diff --git a/kinit-api/application/settings.py b/kinit-api/application/settings.py index d395fbe..9cc2aad 100644 --- a/kinit-api/application/settings.py +++ b/kinit-api/application/settings.py @@ -28,6 +28,10 @@ DEMO_WHITE_LIST_PATH = [ "/vadmin/resource/images", "/vadmin/auth/user/export/query/list/to/excel" ] +"""演示功能黑名单(触发异常 status_code=403),黑名单优先级更高""" +DEMO_BLACK_LIST_PATH = [ + "/auth/api/login" +] """ 引入数据库配置 diff --git a/kinit-api/core/middleware.py b/kinit-api/core/middleware.py index fb1c940..6d5aedf 100644 --- a/kinit-api/core/middleware.py +++ b/kinit-api/core/middleware.py @@ -17,11 +17,12 @@ from core.logger import logger from fastapi import FastAPI from fastapi.routing import APIRoute from user_agents import parse -from application.settings import OPERATION_RECORD_METHOD, MONGO_DB_ENABLE, IGNORE_OPERATION_FUNCTION,\ - DEMO_WHITE_LIST_PATH, DEMO +from application.settings import OPERATION_RECORD_METHOD, MONGO_DB_ENABLE, IGNORE_OPERATION_FUNCTION, \ + DEMO_WHITE_LIST_PATH, DEMO, DEMO_BLACK_LIST_PATH from utils.response import ErrorResponse from apps.vadmin.record.crud import OperationRecordDal from core.database import mongo_getter +from utils import status def write_request_log(request: Request, response: Response): @@ -129,8 +130,15 @@ def register_demo_env_middleware(app: FastAPI): path = request.scope.get("path") if request.method != "GET": print("路由:", path, request.method) - if DEMO and request.method != "GET" and path not in DEMO_WHITE_LIST_PATH: - return ErrorResponse(msg="演示环境,禁止操作") + if DEMO and request.method != "GET": + if path in DEMO_BLACK_LIST_PATH: + return ErrorResponse( + status=status.HTTP_403_FORBIDDEN, + code=status.HTTP_403_FORBIDDEN, + msg="演示环境,禁止操作" + ) + elif path not in DEMO_WHITE_LIST_PATH: + return ErrorResponse(msg="演示环境,禁止操作") return await call_next(request)