zhuchaowe/maxkb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Access can only be granted after OpenAPI authentication (#3601)

Browse Source
This commit is contained in:
shaohuzhang1 2025-07-15 14:51:50 +08:00 committed by GitHub
parent ad44d4d6b2
commit 28b97cd2dd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 86 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

125
apps/common/middleware/doc_headers_middleware.py
View File

@ -14,52 +14,99 @@ from common.auth import TokenDetails, handles
from maxkb.const import CONFIG from maxkb.const import CONFIG
content = """ content = """
<!doctype html> <!DOCTYPE html>
<html lang="en"> <html lang="en">
<head> <head>
<meta charset="UTF-8" /> <meta charset="UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Document</title> <title>Document</title>
<script>
function setCookie(name, value, days) {
var expires = "";
if (days) {
var date = new Date();
date.setTime(date.getTime() + (days*2));
expires = "; expires=" + date.toUTCString();
}
document.cookie = name + "=" + (value || "") + expires + "; path=/";
}
window.onload = () => {
var xhr = new XMLHttpRequest()
xhr.open('GET', '/api/user/profile', true)
xhr.setRequestHeader('Content-Type', 'application/json')
const token = localStorage.getItem('token')
const pathname = window.location.pathname
if (token) {
xhr.setRequestHeader('Authorization', 'Bearer '+token)
xhr.onreadystatechange = function () {
if (xhr.readyState === 4) {
if (xhr.status === 200) {
setCookie("Authorization",'Bearer '+token)
window.location.href = pathname
}
if (xhr.status === 401) {
window.location.href = '/admin/login'
}
}
}
xhr.send()
} else {
window.location.href = '/admin/login'
}
}
</script>
</head> </head>
<body></body> <style>
/* 弹框内容样式 */
.modal-content {
background-color: #fefefe;
margin: 15% auto; /* 15% 从顶部和自动水平居中 */
padding: 20px;
border: 1px solid #888;
width: 80%; /* 宽度 */
}
</style>
<body>
<div class="modal-content">
<input type="text" id="auth-input" />
<button id="auth">认证</button>
<button id="goLogin">去登录</button>
</div>
<script>
const setCookie = (name, value, days) => {
var expires = "";
if (days) {
var date = new Date();
date.setTime(date.getTime() + days * 2);
expires = "; expires=" + date.toUTCString();
}
document.cookie = name + "=" + (value || "") + expires + "; path=/";
};
const authToken = (token) => {
return new Promise((resolve, reject) => {
try {
var xhr = new XMLHttpRequest();
xhr.open("GET", "/api/user/profile", true);
xhr.setRequestHeader("Content-Type", "application/json");
const pathname = window.location.pathname;
if (token) {
xhr.setRequestHeader("Authorization", "Bearer " + token);
xhr.onreadystatechange = function () {
if (xhr.readyState === 4) {
if (xhr.status === 200) {
resolve(true);
} else {
reject(true);
}
}
};
xhr.send();
}
} catch (e) {
reject(false);
}
});
};
window.onload = () => {
const token = localStorage.getItem("token");
authToken(token)
.then(() => {
setCookie("Authorization", "Bearer " + token);
window.location.href = window.location.pathname;
})
.catch((e) => {});
};
// 获取元素
const auth = document.getElementById("auth");
const goLogin = document.getElementById("goLogin");
// 打开弹框函数
auth.onclick = ()=> {
const authInput = document.getElementById("auth-input");
const token = authInput.value
authToken(token)
.then(() => {
setCookie("Authorization", "Bearer " + token);
window.location.href = window.location.pathname;
})
.catch((e) => {
alert("令牌错误");
});
};
// 去系统的登录页面
goLogin.onclick = ()=> {
window.location.href = "/admin/login";
};
</script>
</body>
</html> </html>
""".replace("/api/user/profile", CONFIG.get_admin_path() + '/api/user/profile').replace('/admin/login', """.replace("/api/user/profile", CONFIG.get_admin_path() + '/api/user/profile').replace('/admin/login',