diff --git a/VERSION.txt b/VERSION.txt index 20295b7..f78d75c 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -20250806184650 \ No newline at end of file +20250806191001 \ No newline at end of file diff --git a/src/app/api/admin/category/route.ts b/src/app/api/admin/category/route.ts index 2c1a0d7..86583e7 100644 --- a/src/app/api/admin/category/route.ts +++ b/src/app/api/admin/category/route.ts @@ -60,7 +60,7 @@ export async function POST(request: NextRequest) { const userEntry = adminConfig.UserConfig.Users.find( (u) => u.username === username ); - if (!userEntry || userEntry.role !== 'admin') { + if (!userEntry || userEntry.role !== 'admin' || userEntry.banned) { return NextResponse.json({ error: '权限不足' }, { status: 401 }); } } diff --git a/src/app/api/admin/config/route.ts b/src/app/api/admin/config/route.ts index f016459..f3632a6 100644 --- a/src/app/api/admin/config/route.ts +++ b/src/app/api/admin/config/route.ts @@ -35,7 +35,7 @@ export async function GET(request: NextRequest) { result.Role = 'owner'; } else { const user = config.UserConfig.Users.find((u) => u.username === username); - if (user && user.role === 'admin') { + if (user && user.role === 'admin' && !user.banned) { result.Role = 'admin'; } else { return NextResponse.json( diff --git a/src/app/api/admin/site/route.ts b/src/app/api/admin/site/route.ts index ec4d00b..bbb6af4 100644 --- a/src/app/api/admin/site/route.ts +++ b/src/app/api/admin/site/route.ts @@ -68,7 +68,7 @@ export async function POST(request: NextRequest) { const user = adminConfig.UserConfig.Users.find( (u) => u.username === username ); - if (!user || user.role !== 'admin') { + if (!user || user.role !== 'admin' || user.banned) { return NextResponse.json({ error: '权限不足' }, { status: 401 }); } } diff --git a/src/app/api/admin/source/route.ts b/src/app/api/admin/source/route.ts index 716b4cc..e77b841 100644 --- a/src/app/api/admin/source/route.ts +++ b/src/app/api/admin/source/route.ts @@ -52,7 +52,7 @@ export async function POST(request: NextRequest) { const userEntry = adminConfig.UserConfig.Users.find( (u) => u.username === username ); - if (!userEntry || userEntry.role !== 'admin') { + if (!userEntry || userEntry.role !== 'admin' || userEntry.banned) { return NextResponse.json({ error: '权限不足' }, { status: 401 }); } } diff --git a/src/app/api/admin/user/route.ts b/src/app/api/admin/user/route.ts index 9c1cd92..7eb5ba5 100644 --- a/src/app/api/admin/user/route.ts +++ b/src/app/api/admin/user/route.ts @@ -85,7 +85,7 @@ export async function POST(request: NextRequest) { const userEntry = adminConfig.UserConfig.Users.find( (u) => u.username === username ); - if (!userEntry || userEntry.role !== 'admin') { + if (!userEntry || userEntry.role !== 'admin' || userEntry.banned) { return NextResponse.json({ error: '权限不足' }, { status: 401 }); } operatorRole = 'admin'; diff --git a/src/app/api/favorites/route.ts b/src/app/api/favorites/route.ts index ff83038..0273dac 100644 --- a/src/app/api/favorites/route.ts +++ b/src/app/api/favorites/route.ts @@ -3,6 +3,7 @@ import { NextRequest, NextResponse } from 'next/server'; import { getAuthInfoFromCookie } from '@/lib/auth'; +import { getConfig } from '@/lib/config'; import { db } from '@/lib/db'; import { Favorite } from '@/lib/types'; @@ -23,6 +24,17 @@ export async function GET(request: NextRequest) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }); } + const config = await getConfig(); + if (config.UserConfig.Users) { + // 检查用户是否被封禁 + const user = config.UserConfig.Users.find( + (u) => u.username === authInfo.username + ); + if (user && user.banned) { + return NextResponse.json({ error: '用户已被封禁' }, { status: 401 }); + } + } + const { searchParams } = new URL(request.url); const key = searchParams.get('key'); @@ -63,6 +75,17 @@ export async function POST(request: NextRequest) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }); } + const config = await getConfig(); + if (config.UserConfig.Users) { + // 检查用户是否被封禁 + const user = config.UserConfig.Users.find( + (u) => u.username === authInfo.username + ); + if (user && user.banned) { + return NextResponse.json({ error: '用户已被封禁' }, { status: 401 }); + } + } + const body = await request.json(); const { key, favorite }: { key: string; favorite: Favorite } = body; @@ -120,6 +143,17 @@ export async function DELETE(request: NextRequest) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }); } + const config = await getConfig(); + if (config.UserConfig.Users) { + // 检查用户是否被封禁 + const user = config.UserConfig.Users.find( + (u) => u.username === authInfo.username + ); + if (user && user.banned) { + return NextResponse.json({ error: '用户已被封禁' }, { status: 401 }); + } + } + const username = authInfo.username; const { searchParams } = new URL(request.url); const key = searchParams.get('key'); diff --git