From 3ccbc2c4b2f2ec37c4fb969f76ab4d105a8f77f0 Mon Sep 17 00:00:00 2001 From: ktianc <2445667550@qq.com> Date: Wed, 6 Mar 2024 18:59:29 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E6=BC=94=E7=A4=BA=E6=8E=A5?= =?UTF-8?q?=E5=8F=A3=E9=BB=91=E5=90=8D=E5=8D=95=E5=8A=9F=E8=83=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- kinit-api/application/settings.py | 4 ++++ kinit-api/core/middleware.py | 16 ++++++++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/kinit-api/application/settings.py b/kinit-api/application/settings.py index d395fbe..9cc2aad 100644 --- a/kinit-api/application/settings.py +++ b/kinit-api/application/settings.py @@ -28,6 +28,10 @@ DEMO_WHITE_LIST_PATH = [ "/vadmin/resource/images", "/vadmin/auth/user/export/query/list/to/excel" ] +"""演示功能黑名单(触发异常 status_code=403),黑名单优先级更高""" +DEMO_BLACK_LIST_PATH = [ + "/auth/api/login" +] """ 引入数据库配置 diff --git a/kinit-api/core/middleware.py b/kinit-api/core/middleware.py index fb1c940..6d5aedf 100644 --- a/kinit-api/core/middleware.py +++ b/kinit-api/core/middleware.py @@ -17,11 +17,12 @@ from core.logger import logger from fastapi import FastAPI from fastapi.routing import APIRoute from user_agents import parse -from application.settings import OPERATION_RECORD_METHOD, MONGO_DB_ENABLE, IGNORE_OPERATION_FUNCTION,\ - DEMO_WHITE_LIST_PATH, DEMO +from application.settings import OPERATION_RECORD_METHOD, MONGO_DB_ENABLE, IGNORE_OPERATION_FUNCTION, \ + DEMO_WHITE_LIST_PATH, DEMO, DEMO_BLACK_LIST_PATH from utils.response import ErrorResponse from apps.vadmin.record.crud import OperationRecordDal from core.database import mongo_getter +from utils import status def write_request_log(request: Request, response: Response): @@ -129,8 +130,15 @@ def register_demo_env_middleware(app: FastAPI): path = request.scope.get("path") if request.method != "GET": print("路由:", path, request.method) - if DEMO and request.method != "GET" and path not in DEMO_WHITE_LIST_PATH: - return ErrorResponse(msg="演示环境,禁止操作") + if DEMO and request.method != "GET": + if path in DEMO_BLACK_LIST_PATH: + return ErrorResponse( + status=status.HTTP_403_FORBIDDEN, + code=status.HTTP_403_FORBIDDEN, + msg="演示环境,禁止操作" + ) + elif path not in DEMO_WHITE_LIST_PATH: + return ErrorResponse(msg="演示环境,禁止操作") return await call_next(request)