feat: make banned user logout

2026-02-21 00:44:41 +08:00 · 2025-08-06 19:10:01 +08:00
parent e8bbf50412
commit 06ed12bb3a
12 changed files with 152 additions and 7 deletions
--- a/VERSION.txt
+++ b/VERSION.txt
@@ -1 +1 @@
-20250806184650
+20250806191001
--- a/src/app/api/admin/category/route.ts
+++ b/src/app/api/admin/category/route.ts
@@ -60,7 +60,7 @@ export async function POST(request: NextRequest) {
      const userEntry = adminConfig.UserConfig.Users.find(
        (u) => u.username === username
      );
-      if (!userEntry || userEntry.role !== 'admin') {
+      if (!userEntry || userEntry.role !== 'admin' || userEntry.banned) {
        return NextResponse.json({ error: '权限不足' }, { status: 401 });
      }
    }
--- a/src/app/api/admin/config/route.ts
+++ b/src/app/api/admin/config/route.ts
@@ -35,7 +35,7 @@ export async function GET(request: NextRequest) {
      result.Role = 'owner';
    } else {
      const user = config.UserConfig.Users.find((u) => u.username === username);
-      if (user && user.role === 'admin') {
+      if (user && user.role === 'admin' && !user.banned) {
        result.Role = 'admin';
      } else {
        return NextResponse.json(
--- a/src/app/api/admin/site/route.ts
+++ b/src/app/api/admin/site/route.ts
@@ -68,7 +68,7 @@ export async function POST(request: NextRequest) {
      const user = adminConfig.UserConfig.Users.find(
        (u) => u.username === username
      );
-      if (!user || user.role !== 'admin') {
+      if (!user || user.role !== 'admin' || user.banned) {
        return NextResponse.json({ error: '权限不足' }, { status: 401 });
      }
    }
--- a/src/app/api/admin/source/route.ts
+++ b/src/app/api/admin/source/route.ts
@@ -52,7 +52,7 @@ export async function POST(request: NextRequest) {
      const userEntry = adminConfig.UserConfig.Users.find(
        (u) => u.username === username
      );
-      if (!userEntry || userEntry.role !== 'admin') {
+      if (!userEntry || userEntry.role !== 'admin' || userEntry.banned) {
        return NextResponse.json({ error: '权限不足' }, { status: 401 });
      }
    }
--- a/src/app/api/admin/user/route.ts
+++ b/src/app/api/admin/user/route.ts
@@ -85,7 +85,7 @@ export async function POST(request: NextRequest) {
      const userEntry = adminConfig.UserConfig.Users.find(
        (u) => u.username === username
      );
-      if (!userEntry || userEntry.role !== 'admin') {
+      if (!userEntry || userEntry.role !== 'admin' || userEntry.banned) {
        return NextResponse.json({ error: '权限不足' }, { status: 401 });
      }
      operatorRole = 'admin';
--- a/src/app/api/favorites/route.ts
+++ b/src/app/api/favorites/route.ts
@@ -3,6 +3,7 @@
 import { NextRequest, NextResponse } from 'next/server';

 import { getAuthInfoFromCookie } from '@/lib/auth';
+import { getConfig } from '@/lib/config';
 import { db } from '@/lib/db';
 import { Favorite } from '@/lib/types';

@@ -23,6 +24,17 @@ export async function GET(request: NextRequest) {
      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
    }

+    const config = await getConfig();
+    if (config.UserConfig.Users) {
+      // 检查用户是否被封禁
+      const user = config.UserConfig.Users.find(
+        (u) => u.username === authInfo.username
+      );
+      if (user && user.banned) {
+        return NextResponse.json({ error: '用户已被封禁' }, { status: 401 });
+      }
+    }
+
    const { searchParams } = new URL(request.url);
    const key = searchParams.get('key');

@@ -63,6 +75,17 @@ export async function POST(request: NextRequest) {
      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
    }

