237899745/vue-driven-cloud-storage
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

chore: 移除系统设置的密码二次验证

Browse Source 
移除 /api/admin/settings 路由的 requirePasswordConfirmation 中间件,
简化管理员操作流程。系统设置更新现在仅依赖管理员登录认证。

注意:此修改降低了安全性,建议在生产环境中考虑其他安全措施。

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
yuyx
2026-01-21 11:58:39 +08:00
parent e5e2bfd9db
commit d46d20f670
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/server.js
View File

@@ -4555,10 +4555,10 @@ app.get('/api/admin/settings', authMiddleware, adminMiddleware, (req, res) => {
}); });
// 更新系统设置 // 更新系统设置
// 注意:已移除 requirePasswordConfirmation 中间件,依赖管理员登录认证
app.post('/api/admin/settings', app.post('/api/admin/settings',
authMiddleware, authMiddleware,
adminMiddleware, adminMiddleware,
requirePasswordConfirmation, // 安全修复:添加密码二次验证(系统设置影响全局)
(req, res) => { (req, res) => {
try { try {
const { max_upload_size, smtp, global_theme } = req.body; const { max_upload_size, smtp, global_theme } = req.body;