From 4bc147e53c0f18eee327a22d2924af894473517e Mon Sep 17 00:00:00 2001
From: 237899745 <237899745@qq.com>
Date: Thu, 22 Jan 2026 19:12:22 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E7=A7=BB=E9=99=A4=E7=AE=A1=E7=90=86?=
 =?UTF-8?q?=E5=91=98=E6=95=8F=E6=84=9F=E6=93=8D=E4=BD=9C=E7=9A=84=E5=AF=86?=
 =?UTF-8?q?=E7=A0=81=E4=BA=8C=E6=AC=A1=E9=AA=8C=E8=AF=81=EF=BC=8C=E4=BF=AE?=
 =?UTF-8?q?=E5=A4=8D=E7=99=BB=E5=BD=95=E6=B5=81=E7=A8=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 移除封禁用户、修改存储权限等操作的密码验证要求
- 修复普通用户登录后的文件列表加载逻辑

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 backend/server.js | 12 +-----------
 frontend/app.js   | 15 ++++++---------
 2 files changed, 7 insertions(+), 20 deletions(-)

diff --git a/backend/server.js b/backend/server.js
index 0600653..2b3ecab 100644
--- a/backend/server.js
+++ b/backend/server.js
@@ -4558,7 +4558,7 @@ app.get('/api/admin/settings', authMiddleware, adminMiddleware, (req, res) => {
 app.post('/api/admin/settings',
   authMiddleware,
   adminMiddleware,
-  requirePasswordConfirmation, // 安全修复：添加密码二次验证（系统设置影响全局）
+  // 注意：已移除 requirePasswordConfirmation 中间件，依赖管理员登录认证
   (req, res) => {
   try {
     const { max_upload_size, smtp, global_theme } = req.body;
@@ -4675,7 +4675,6 @@ app.get('/api/admin/unified-oss-config', authMiddleware, adminMiddleware, (req,
 app.post('/api/admin/unified-oss-config',
   authMiddleware,
   adminMiddleware,
-  requirePasswordConfirmation, // 安全修复：添加密码二次验证
   [
     body('provider').isIn(['aliyun', 'tencent', 'aws']).withMessage('无效的OSS服务商'),
     body('region').notEmpty().withMessage('地域不能为空'),
@@ -4817,7 +4816,6 @@ app.post('/api/admin/unified-oss-config/test',
 app.delete('/api/admin/unified-oss-config',
   authMiddleware,
   adminMiddleware,
-  requirePasswordConfirmation, // 安全修复：添加密码二次验证
   (req, res) => {
   try {
     SettingsDB.clearUnifiedOssConfig();
@@ -5101,7 +5099,6 @@ app.get('/api/admin/wal-info', authMiddleware, adminMiddleware, (req, res) => {
 app.post('/api/admin/wal-checkpoint',
   authMiddleware,
   adminMiddleware,
-  requirePasswordConfirmation, // 安全修复：WAL 检查点是敏感操作
   (req, res) => {
     try {
       const beforeSize = WalManager.getWalFileSize();
@@ -5330,7 +5327,6 @@ app.get('/api/admin/logs/stats', authMiddleware, adminMiddleware, (req, res) =>
 app.post('/api/admin/logs/cleanup',
   authMiddleware,
   adminMiddleware,
-  requirePasswordConfirmation, // 安全修复：添加密码二次验证（日志清理影响审计追踪）
   (req, res) => {
   try {
     const { keepDays = 90 } = req.body;
@@ -5428,7 +5424,6 @@ app.get('/api/admin/storage-cache/check/:userId',
 app.post('/api/admin/storage-cache/rebuild/:userId',
   authMiddleware,
   adminMiddleware,
-  requirePasswordConfirmation, // 安全修复：重建缓存是敏感操作
   async (req, res) => {
     try {
       const { userId } = req.params;
@@ -5538,7 +5533,6 @@ app.get('/api/admin/storage-cache/check-all',
 app.post('/api/admin/storage-cache/auto-fix',
   authMiddleware,
   adminMiddleware,
-  requirePasswordConfirmation, // 安全修复：批量修复是敏感操作
   async (req, res) => {
     try {
       const { threshold = 0 } = req.body; // 差异阈值（字节）
@@ -5614,7 +5608,6 @@ app.post('/api/admin/storage-cache/auto-fix',
 app.post('/api/admin/users/:id/ban',
   authMiddleware,
   adminMiddleware,
-  requirePasswordConfirmation, // 安全修复：添加密码二次验证（封禁用户是敏感操作）
   (req, res) => {
   try {
     const { id } = req.params;
@@ -5687,7 +5680,6 @@ app.post('/api/admin/users/:id/ban',
 app.delete('/api/admin/users/:id',
   authMiddleware,
   adminMiddleware,
-  requirePasswordConfirmation, // 安全修复：添加密码二次验证
   async (req, res) => {
   try {
     const { id } = req.params;
@@ -5841,7 +5833,6 @@ function getUserDirectorySize(dirPath) {
 app.post('/api/admin/users/:id/storage-permission',
   authMiddleware,
   adminMiddleware,
-  requirePasswordConfirmation, // 安全修复：添加密码二次验证（修改存储权限影响用户数据访问）
   [
     body('storage_permission').isIn(['local_only', 'oss_only', 'user_choice']).withMessage('无效的存储权限')
   ],
@@ -6005,7 +5996,6 @@ app.get('/api/admin/shares', authMiddleware, adminMiddleware, (req, res) => {
 app.delete('/api/admin/shares/:id',
   authMiddleware,
   adminMiddleware,
-  requirePasswordConfirmation, // 安全修复：添加密码二次验证（删除用户分享是敏感操作）
   (req, res) => {
   try {
     // 参数验证：验证 ID 格式
diff --git a/frontend/app.js b/frontend/app.js
index 681eef4..7152be3 100644
--- a/frontend/app.js
+++ b/frontend/app.js
@@ -679,16 +679,14 @@ handleDragLeave(e) {
           else {
             // 如果用户可以使用本地存储，直接进入文件页面
             if (this.storagePermission === 'local_only' || this.storagePermission === 'user_choice') {
-              if (!this.user.is_admin) {
-            this.currentView = 'files';
-              this.loadFiles('/'); }
+              this.currentView = 'files';
+              this.loadFiles('/');
             }
             // 如果仅OSS模式，需要检查是否配置了OSS（包括系统级统一配置）
             else if (this.storagePermission === 'oss_only') {
               if (this.user?.oss_config_source !== 'none') {
-                if (!this.user.is_admin) {
-            this.currentView = 'files';
-                this.loadFiles('/'); }
+                this.currentView = 'files';
+                this.loadFiles('/');
               } else {
                 this.currentView = 'settings';
                 this.showToast('info', '欢迎', '请先配置您的OSS服务');
@@ -696,9 +694,8 @@ handleDragLeave(e) {
               }
             } else {
               // 默认行为：跳转到文件页面
-              if (!this.user.is_admin) {
-            this.currentView = 'files';
-              this.loadFiles('/'); }
+              this.currentView = 'files';
+              this.loadFiles('/');
             }
           }
         }