+    const config = await getConfig();
+    if (config.UserConfig.Users) {
+      // 检查用户是否被封禁
+      const user = config.UserConfig.Users.find(
+        (u) => u.username === authInfo.username
+      );
+      if (user && user.banned) {
+        return NextResponse.json({ error: '用户已被封禁' }, { status: 401 });
+      }
+    }
+
    const body = await request.json();
    const { key, favorite }: { key: string; favorite: Favorite } = body;

@@ -120,6 +143,17 @@ export async function DELETE(request: NextRequest) {
      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
    }

+    const config = await getConfig();
+    if (config.UserConfig.Users) {
+      // 检查用户是否被封禁
+      const user = config.UserConfig.Users.find(
+        (u) => u.username === authInfo.username
+      );
+      if (user && user.banned) {
+        return NextResponse.json({ error: '用户已被封禁' }, { status: 401 });
+      }
+    }
+
    const username = authInfo.username;
    const { searchParams } = new URL(request.url);
    const key = searchParams.get('key');
--- a/src/app/api/playrecords/route.ts
+++ b/src/app/api/playrecords/route.ts
@@ -3,6 +3,7 @@
 import { NextRequest, NextResponse } from 'next/server';

 import { getAuthInfoFromCookie } from '@/lib/auth';
+import { getConfig } from '@/lib/config';
 import { db } from '@/lib/db';
 import { PlayRecord } from '@/lib/types';

@@ -16,6 +17,17 @@ export async function GET(request: NextRequest) {
      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
    }

+    const config = await getConfig();
+    if (config.UserConfig.Users) {
+      // 检查用户是否被封禁
+      const user = config.UserConfig.Users.find(
+        (u) => u.username === authInfo.username
+      );
+      if (user && user.banned) {
+        return NextResponse.json({ error: '用户已被封禁' }, { status: 401 });
+      }
+    }
+
    const records = await db.getAllPlayRecords(authInfo.username);
    return NextResponse.json(records, { status: 200 });
  } catch (err) {
@@ -35,6 +47,17 @@ export async function POST(request: NextRequest) {
      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
    }

+    const config = await getConfig();
+    if (config.UserConfig.Users) {
+      // 检查用户是否被封禁
+      const user = config.UserConfig.Users.find(
+        (u) => u.username === authInfo.username
+      );
+      if (user && user.banned) {
+        return NextResponse.json({ error: '用户已被封禁' }, { status: 401 });
+      }
+    }
+
    const body = await request.json();
    const { key, record }: { key: string; record: PlayRecord } = body;

@@ -87,6 +110,17 @@ export async function DELETE(request: NextRequest) {
      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
    }

+    const config = await getConfig();
+    if (config.UserConfig.Users) {
+      // 检查用户是否被封禁
+      const user = config.UserConfig.Users.find(
+        (u) => u.username === authInfo.username
+      );
+      if (user && user.banned) {
+        return NextResponse.json({ error: '用户已被封禁' }, { status: 401 });
+      }
+    }
+
    const username = authInfo.username;
    const { searchParams } = new URL(request.url);
    const key = searchParams.get('key');
--- a/src/app/api/searchhistory/route.ts
+++ b/src/app/api/searchhistory/route.ts
@@ -3,6 +3,7 @@
 import { NextRequest, NextResponse } from 'next/server';

 import { getAuthInfoFromCookie } from '@/lib/auth';
+import { getConfig } from '@/lib/config';
 import { db } from '@/lib/db';

 export const runtime = 'edge';
@@ -22,6 +23,17 @@ export async function GET(request: NextRequest) {
      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
    }

+    const config = await getConfig();
+    if (config.UserConfig.Users) {
+      // 检查用户是否被封禁
+      const user = config.UserConfig.Users.find(
+        (u) => u.username === authInfo.username
+      );
+      if (user && user.banned) {
+        return NextResponse.json({ error: '用户已被封禁' }, { status: 401 });
+      }
+    }
+
    const history = await db.getSearchHistory(authInfo.username);
    return NextResponse.json(history, { status: 200 });
  } catch (err) {
@@ -45,6 +57,17 @@ export async function POST(request: NextRequest) {
      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
    }

