xinyin025/new-api
1
0
Fork 0
mirror of https://github.com/linux-do/new-api.git synced 2025-09-20 09:16:37 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: 修复nginx缓存导致串用户问题

Browse Source
This commit is contained in:
CalciumIon 2024-07-19 13:39:05 +08:00
parent e2cf6b1e14
commit ce815a98d0
3 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
middleware/auth.go
View File

@ -6,6 +6,7 @@ import (
"net/http" "net/http"
"one-api/common" "one-api/common"
"one-api/model" "one-api/model"
"strconv"
"strings" "strings"
) )
@ -15,6 +16,7 @@ func authHelper(c *gin.Context, minRole int) {
role := session.Get("role") role := session.Get("role")
id := session.Get("id") id := session.Get("id")
status := session.Get("status") status := session.Get("status")
useAccessToken := false
if username == nil { if username == nil {
// Check access token // Check access token
accessToken := c.Request.Header.Get("Authorization") accessToken := c.Request.Header.Get("Authorization")
@ -33,6 +35,7 @@ func authHelper(c *gin.Context, minRole int) {
role = user.Role role = user.Role
id = user.Id id = user.Id
status = user.Status status = user.Status
useAccessToken = true
} else { } else {
c.JSON(http.StatusOK, gin.H{ c.JSON(http.StatusOK, gin.H{
"success": false, "success": false,
@ -42,6 +45,36 @@ func authHelper(c *gin.Context, minRole int) {
return return
} }
} }
if !useAccessToken {
// get header New-Api-User
apiUserIdStr := c.Request.Header.Get("New-Api-User")
if apiUserIdStr == "" {
c.JSON(http.StatusUnauthorized, gin.H{
"success": false,
"message": "无权进行此操作,请刷新页面或清空缓存后重试",
})
c.Abort()
return
}
apiUserId, err := strconv.Atoi(apiUserIdStr)
if err != nil {
c.JSON(http.StatusUnauthorized, gin.H{
"success": false,
"message": "无权进行此操作,登录信息无效,请重新登录",
})
c.Abort()
return
}
if id != apiUserId {
c.JSON(http.StatusUnauthorized, gin.H{
"success": false,
"message": "无权进行此操作,与登录用户不匹配,请重新登录",
})
c.Abort()
return
}
}
if status.(int) == common.UserStatusDisabled { if status.(int) == common.UserStatusDisabled {
c.JSON(http.StatusOK, gin.H{ c.JSON(http.StatusOK, gin.H{
"success": false, "success": false,

5
web/src/helpers/api.js
View File

@ -1,10 +1,13 @@
import { showError } from './utils'; import { getUserIdFromLocalStorage, showError } from './utils';
import axios from 'axios'; import axios from 'axios';
export const API = axios.create({ export const API = axios.create({
baseURL: import.meta.env.VITE_REACT_APP_SERVER_URL baseURL: import.meta.env.VITE_REACT_APP_SERVER_URL
? import.meta.env.VITE_REACT_APP_SERVER_URL ? import.meta.env.VITE_REACT_APP_SERVER_URL
: '', : '',
headers: {
'New-API-User': getUserIdFromLocalStorage()
}
}); });
API.interceptors.response.use( API.interceptors.response.use(

7
web/src/helpers/utils.js
View File

@ -33,6 +33,13 @@ export function getLogo() {
return logo; return logo;
} }
export function getUserIdFromLocalStorage() {
let user = localStorage.getItem('user');
if (!user) return -1;
user = JSON.parse(user);
return user.id;
}
export function getFooterHTML() { export function getFooterHTML() {
return localStorage.getItem('footer_html'); return localStorage.getItem('footer_html');
} }