修复权限判断问题

This commit is contained in:
mtvpls
2025-12-29 01:19:28 +08:00
parent 0a9d952929
commit 56b4d47902
8 changed files with 19 additions and 42 deletions

View File

@@ -45,12 +45,10 @@ export async function POST(request: NextRequest) {
// 获取配置与存储
const adminConfig = await getConfig();
// 权限与身份校验
// 权限与身份校验 - 使用v2用户系统
if (username !== process.env.USERNAME) {
const userEntry = adminConfig.UserConfig.Users.find(
(u) => u.username === username
);
if (!userEntry || userEntry.role !== 'admin' || userEntry.banned) {
const userInfo = await db.getUserInfoV2(username);
if (!userInfo || userInfo.role !== 'admin' || userInfo.banned) {
return NextResponse.json({ error: '权限不足' }, { status: 401 });
}
}

View File

@@ -11,16 +11,13 @@ export const runtime = 'nodejs';
export async function POST(request: NextRequest) {
try {
// 权限检查
// 权限检查 - 使用v2用户系统
const authInfo = getAuthInfoFromCookie(request);
const username = authInfo?.username;
const config = await getConfig();
if (username !== process.env.USERNAME) {
// 管理员
const user = config.UserConfig.Users.find(
(u) => u.username === username
);
if (!user || user.role !== 'admin' || user.banned) {
const userInfo = await db.getUserInfoV2(username || '');
if (!userInfo || userInfo.role !== 'admin' || userInfo.banned) {
return NextResponse.json({ error: '权限不足' }, { status: 401 });
}
}

View File

@@ -11,16 +11,13 @@ export const runtime = 'nodejs';
export async function POST(request: NextRequest) {
try {
// 权限检查
// 权限检查 - 使用v2用户系统
const authInfo = getAuthInfoFromCookie(request);
const username = authInfo?.username;
const config = await getConfig();
if (username !== process.env.USERNAME) {
// 管理员
const user = config.UserConfig.Users.find(
(u) => u.username === username
);
if (!user || user.role !== 'admin' || user.banned) {
const userInfo = await db.getUserInfoV2(username || '');
if (!userInfo || userInfo.role !== 'admin' || userInfo.banned) {
return NextResponse.json({ error: '权限不足' }, { status: 401 });
}
}

View File

@@ -37,12 +37,10 @@ export async function POST(request: NextRequest) {
// 获取配置
const adminConfig = await getConfig();
// 权限检查
// 权限检查 - 使用v2用户系统
if (username !== process.env.USERNAME) {
const userEntry = adminConfig.UserConfig.Users.find(
(u) => u.username === username
);
if (!userEntry || userEntry.role !== 'admin' || userEntry.banned) {
const userInfo = await db.getUserInfoV2(username);
if (!userInfo || userInfo.role !== 'admin' || userInfo.banned) {
return NextResponse.json({ error: '权限不足' }, { status: 401 });
}
}

View File

@@ -148,13 +148,10 @@ export async function POST(request: NextRequest) {
const adminConfig = await getConfig();
// 权限校验
// 权限校验 - 使用v2用户系统
if (username !== process.env.USERNAME) {
// 管理员
const user = adminConfig.UserConfig.Users.find(
(u) => u.username === username
);
if (!user || user.role !== 'admin' || user.banned) {
const userInfo = await db.getUserInfoV2(username);
if (!userInfo || userInfo.role !== 'admin' || userInfo.banned) {
return NextResponse.json({ error: '权限不足' }, { status: 401 });
}
}

View File

@@ -92,13 +92,10 @@ export async function POST(request: NextRequest) {
const adminConfig = await getConfig();
// 权限校验
// 权限校验 - 使用v2用户系统
if (username !== process.env.USERNAME) {
// 管理员
const user = adminConfig.UserConfig.Users.find(
(u) => u.username === username
);
if (!user || user.role !== 'admin' || user.banned) {
const userInfo = await db.getUserInfoV2(username);
if (!userInfo || userInfo.role !== 'admin' || userInfo.banned) {
return NextResponse.json({ error: '权限不足' }, { status: 401 });
}
}

View File

@@ -36,14 +36,6 @@ export async function GET(request: NextRequest) {
const operatorInfo = await db.getUserInfoV2(authInfo.username);
if (operatorInfo) {
operatorRole = operatorInfo.role;
} else {
// 回退到配置中查找
const userEntry = adminConfig.UserConfig.Users.find(
(u) => u.username === authInfo.username
);
if (userEntry) {
operatorRole = userEntry.role;
}
}
}