From 6928942121b84175b71f041f1034ce7df895d428 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=A4=A7=E7=9F=B3=E5=A4=B4?= <nnhy@vip.qq.com>
Date: Mon, 2 Sep 2024 10:06:31 +0800
Subject: [PATCH] =?UTF-8?q?[fix]=E4=BF=AE=E6=AD=A3=E5=BA=94=E7=94=A8?=
 =?UTF-8?q?=E6=B3=A8=E5=86=8C=E6=97=B6=E5=AF=86=E9=92=A5=E4=B8=BA=E7=A9=BA?=
 =?UTF-8?q?=E5=AF=BC=E8=87=B4Verify=E9=AA=8C=E8=AF=81=E6=8A=A5=E9=94=99?=
 =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Stardust.Server/Services/NodeService.cs     | 4 +++-
 Stardust.Server/Services/RegistryService.cs | 3 ++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/Stardust.Server/Services/NodeService.cs b/Stardust.Server/Services/NodeService.cs
index e7b810d7..8d91ec0d 100644
--- a/Stardust.Server/Services/NodeService.cs
+++ b/Stardust.Server/Services/NodeService.cs
@@ -7,6 +7,7 @@
 using NewLife.Security;
 using NewLife.Serialization;
 using NewLife.Web;
+using Stardust.Data;
 using Stardust.Data.Nodes;
 using Stardust.Data.Platform;
 using Stardust.Models;
@@ -43,8 +44,9 @@ public Boolean Auth(Node node, String secret, LoginInfo inf, String ip, StarServ
         }
 
         if (node.Secret.IsNullOrEmpty()) return true;
+        if (node.Secret == secret) return true;
         //return !secret.IsNullOrEmpty() && !secret.IsNullOrEmpty() && (node.Secret == secret || node.Secret.MD5() == secret);
-        if (!_passwordProvider.Verify(node.Secret, secret))
+        if (secret.IsNullOrEmpty() || !_passwordProvider.Verify(node.Secret, secret))
         {
             WriteHistory(node, "节点鉴权", false, "密钥校验失败", ip);
             return false;
diff --git a/Stardust.Server/Services/RegistryService.cs b/Stardust.Server/Services/RegistryService.cs
index 035355c5..bb475658 100644
--- a/Stardust.Server/Services/RegistryService.cs
+++ b/Stardust.Server/Services/RegistryService.cs
@@ -52,7 +52,8 @@ public Boolean Auth(App app, String secret, String ip, String clientId)
 
         // 未设置密钥，直接通过
         if (app.Secret.IsNullOrEmpty()) return true;
-        if (!_passwordProvider.Verify(app.Secret, secret))
+        if (app.Secret == secret) return true;
+        if (secret.IsNullOrEmpty() || !_passwordProvider.Verify(app.Secret, secret))
         {
             app.WriteHistory("应用鉴权", false, "密钥校验失败", null, ip, clientId);
             return false;