Harden auth, CSRF, and email log UX

2025-12-26 19:05:20 +08:00
parent 3214cbbd91
commit f90b0a4f11
47 changed files with 583 additions and 198 deletions
--- a/admin-frontend/src/api/client.js
+++ b/admin-frontend/src/api/client.js
@@ -12,12 +12,30 @@ function toastErrorOnce(key, message, minIntervalMs = 1500) {
  ElMessage.error(message)
 }

+function getCookie(name) {
+  const escaped = String(name || '').replace(/([.*+?^${}()|[\]\\])/g, '\\$1')
+  const match = document.cookie.match(new RegExp(`(?:^|; )${escaped}=([^;]*)`))
+  return match ? decodeURIComponent(match[1]) : ''
+}
+
 export const api = axios.create({
  baseURL: '/yuyx/api',
  timeout: 30_000,
  withCredentials: true,
 })

+api.interceptors.request.use((config) => {
+  const method = String(config?.method || 'GET').toUpperCase()
+  if (!['GET', 'HEAD', 'OPTIONS'].includes(method)) {
+    const token = getCookie('csrf_token')
+    if (token) {
+      config.headers = config.headers || {}
+      config.headers['X-CSRF-Token'] = token
+    }
+  }
+  return config
+})
+
 api.interceptors.response.use(
  (response) => response,
  (error) => {
--- a/admin-frontend/src/pages/EmailPage.vue
+++ b/admin-frontend/src/pages/EmailPage.vue
@@ -477,6 +477,12 @@ function emailTypeLabel(type) {
  return map[type] || type
 }

+function emailLogUserLabel(row) {
+  if (row?.username && row?.user_id) return `${row.username} (#${row.user_id})`
+  if (row?.user_id) return `用户#${row.user_id}`
+  return '系统'
+}
+
 async function loadEmailStats() {
  emailStatsLoading.value = true
  try {
@@ -709,6 +715,11 @@ onMounted(refreshAll)
        <el-table :data="emailLogs" v-loading="emailLogsLoading" style="width: 100%">
          <el-table-column prop="created_at" label="时间" width="180" />
          <el-table-column prop="email_to" label="收件人" min-width="180" />
+          <el-table-column label="来源用户" min-width="160">
+            <template #default="{ row }">
+              <span class="ellipsis" :title="emailLogUserLabel(row)">{{ emailLogUserLabel(row) }}</span>
+            </template>
+          </el-table-column>
          <el-table-column label="类型" width="120">
            <template #default="{ row }">{{ emailTypeLabel(row.email_type) }}</template>
          </el-table-column>