([ - 'ret' => 0, - 'msg' => '两步验证码错误', - ]); - } - - if (! MFA::verifyGa($user, $code)) { - (new LoginIp())->collectLoginIP($_SERVER['REMOTE_ADDR'], 1, $user->id); - - return $response->withJson([ - 'ret' => 0, - 'msg' => '两步验证码错误', - ]); - } + return $response->withJson([ + 'ret' => 0, + 'msg' => '两步验证码错误', + ]); } $time = 3600; @@ -130,7 +116,7 @@ public function loginHandle(ServerRequest $request, Response $response, array $a Auth::login($user->id, $time); // 记录登录成功 - (new LoginIp())->collectLoginIP($_SERVER['REMOTE_ADDR'], 0, $user->id); + $loginIp->collectLoginIP($_SERVER['REMOTE_ADDR'], 0, $user->id); $user->last_login_time = time(); $user->save(); @@ -268,7 +254,6 @@ public static function registerHelper( $user->forbidden_port = Setting::obtain('reg_forbidden_port'); $user->im_type = $imtype; $user->im_value = $imvalue; - $user->transfer_enable = Tools::toGB($configs['sign_up_for_free_traffic']); $user->invite_num = $configs['sign_up_for_invitation_codes']; $user->auto_reset_day = Setting::obtain('free_user_reset_day'); @@ -292,7 +277,6 @@ public static function registerHelper( $user->ga_token = MFA::generateGaToken(); $user->ga_enable = 0; - $user->class_expire = date('Y-m-d H:i:s', time() + (int) $configs['sign_up_for_class_time'] * 86400); $user->class = $configs['sign_up_for_class']; $user->node_iplimit = $configs['connection_ip_limit']; @@ -300,6 +284,7 @@ public static function registerHelper( $user->reg_date = date('Y-m-d H:i:s'); $user->reg_ip = $_SERVER['REMOTE_ADDR']; $user->theme = $_ENV['theme']; + $user->locale = $_ENV['locale']; $random_group = Setting::obtain('random_group'); if ($random_group === '') { @@ -340,15 +325,11 @@ public function registerHandle(ServerRequest $request, Response $response, array return ResponseHelper::error($response, '未开放注册。'); } - if (Setting::obtain('enable_reg_captcha')) { - $ret = Captcha::verify($request->getParams()); - if (! $ret) { - return ResponseHelper::error($response, '系统无法接受你的验证结果,请刷新页面后重试。'); - } + if (Setting::obtain('enable_reg_captcha') && ! Captcha::verify($request->getParams())) { + return ResponseHelper::error($response, '系统无法接受你的验证结果,请刷新页面后重试。'); } $antiXss = new AntiXSS(); - $tos = $request->getParam('tos') === 'true' ? 1 : 0; $email = strtolower(trim($antiXss->xss_clean($request->getParam('email')))); $name = $antiXss->xss_clean($request->getParam('name')); @@ -383,11 +364,13 @@ public function registerHandle(ServerRequest $request, Response $response, array // check email format $check_res = Tools::isEmailLegal($email); + if ($check_res['ret'] === 0) { return $response->withJson($check_res); } // check email $user = User::where('email', $email)->first(); + if ($user !== null) { return ResponseHelper::error($response, '邮箱已经被注册了'); } @@ -418,6 +401,7 @@ public function registerHandle(ServerRequest $request, Response $response, array public function logout(ServerRequest $request, Response $response, $next): Response { Auth::logout(); + return $response->withStatus(302) ->withHeader('Location', '/auth/login'); } diff --git a/src/Services/Bot/Slack/.gitkeep b/src/Services/Bot/Slack/.gitkeep new file mode 100644 index 0000000000..e69de29bb2 diff --git a/src/Utils/GeoIP2.php b/src/Services/GeoIP2.php similarity index 97% rename from src/Utils/GeoIP2.php rename to src/Services/GeoIP2.php index