237899745/vue-driven-cloud-storage
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: 移除管理员敏感操作的密码二次验证,修复登录流程

Browse Source 
- 移除封禁用户、修改存储权限等操作的密码验证要求
- 修复普通用户登录后的文件列表加载逻辑

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
237899745
2026-01-22 19:12:22 +08:00
parent 67f13b1053
commit 4bc147e53c
2 changed files with 7 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
backend/server.js
View File

@@ -4558,7 +4558,7 @@ app.get('/api/admin/settings', authMiddleware, adminMiddleware, (req, res) => {
app.post('/api/admin/settings', app.post('/api/admin/settings',
authMiddleware, authMiddleware,
adminMiddleware, adminMiddleware,
requirePasswordConfirmation, // 安全修复:添加密码二次验证(系统设置影响全局) // 注意:已移除 requirePasswordConfirmation 中间件,依赖管理员登录认证
(req, res) => { (req, res) => {
try { try {
const { max_upload_size, smtp, global_theme } = req.body; const { max_upload_size, smtp, global_theme } = req.body;
@@ -4675,7 +4675,6 @@ app.get('/api/admin/unified-oss-config', authMiddleware, adminMiddleware, (req,
app.post('/api/admin/unified-oss-config', app.post('/api/admin/unified-oss-config',
authMiddleware, authMiddleware,
adminMiddleware, adminMiddleware,
requirePasswordConfirmation, // 安全修复:添加密码二次验证
[ [
body('provider').isIn(['aliyun', 'tencent', 'aws']).withMessage('无效的OSS服务商'), body('provider').isIn(['aliyun', 'tencent', 'aws']).withMessage('无效的OSS服务商'),
body('region').notEmpty().withMessage('地域不能为空'), body('region').notEmpty().withMessage('地域不能为空'),
@@ -4817,7 +4816,6 @@ app.post('/api/admin/unified-oss-config/test',
app.delete('/api/admin/unified-oss-config', app.delete('/api/admin/unified-oss-config',
authMiddleware, authMiddleware,
adminMiddleware, adminMiddleware,
requirePasswordConfirmation, // 安全修复:添加密码二次验证
(req, res) => { (req, res) => {
try { try {
SettingsDB.clearUnifiedOssConfig(); SettingsDB.clearUnifiedOssConfig();
@@ -5101,7 +5099,6 @@ app.get('/api/admin/wal-info', authMiddleware, adminMiddleware, (req, res) => {
app.post('/api/admin/wal-checkpoint', app.post('/api/admin/wal-checkpoint',
authMiddleware, authMiddleware,
adminMiddleware, adminMiddleware,
requirePasswordConfirmation, // 安全修复WAL 检查点是敏感操作
(req, res) => { (req, res) => {
try { try {
const beforeSize = WalManager.getWalFileSize(); const beforeSize = WalManager.getWalFileSize();
@@ -5330,7 +5327,6 @@ app.get('/api/admin/logs/stats', authMiddleware, adminMiddleware, (req, res) =>
app.post('/api/admin/logs/cleanup', app.post('/api/admin/logs/cleanup',
authMiddleware, authMiddleware,
adminMiddleware, adminMiddleware,
requirePasswordConfirmation, // 安全修复:添加密码二次验证(日志清理影响审计追踪)
(req, res) => { (req, res) => {
try { try {
const { keepDays = 90 } = req.body; const { keepDays = 90 } = req.body;
@@ -5428,7 +5424,6 @@ app.get('/api/admin/storage-cache/check/:userId',
app.post('/api/admin/storage-cache/rebuild/:userId', app.post('/api/admin/storage-cache/rebuild/:userId',
authMiddleware, authMiddleware,
adminMiddleware, adminMiddleware,
requirePasswordConfirmation, // 安全修复:重建缓存是敏感操作
async (req, res) => { async (req, res) => {
try { try {
const { userId } = req.params; const { userId } = req.params;
@@ -5538,7 +5533,6 @@ app.get('/api/admin/storage-cache/check-all',
app.post('/api/admin/storage-cache/auto-fix', app.post('/api/admin/storage-cache/auto-fix',
authMiddleware, authMiddleware,
adminMiddleware, adminMiddleware,
requirePasswordConfirmation, // 安全修复:批量修复是敏感操作
async (req, res) => { async (req, res) => {
try { try {
const { threshold = 0 } = req.body; // 差异阈值(字节) const { threshold = 0 } = req.body; // 差异阈值(字节)
@@ -5614,7 +5608,6 @@ app.post('/api/admin/storage-cache/auto-fix',
app.post('/api/admin/users/:id/ban', app.post('/api/admin/users/:id/ban',
authMiddleware, authMiddleware,
adminMiddleware, adminMiddleware,
requirePasswordConfirmation, // 安全修复:添加密码二次验证(封禁用户是敏感操作)
(req, res) => { (req, res) => {
try { try {
const { id } = req.params; const { id } = req.params;
@@ -5687,7 +5680,6 @@ app.post('/api/admin/users/:id/ban',
app.delete('/api/admin/users/:id', app.delete('/api/admin/users/:id',
authMiddleware, authMiddleware,
adminMiddleware, adminMiddleware,
requirePasswordConfirmation, // 安全修复:添加密码二次验证
async (req, res) => { async (req, res) => {
try { try {
const { id } = req.params; const { id } = req.params;
@@ -5841,7 +5833,6 @@ function getUserDirectorySize(dirPath) {
app.post('/api/admin/users/:id/storage-permission', app.post('/api/admin/users/:id/storage-permission',
authMiddleware, authMiddleware,
adminMiddleware, adminMiddleware,
requirePasswordConfirmation, // 安全修复:添加密码二次验证(修改存储权限影响用户数据访问)
[ [
body('storage_permission').isIn(['local_only', 'oss_only', 'user_choice']).withMessage('无效的存储权限') body('storage_permission').isIn(['local_only', 'oss_only', 'user_choice']).withMessage('无效的存储权限')
], ],
@@ -6005,7 +5996,6 @@ app.get('/api/admin/shares', authMiddleware, adminMiddleware, (req, res) => {
app.delete('/api/admin/shares/:id', app.delete('/api/admin/shares/:id',
authMiddleware, authMiddleware,
adminMiddleware, adminMiddleware,
requirePasswordConfirmation, // 安全修复:添加密码二次验证(删除用户分享是敏感操作)
(req, res) => { (req, res) => {
try { try {
// 参数验证:验证 ID 格式 // 参数验证:验证 ID 格式