+    const config = await getConfig();
+    if (config.UserConfig.Users) {
+      // 检查用户是否被封禁
+      const user = config.UserConfig.Users.find(
+        (u) => u.username === authInfo.username
+      );
+      if (user && user.banned) {
+        return NextResponse.json({ error: '用户已被封禁' }, { status: 401 });
+      }
+    }
+
    const body = await request.json();
    const keyword: string = body.keyword?.trim();

@@ -83,6 +106,17 @@ export async function DELETE(request: NextRequest) {
      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
    }

+    const config = await getConfig();
+    if (config.UserConfig.Users) {
+      // 检查用户是否被封禁
+      const user = config.UserConfig.Users.find(
+        (u) => u.username === authInfo.username
+      );
+      if (user && user.banned) {
+        return NextResponse.json({ error: '用户已被封禁' }, { status: 401 });
+      }
+    }
+
    const { searchParams } = new URL(request.url);
    const kw = searchParams.get('keyword')?.trim();

--- a/src/app/api/skipconfigs/route.ts
+++ b/src/app/api/skipconfigs/route.ts
@@ -3,6 +3,7 @@
 import { NextRequest, NextResponse } from 'next/server';

 import { getAuthInfoFromCookie } from '@/lib/auth';
+import { getConfig } from '@/lib/config';
 import { db } from '@/lib/db';
 import { SkipConfig } from '@/lib/types';

@@ -15,6 +16,17 @@ export async function GET(request: NextRequest) {
      return NextResponse.json({ error: '未登录' }, { status: 401 });
    }

+    const config = await getConfig();
+    if (config.UserConfig.Users) {
+      // 检查用户是否被封禁
+      const user = config.UserConfig.Users.find(
+        (u) => u.username === authInfo.username
+      );
+      if (user && user.banned) {
+        return NextResponse.json({ error: '用户已被封禁' }, { status: 401 });
+      }
+    }
+
    const { searchParams } = new URL(request.url);
    const source = searchParams.get('source');
    const id = searchParams.get('id');
@@ -44,6 +56,17 @@ export async function POST(request: NextRequest) {
      return NextResponse.json({ error: '未登录' }, { status: 401 });
    }

+    const adminConfig = await getConfig();
+    if (adminConfig.UserConfig.Users) {
+      // 检查用户是否被封禁
+      const user = adminConfig.UserConfig.Users.find(
+        (u) => u.username === authInfo.username
+      );
+      if (user && user.banned) {
+        return NextResponse.json({ error: '用户已被封禁' }, { status: 401 });
+      }
+    }
+
    const body = await request.json();
    const { key, config } = body;

@@ -83,6 +106,17 @@ export async function DELETE(request: NextRequest) {
      return NextResponse.json({ error: '未登录' }, { status: 401 });
    }

+    const adminConfig = await getConfig();
+    if (adminConfig.UserConfig.Users) {
+      // 检查用户是否被封禁
+      const user = adminConfig.UserConfig.Users.find(
+        (u) => u.username === authInfo.username
+      );
+      if (user && user.banned) {
+        return NextResponse.json({ error: '用户已被封禁' }, { status: 401 });
+      }
+    }
+
    const { searchParams } = new URL(request.url);
    const key = searchParams.get('key');

--- a/src/lib/db.client.ts
+++ b/src/lib/db.client.ts
@@ -414,6 +414,15 @@ async function fetchWithAuth(
  if (!res.ok) {
    // 如果是 401 未授权，跳转到登录页面
    if (res.status === 401) {
+      // 调用 logout 接口
+      try {
+        await fetch('/api/logout', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+        });
+      } catch (error) {
+        console.error('注销请求失败:', error);
+      }
      const currentUrl = window.location.pathname + window.location.search;
      const loginUrl = new URL('/login', window.location.origin);
      loginUrl.searchParams.set('redirect', currentUrl);
--- a/src/lib/version.ts
+++ b/src/lib/version.ts
@@ -2,7 +2,7 @@

 'use client';

-const CURRENT_VERSION = '20250806184650';
+const CURRENT_VERSION = '20250806191001';

 // 版本检查结果枚举
 export enum UpdateStatus {