From 8a25cedba37f6f983268fcf2245ee0ad3080c3ae Mon Sep 17 00:00:00 2001
From: Akkariin Meiko <akkariins@gmail.com>
Date: Thu, 3 Dec 2020 04:18:55 +0800
Subject: [PATCH] Fixed node disable not working issues
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

修复节点禁用不起作用的问题
---
 api/index.php | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/api/index.php b/api/index.php
index 3afe762..eab97c5 100755
--- a/api/index.php
+++ b/api/index.php
@@ -29,6 +29,21 @@ $nm = new NodeManager();
 // 服务端 API 部分
 // 先进行 Frps 鉴权
 if((isset($_GET['apitoken']) && $_GET['apitoken'] == API_TOKEN) || (isset($_GET['action']) && $_GET['action'] == "getconf")) {
+	
+	if(isset($_GET['apitoken'])) {
+		// 取得节点 ID
+		$expToken = explode("|", $_GET['apitoken']);
+		if(count($expToken) !== 2 || !preg_match("/^[0-9]{1,5}$/", $expToken[1])) {
+			Utils::sendServerForbidden("Invalid Node ID");
+		} elseif($expToken[0] !== API_TOKEN) {
+			Utils::sendServerForbidden("Invalid API Token");
+		}
+		$switchNode = Intval($expToken[1]);
+		if(!$nm->isNodeAvailable($switchNode)) {
+			Utils::sendServerForbidden("This server is current not available");
+		}
+	}
+	
 	switch($_GET['action']) {
 		case "getconf":
 			// 精简了一下，用户名可以不用了
@@ -63,6 +78,10 @@ if((isset($_GET['apitoken']) && $_GET['apitoken'] == API_TOKEN) || (isset($_GET[
 					$userToken = Database::escape($_GET['user']);
 					$rs = Database::querySingleLine("tokens", ["token" => $userToken]);
 					if($rs) {
+						$userName = Database::escape($rs['username']);
+						if(!$nm->isUserHasPermission($userName, $switchNode)) {
+							Utils::sendServerForbidden("You have no permission to connect this server");
+						}
 						Utils::sendLoginSuccessful("Login successful, welcome!");
 					} else {
 						Utils::sendServerForbidden("Login failed");
@@ -92,7 +111,8 @@ if((isset($_GET['apitoken']) && $_GET['apitoken'] == API_TOKEN) || (isset($_GET[
 								$rs = Database::querySingleLine("proxies", [
 									"username"    => $username,
 									"remote_port" => $remotePort,
-									"proxy_type"  => $proxyType
+									"proxy_type"  => $proxyType,
+									"node"        => $switchNode
 								]);
 								if($rs) {
 									if($rs['status'] !== "0") {
@@ -116,7 +136,8 @@ if((isset($_GET['apitoken']) && $_GET['apitoken'] == API_TOKEN) || (isset($_GET[
 								$domainSQL = (isset($_GET['domain']) && !empty($_GET['domain'])) ? ["domain" => $domain] : ["subdomain" => $subdomain];
 								$querySQL  = [
 									"username"   => $username,
-									"proxy_type" => $proxyType
+									"proxy_type" => $proxyType,
+									"node"       => $switchNode
 								];
 								$querySQL  = Array_merge($querySQL, $domainSQL);
 								$rs        = Database::querySingleLine("proxies", $querySQL);