15
frontend/app.js
View File

@@ -679,16 +679,14 @@ handleDragLeave(e) {
else { else {
// 如果用户可以使用本地存储,直接进入文件页面 // 如果用户可以使用本地存储,直接进入文件页面
if (this.storagePermission === 'local_only' || this.storagePermission === 'user_choice') { if (this.storagePermission === 'local_only' || this.storagePermission === 'user_choice') {
if (!this.user.is_admin) { this.currentView = 'files';
this.currentView = 'files'; this.loadFiles('/');
this.loadFiles('/'); }
} }
// 如果仅OSS模式需要检查是否配置了OSS包括系统级统一配置 // 如果仅OSS模式需要检查是否配置了OSS包括系统级统一配置
else if (this.storagePermission === 'oss_only') { else if (this.storagePermission === 'oss_only') {
if (this.user?.oss_config_source !== 'none') { if (this.user?.oss_config_source !== 'none') {
if (!this.user.is_admin) { this.currentView = 'files';
this.currentView = 'files'; this.loadFiles('/');
this.loadFiles('/'); }
} else { } else {
this.currentView = 'settings'; this.currentView = 'settings';
this.showToast('info', '欢迎', '请先配置您的OSS服务'); this.showToast('info', '欢迎', '请先配置您的OSS服务');
@@ -696,9 +694,8 @@ handleDragLeave(e) {
} }
} else { } else {
// 默认行为:跳转到文件页面 // 默认行为:跳转到文件页面
if (!this.user.is_admin) { this.currentView = 'files';
this.currentView = 'files'; this.loadFiles('/');
this.loadFiles('/'); }
} }
} }
} }