From 905eef48e38c4049d6c3f1a07afba090b817666a Mon Sep 17 00:00:00 2001
From: Soulter <37870767+Soulter@users.noreply.github.com>
Date: Sun, 7 Sep 2025 00:51:46 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E5=A2=9E=E5=8A=A0=20OneBot=20=E6=9C=8D?=
 =?UTF-8?q?=E5=8A=A1=20Token=20=E4=B8=BA=E7=A9=BA=E6=97=B6=E7=9A=84?=
 =?UTF-8?q?=E5=AE=89=E5=85=A8=E6=8F=90=E9=86=92=20(#2648)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../i18n/locales/en-US/features/platform.json |   5 +
 .../i18n/locales/zh-CN/features/platform.json |   5 +
 dashboard/src/views/PlatformPage.vue          | 105 +++++++++++++++---
 3 files changed, 101 insertions(+), 14 deletions(-)

diff --git a/dashboard/src/i18n/locales/en-US/features/platform.json b/dashboard/src/i18n/locales/en-US/features/platform.json
index 31ce1d2c4..bf5f6150b 100644
--- a/dashboard/src/i18n/locales/en-US/features/platform.json
+++ b/dashboard/src/i18n/locales/en-US/features/platform.json
@@ -29,6 +29,11 @@
       "title": "ID Conflict Warning",
       "message": "Detected duplicate ID \"{id}\". Please use a new ID.",
       "confirm": "OK"
+    },
+    "securityWarning": {
+      "title": "Security Warning",
+      "aiocqhttpTokenMissing": "To enhance connection security, it is strongly recommended to set ws_reverse_token. Not setting a token may lead to security risks.",
+      "learnMore": "Learn More"
     }
   },
   "messages": {
diff --git a/dashboard/src/i18n/locales/zh-CN/features/platform.json b/dashboard/src/i18n/locales/zh-CN/features/platform.json
index f5432ff14..b51a430bc 100644
--- a/dashboard/src/i18n/locales/zh-CN/features/platform.json
+++ b/dashboard/src/i18n/locales/zh-CN/features/platform.json
@@ -29,6 +29,11 @@
       "title": "ID 冲突警告",
       "message": "检测到 ID \"{id}\" 重复。请使用一个新的 ID。",
       "confirm": "好的"
+    },
+    "securityWarning": {
+      "title": "安全提醒",
+      "aiocqhttpTokenMissing": "为了增强连接安全性，强烈建议您设置 ws_reverse_token。未设置 Token 可能导致安全风险。",
+      "learnMore": "了解更多"
     }
   },
   "messages": {
diff --git a/dashboard/src/views/PlatformPage.vue b/dashboard/src/views/PlatformPage.vue
index c29b0a3ee..3426b3bfb 100644
--- a/dashboard/src/views/PlatformPage.vue
+++ b/dashboard/src/views/PlatformPage.vue
@@ -168,6 +168,28 @@
         </v-card-actions>
       </v-card>
     </v-dialog>
+
+    <!-- 安全警告对话框 -->
+    <v-dialog v-model="showOneBotEmptyTokenWarnDialog" max-width="600" persistent>
+      <v-card>
+        <v-card-title>
+          {{ tm('dialog.securityWarning.title') }}
+        </v-card-title>
+        <v-card-text class="py-4">
+          <p>{{ tm('dialog.securityWarning.aiocqhttpTokenMissing') }}</p>
+          <span><a href="https://docs.astrbot.app/deploy/platform/aiocqhttp/napcat.html#%E9%99%84%E5%BD%95-%E5%A2%9E%E5%BC%BA%E8%BF%9E%E6%8E%A5%E5%AE%89%E5%85%A8%E6%80%A7" target="_blank">{{ tm('dialog.securityWarning.learnMore') }}</a></span>
+        </v-card-text>
+        <v-card-actions class="px-4 pb-4">
+          <v-spacer></v-spacer>
+          <v-btn color="error" @click="handleOneBotEmptyTokenWarningDismiss(true)">
+            无视警告并继续创建
+          </v-btn>
+          <v-btn color="primary" @click="handleOneBotEmptyTokenWarningDismiss(false)">
+            重新修改
+          </v-btn>
+        </v-card-actions>
+      </v-card>
+    </v-dialog>
   </div>
 </template>
 