f2b0e66d81..616d69f282 100644 --- a/src/Utils/GeoIP2.php +++ b/src/Services/GeoIP2.php @@ -2,7 +2,7 @@ declare(strict_types=1); -namespace App\Utils; +namespace App\Services; use GeoIp2\Database\Reader; use GeoIp2\Exception\AddressNotFoundException; diff --git a/src/Services/Subscribe/SingBox.php b/src/Services/Subscribe/SingBox.php index 972e0b6d35..e058181e34 100644 --- a/src/Services/Subscribe/SingBox.php +++ b/src/Services/Subscribe/SingBox.php @@ -95,8 +95,7 @@ public function getContent($user): string $alter_id = $node_custom_config['alter_id'] ?? '0'; $security = $node_custom_config['security'] ?? 'auto'; $transport = ($node_custom_config['network'] ?? '') === 'tcp' ? '' : $node_custom_config['network']; - $host = []; - $host[] = $node_custom_config['header']['request']['headers']['Host'][0] ?? + $host = $node_custom_config['header']['request']['headers']['Host'][0] ?? $node_custom_config['host'] ?? ''; $path = $node_custom_config['header']['request']['path'][0] ?? $node_custom_config['path'] ?? ''; $headers = $node_custom_config['header']['request']['headers'] ?? []; @@ -111,7 +110,6 @@ public function getContent($user): string 'security' => $security, 'alter_id' => (int) $alter_id, 'tls' => [ - 'enabled' => $node_custom_config['security'] === 'tls', 'server_name' => $host, ], 'transport' => [ @@ -143,7 +141,6 @@ public function getContent($user): string 'server_port' => (int) $trojan_port, 'password' => $user->uuid, 'tls' => [ - 'enabled' => true, 'server_name' => $host, 'insecure' => (bool) $allow_insecure, ], diff --git a/src/Utils/ClassHelper.php b/src/Utils/ClassHelper.php index 4c5bc264fb..42480f8124 100644 --- a/src/Utils/ClassHelper.php +++ b/src/Utils/ClassHelper.php @@ -30,6 +30,7 @@ public function getClassesByNamespace($namespace): array } $termUpper = strtoupper($namespace); + return array_filter($this->getClasses(), static function ($class) use ($termUpper) { $className = strtoupper($class); if (str_starts_with($className, $termUpper) && diff --git a/src/Utils/QRcode.php b/src/Utils/QRcode.php deleted file mode 100644 index 5b830c6b53..0000000000 --- a/src/Utils/QRcode.php +++ /dev/null @@ -1,41 +0,0 @@ -text(); - } catch (Exception $e) { - $text = ''; - } - - if ($text === '') { - return null; - } - - return $text; - } -} diff --git a/src/Utils/Tools.php b/src/Utils/Tools.php index d350ed9b12..81f6b95b96 100644 --- a/src/Utils/Tools.php +++ b/src/Utils/Tools.php @@ -8,6 +8,7 @@ use App\Models\Setting; use App\Models\User; use App\Services\Config; +use App\Services\GeoIP2; use GeoIp2\Exception\AddressNotFoundException; use MaxMind\Db\Reader\InvalidDatabaseException; use function array_diff; diff --git a/tests/App/Utils/QRcodeTest.php b/tests/App/Utils/QRcodeTest.php deleted file mode 100644 index ba4dc8d395..0000000000 --- a/tests/App/Utils/QRcodeTest.php +++ /dev/null @@ -1,35 +0,0 @@ -assertSame($expectedText, $result); - } - - /** - * @covers App\Utils\QRcode::decode - */ - public function testDecodeWithInvalidData(): void - { - $invalidImg = __DIR__ . '/invalid.png'; - - $result = QRcode::decode($invalidImg); - - $this->assertNull($result); - } -} diff --git a/tests/App/Utils/qrcode.png b/tests/App/Utils/qrcode.png deleted file mode 100644 index db332db98d..0000000000 Binary files a/tests/App/Utils/qrcode.png and /dev/null differ