[GH-ISSUE #66] Bug:Auth权限绕过 #51

New issue

Closed

opened 2026-03-03 11:55:41 +03:00 by kerem · 1 comment

kerem commented

2026-03-03 11:55:41 +03:00

Owner

Originally created by @Eminlin on GitHub (Jun 30, 2021).
Original GitHub issue: https://github.com/Finb/bark-server/issues/66

首先很感谢各位开发者的贡献，使用 bark 很久了

服务开启 auth 并设置用户名密码之后，请求 https://domain.com/token/ 会绕过权限验证，直接向手机发送 NoContent 提醒。

携带内容就不会绕过 auth 认证，例如 https://domain.com/token/hello 没有携带 auth 会提示 i'm a teapot

GoVersion:1.16.5
IOS 13.7
RepoVersion:abf2b76
BarkVersion:1.1.6
CentOS 7

Originally created by @Eminlin on GitHub (Jun 30, 2021). Original GitHub issue: https://github.com/Finb/bark-server/issues/66 首先很感谢各位开发者的贡献，使用 bark 很久了服务开启 auth 并设置用户名密码之后，请求 https://domain.com/token/ 会绕过权限验证，直接向手机发送 NoContent 提醒。携带内容就不会绕过 auth 认证，例如 https://domain.com/token/hello 没有携带 auth 会提示 i'm a teapot GoVersion:1.16.5 IOS 13.7 RepoVersion:abf2b76 BarkVersion:1.1.6 CentOS 7

kerem closed this issue

2026-03-03 11:55:41 +03:00

kerem commented

2026-03-03 11:55:42 +03:00

Author

Owner

@Eminlin commented on GitHub (Jun 30, 2021):

bark 服务日志：

Jun 30 18:12:03 iZwz9ht5uwpdcrbsi0ob00Z bark-server_linux_amd64[10143]: 2021-06-30 18:12:03     INFO    127.0.0.1 -> [200] GET 178.463725ms /:device_key => /u34mFgGsometokenJZY7N/

响应结果：

{"code":200,"message":"success","timestamp":1625047923}

@Eminlin commented on GitHub (Jun 30, 2021): bark 服务日志： ``` Jun 30 18:12:03 iZwz9ht5uwpdcrbsi0ob00Z bark-server_linux_amd64[10143]: 2021-06-30 18:12:03 INFO 127.0.0.1 -> [200] GET 178.463725ms /:device_key => /u34mFgGsometokenJZY7N/ ``` 响应结果： ``` {"code":200,"message":"success","timestamp":1625047923} ```