bugfix

2026-05-09 16:42:25 +08:00 · 2026-05-09 16:42:25 +08:00 · ec30b57b23
commit ec30b57b23
parent dd3fc6e37a
2 changed files with 29 additions and 22 deletions
--- a/ahserver/auth_api.py
+++ b/ahserver/auth_api.py
@ -20,9 +20,27 @@ from appPublic.dictObject import DictObject
 from appPublic.rsawrap import RSA
 from appPublic.log import info, debug, warning, error, critical, exception

-def get_client_ip(obj, request):
+class CustomTktAuth(auth.SessionTktAuthentication):
+	async def get_ticket(self, request):
+		# 1. 优先尝试从你手动设置的缓存中取
+		manual_ticket = request.get('WssCookies')
+		if manual_ticket:
+			return manual_ticket
+
+		# 2. 如果没有，再走原有的 Headers/Cookies 逻辑
+		return await super().get_ticket(request)
+	def _get_ip(self, request):
 		return request['client_ip']

+	def _new_ticket(self, request, user_id):
+		client_uuid = request.headers.get('client_uuid')
+		ip = self._get_ip(request)
+		valid_until = int(time.time()) + self._max_age
+		return self._ticket.new(user_id, 
+						valid_until=valid_until, 
+						client_ip=ip, 
+						user_data=client_uuid)
+
 async def get_session_userinfo(request):
 	d = await auth.get_auth(request)
 	if d is None:
@ -130,19 +148,7 @@ class AuthAPI:
 		if self.conf.website.session_reissue_time:
 			session_reissue_time = self.conf.website.session_reissue_time
 		
-		def _new_ticket(self, request, user_id):
-			client_uuid = request.headers.get('client_uuid')
-			ip = self._get_ip(request)
-			valid_until = int(time.time()) + self._max_age
-			# print(f'hack: my _new_ticket() called ... remote {ip=}, {client_uuid=}')
-			return self._ticket.new(user_id, 
-							valid_until=valid_until, 
-							client_ip=ip, 
-							user_data=client_uuid)
-
-		TktAuthentication._get_ip = get_client_ip
-		TktAuthentication._new_ticket = _new_ticket
-		policy = auth.SessionTktAuthentication(secret, 
+		policy = CustomTktAuth(secret, 
 										session_max_time,
 										reissue_time=session_reissue_time,
 									   include_ip=True)
--- a/ahserver/websocketProcessor.py
+++ b/ahserver/websocketProcessor.py
@ -143,7 +143,8 @@ class WebsocketProcessor(PythonScriptProcessor):
 	async def path_call(self, request,params={}):
 		cookie = request.headers.get('Sec-WebSocket-Protocol', None)
 		if cookie:
-			request.headers['Cookies'] = cookie
+			# request.headers['Cookies'] = cookie
+			request['WssCookies'] = cookie
 			userid = await get_user()
 			debug(f'{cookie=}, {userid=}')
 		await self.set_run_env(request)