From 4d4a6b56989fe8ff449faff4c379e2fb94b15fdd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=A5=E5=AE=B6=E8=BE=89?= Date: Thu, 4 Jul 2024 21:21:12 +0800 Subject: [PATCH 1/2] fix: #32 Some interfaces have not undergone permission verification --- routers/files.js | 43 +++++++++++++++++++------------------------ routers/users.js | 4 ++-- 2 files changed, 21 insertions(+), 26 deletions(-) diff --git a/routers/files.js b/routers/files.js index 4ad3281..3fa3740 100644 --- a/routers/files.js +++ b/routers/files.js @@ -294,12 +294,7 @@ router.get("/files/:id", validateParams(FILES_REST_ID), async (ctx) => { // 编辑文件信息接口 router.put("/files/:id", validateParams(FILES_REST_ID), async (ctx) => { const { id } = ctx.params; - const { - filename, - is_public, - public_expiration, - public_by, - } = ctx.request.body; + const { filename, is_public, public_expiration } = ctx.request.body; try { // 查找文件 @@ -324,28 +319,27 @@ router.put("/files/:id", validateParams(FILES_REST_ID), async (ctx) => { updated_by: ctx.state.user.id, updated_at: new Date(), public_expiration, - public_by, }); - const updatedFile = { - id: file.id, - filename: file.filename, - is_public: file.is_public, - public_expiration: file.public_expiration, - is_thumb: file.is_thumb, - file_size: file.file_size, - file_location: file.file_location, - thumb_location: file.thumb_location, - mime: file.mime, - ext: file.ext, - created_at: file.created_at, - created_by: file.created_by, - updated_at: file.updated_at, - updated_by: file.updated_by, - }; + // const updatedFile = { + // id: file.id, + // filename: file.filename, + // is_public: file.is_public, + // public_expiration: file.public_expiration, + // is_thumb: file.is_thumb, + // file_size: file.file_size, + // file_location: file.file_location, + // thumb_location: file.thumb_location, + // mime: file.mime, + // ext: file.ext, + // created_at: file.created_at, + // created_by: file.created_by, + // updated_at: file.updated_at, + // updated_by: file.updated_by, + // }; // 返回更新后的文件信息 - ctx.body = updatedFile; + ctx.body = file; } catch (error) { ctx.status = 500; ctx.body = { @@ -366,6 +360,7 @@ router.delete("/files/:id", validateParams(FILES_REST_ID), async (ctx) => { where: { id, is_delete: false, + created_by: ctx.state.user.id, }, }); diff --git a/routers/users.js b/routers/users.js index 1a206e4..c3465e1 100644 --- a/routers/users.js +++ b/routers/users.js @@ -128,10 +128,10 @@ router.post("/logout", async (ctx) => { // 从 Redis 中删除 token await redisClient.del(`user_login:${id}`); - ctx.status = 200; + ctx.status = 204; ctx.body = { message: "Logout successful" }; } catch (error) { - ctx.status = 500; + ctx.status = 200; ctx.body = { message: "Internal server error" }; } }); From b8eba1441dfb6246b8712a3ca0bd21ddd7004997 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B8=A5=E5=AE=B6=E8=BE=89?= Date: Thu, 4 Jul 2024 21:22:15 +0800 Subject: [PATCH 2/2] fix: #32 Some interfaces have not undergone permission verification --- routers/files.js | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/routers/files.js b/routers/files.js index 3fa3740..c7f5552 100644 --- a/routers/files.js +++ b/routers/files.js @@ -321,23 +321,6 @@ router.put("/files/:id", validateParams(FILES_REST_ID), async (ctx) => { public_expiration, }); - // const updatedFile = { - // id: file.id, - // filename: file.filename, - // is_public: file.is_public, - // public_expiration: file.public_expiration, - // is_thumb: file.is_thumb, - // file_size: file.file_size, - // file_location: file.file_location, - // thumb_location: file.thumb_location, - // mime: file.mime, - // ext: file.ext, - // created_at: file.created_at, - // created_by: file.created_by, - // updated_at: file.updated_at, - // updated_by: file.updated_by, - // }; - // 返回更新后的文件信息 ctx.body = file; } catch (error) {