@@ -234,17 +256,27 @@ export default {
       conflictId: '',
       idConflictResolve: null,
 
+      // OneBot Empty Token Warning #2639
+      showOneBotEmptyTokenWarnDialog: false,
+      oneBotEmptyTokenWarningResolve: null,
+
       store: useCommonStore()
     }
   },
 
   watch: {
     showIdConflictDialog(newValue) {
-      // 当对话框关闭时，如果 Promise 还在等待，则拒绝它以防止内存泄漏
       if (!newValue && this.idConflictResolve) {
         this.idConflictResolve(false);
         this.idConflictResolve = null;
       }
+    },
+
+    showOneBotEmptyTokenWarnDialog(newValue) {
+      if (!newValue && this.oneBotEmptyTokenWarningResolve) {
+        this.oneBotEmptyTokenWarningResolve(true);
+        this.oneBotEmptyTokenWarningResolve = null;
+      }
     }
   },
 
@@ -353,24 +385,39 @@ export default {
     newPlatform() {
       this.loading = true;
       if (this.updatingMode) {
-        axios.post('/api/config/platform/update', {
-          id: this.newSelectedPlatformName,
-          config: this.newSelectedPlatformConfig
-        }).then((res) => {
-          this.loading = false;
-          this.showPlatformCfg = false;
-          this.getConfig();
-          this.showSuccess(res.data.message || this.messages.updateSuccess);
-        }).catch((err) => {
-          this.loading = false;
-          this.showError(err.response?.data?.message || err.message);
-        });
-        this.updatingMode = false;
+        if (this.newSelectedPlatformConfig.type === 'aiocqhttp') {
+          const token = this.newSelectedPlatformConfig.ws_reverse_token;
+          if (!token || token.trim() === '') {
+            this.showOneBotEmptyTokenWarning().then((continueWithWarning) => {
+              if (continueWithWarning) {
+                this.updatePlatform();
+              }
+            });
+            return;
+          }
+        }
+        this.updatePlatform();
       } else {
         this.savePlatform();
       }
     },
 
+    updatePlatform() {
+      axios.post('/api/config/platform/update', {
+        id: this.newSelectedPlatformName,
+        config: this.newSelectedPlatformConfig
+      }).then((res) => {
+        this.loading = false;
+        this.showPlatformCfg = false;
+        this.getConfig();
+        this.showSuccess(res.data.message || this.messages.updateSuccess);
+      }).catch((err) => {
+        this.loading = false;
+        this.showError(err.response?.data?.message || err.message);
+      });
+      this.updatingMode = false;
+    },
+
     async savePlatform() {
       // 检查 ID 是否已存在
       const existingPlatform = this.config_data.platform?.find(p => p.id === this.newSelectedPlatformConfig.id);
@@ -382,6 +429,17 @@ export default {
         }
       }
 
+      // 检查 aiocqhttp 适配器的安全设置
+      if (this.newSelectedPlatformConfig.type === 'aiocqhttp') {
+        const token = this.newSelectedPlatformConfig.ws_reverse_token;
+        if (!token || token.trim() === '') {
+          const continueWithWarning = await this.showOneBotEmptyTokenWarning();
+          if (!continueWithWarning) {
+            return;
+          }
+        }
+      }
+
       try {
         const res = await axios.post('/api/config/platform/new', this.newSelectedPlatformConfig);
         this.loading = false;
@@ -409,6 +467,25 @@ export default {
       this.showIdConflictDialog = false;
     },
 
+    showOneBotEmptyTokenWarning() {
+      this.showOneBotEmptyTokenWarnDialog = true;
+      return new Promise((resolve) => {
+        this.oneBotEmptyTokenWarningResolve = resolve;
+      });
+    },
+
+    handleOneBotEmptyTokenWarningDismiss(continueWithWarning) {
+      this.showOneBotEmptyTokenWarnDialog = false;
+      if (this.oneBotEmptyTokenWarningResolve) {
+        this.oneBotEmptyTokenWarningResolve(continueWithWarning);
+        this.oneBotEmptyTokenWarningResolve = null;
+      }
+      
+      if (!continueWithWarning) {
+        this.loading = false;
+      }
+    },
+
     deletePlatform(platform) {
       if (confirm(`${this.messages.deleteConfirm} ${platform.id}?`)) {
         axios.post('/api/config/platform/delete', { id: platform.id }).then((res) => {