最近在自己2u512mb 小鸡建了个one hub,白嫖佬友的api,结果最近发现登不上了,当我尝试多次重启docker无果,并且发现之前遗留下的token仍然能正常中转api时,我吃下了懒得配置邮箱服务器和没有用密码管理器好好管理每个网站的恶果其实我只有9个白嫖的渠道,但是就是懒得重新配置了
但是此时我想起来,既然one hub在docker compose里有俩数据库,我密码是不是能访问到呢
于是我连接上了mysql数据库,和oneapi数据库
但是我发现其内容是难以解密的bcrypt加密,使用语句修改密码为admin的bcrypt加密格式
但是发现仍然无法登录
幸亏查询到了access_token,通过 curl -H "Authorization: Bearer {toekn}" http://localhost:3000/api/user/1 可以返回用户信息
但是想通过
curl -X POST http://localhost:3000/api/user/reset-password \ -H "Authorization: Bearer {token}" \ -H "Content-Type: application/json" \ -d '{"username":"root","password":"new_password123"}'
修改密码返回错误{"error":{"code":"","message":"Invalid URL (POST /api/user/reset-password)","type":"invalid_request_error"}}
于是这事就不了了之了,沉默了几天后,我发现我这个ip绑定的另外一个域名不知怎么cookies居然没丢,就登进去了,于是我获得了通过access_token重置密码的api
curl 'http://127.0.0.1:3000/api/user/self' \
-X 'PUT' \
-H 'Accept: application/json, text/plain, */*' \
-H 'Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6' \
-H 'Content-Type: application/json' \
-b 'session={token}' \
-H 'DNT: 1' \
-H 'Origin: http://127.0.0.1:3000' \
-H 'Proxy-Connection: keep-alive' \
-H 'Referer: http://127.0.0.1:3000/panel/profile' \
-H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0' \
--data-raw '{"id":1,"username":"root","password":{passwd},"display_name":"Root User","role":100,"status":1,"email":"","avatar_url":"","github_id":"","github_id_new":0,"wechat_id":"","telegram_id":0,"lark_id":"","verification_code":"","access_token":{token},"quota":99736488,"used_quota":263512,"request_count":44,"group":"default","aff_code":"","aff_count":0,"aff_quota":0,"aff_history_quota":0,"inviter_id":0,"last_login_time":1740839577,"created_time":0}' \
--insecure
这个token是浏览器登录后获得,不知道是不是必填信息,如果有人也像我一样忘了密码,可以尝试尝试