237899745/zsglpt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: admin auth UX, password policy, deps, db pool

Browse Source
This commit is contained in:
yuyx
2025-12-17 23:53:11 +08:00
parent 9028f7e272
commit 5851120f87
6 changed files with 46 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
routes/decorators.py
View File

@@ -4,7 +4,7 @@ from __future__ import annotations
from functools import wraps
from flask import jsonify, request, session
from flask import jsonify, redirect, request, session, url_for
from services.runtime import get_logger
@@ -18,9 +18,11 @@ def admin_required(f):
logger.debug(f"[admin_required] 检查会话admin_id存在: {'admin_id' in session}")
if "admin_id" not in session:
logger.warning(f"[admin_required] 拒绝访问 {request.path} - session中无admin_id")
return jsonify({"error": "需要管理员权限"}), 403
is_api = request.blueprint == "admin_api" or request.path.startswith("/yuyx/api")
if is_api:
return jsonify({"error": "需要管理员权限"}), 403
return redirect(url_for("pages.admin_login_page"))
logger.info(f"[admin_required] 管理员 {session.get('admin_username')} 访问 {request.path}")
return f(*args, **kwargs)
return decorated_function