a/src/app/api/playrecords/route.ts b/src/app/api/playrecords/route.ts index aabdea0..d7b4275 100644 --- a/src/app/api/playrecords/route.ts +++ b/src/app/api/playrecords/route.ts @@ -3,6 +3,7 @@ import { NextRequest, NextResponse } from 'next/server'; import { getAuthInfoFromCookie } from '@/lib/auth'; +import { getConfig } from '@/lib/config'; import { db } from '@/lib/db'; import { PlayRecord } from '@/lib/types'; @@ -16,6 +17,17 @@ export async function GET(request: NextRequest) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }); } + const config = await getConfig(); + if (config.UserConfig.Users) { + // 检查用户是否被封禁 + const user = config.UserConfig.Users.find( + (u) => u.username === authInfo.username + ); + if (user && user.banned) { + return NextResponse.json({ error: '用户已被封禁' }, { status: 401 }); + } + } + const records = await db.getAllPlayRecords(authInfo.username); return NextResponse.json(records, { status: 200 }); } catch (err) { @@ -35,6 +47,17 @@ export async function POST(request: NextRequest) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }); } + const config = await getConfig(); + if (config.UserConfig.Users) { + // 检查用户是否被封禁 + const user = config.UserConfig.Users.find( + (u) => u.username === authInfo.username + ); + if (user && user.banned) { + return NextResponse.json({ error: '用户已被封禁' }, { status: 401 }); + } + } + const body = await request.json(); const { key, record }: { key: string; record: PlayRecord } = body; @@ -87,6 +110,17 @@ export async function DELETE(request: NextRequest) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }); } + const config = await getConfig(); + if (config.UserConfig.Users) { + // 检查用户是否被封禁 + const user = config.UserConfig.Users.find( + (u) => u.username === authInfo.username + ); + if (user && user.banned) { + return NextResponse.json({ error: '用户已被封禁' }, { status: 401 }); + } + } + const username = authInfo.username; const { searchParams } = new URL(request.url); const key = searchParams.get('key'); diff --git a/src/app/api/searchhistory/route.ts b/src/app/api/searchhistory/route.ts index 3e372ba..4d24f73 100644 --- a/src/app/api/searchhistory/route.ts +++ b/src/app/api/searchhistory/route.ts @@ -3,6 +3,7 @@ import { NextRequest, NextResponse } from 'next/server'; import { getAuthInfoFromCookie } from '@/lib/auth'; +import { getConfig } from '@/lib/config'; import { db } from '@/lib/db'; export const runtime = 'edge'; @@ -22,6 +23,17 @@ export async function GET(request: NextRequest) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }); } + const config = await getConfig(); + if (config.UserConfig.Users) { + // 检查用户是否被封禁 + const user = config.UserConfig.Users.find( + (u) => u.username === authInfo.username + ); + if (user && user.banned) { + return NextResponse.json({ error: '用户已被封禁' }, { status: 401 }); + } + } + const history = await db.getSearchHistory(authInfo.username); return NextResponse.json(history, { status: 200 }); } catch (err) { @@ -45,6 +57,17 @@ export async function POST(request: NextRequest) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }); } + const config = await getConfig(); + if (config.UserConfig.Users) { + // 检查用户是否被封禁 + const user = config.UserConfig.Users.find( + (u) => u.username === authInfo.username + ); + if (user && user.banned) { + return NextResponse.json({ error: '用户已被封禁' }, { status: 401 }); + } + } + const body = await request.json(); const keyword: string = body.keyword?.trim(); @@ -83,6 +106,17 @@ export async function DELETE(request: NextRequest) { return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }); } + const config = await getConfig(); + if (config.UserConfig.Users) { + // 检查用户是否被封禁 + const user = config.UserConfig.Users.find( + (u) => u.username === authInfo.username + ); + if (user && user.banned) { + return NextResponse.json({ error: '用户已被封禁' }, { status: 401 }); + } + } + const { searchParams } = new URL(request.url); const kw = searchParams.get('keyword')?.trim(); diff --git a/src/app/api/skipconfigs/route.ts b/src/app/api/skipconfigs/route.ts index b14c525..9bf89b3 100644 --- a/src/app/api/skipconfigs/route.ts +++ b/src/app/api/skipconfigs/route.ts @@ -3,6 +3,7 @@ import { NextRequest, NextResponse } from 'next/server'; import { getAuthInfoFromCookie } from '@/lib/auth'; +import { getConfig } from '@/lib/config'; import { db } from '@/lib/db'; import { SkipConfig } from '@/lib/types'; @@ -15,6 +16,17 @@ export async function GET(request: NextRequest) { return NextResponse.json({ error: '未登录' }, { status: 401 }); } + const config = await getConfig(); + if (config.UserConfig.Users) { + // 检查用户是否被封禁 + const user = config.UserConfig.Users.find( + (u) => u.username === authInfo.username + ); + if (user && user.banned) { + return NextResponse.json({ error: '用户已被封禁' }, { status: 401 }); + } + } + const { searchParams } = new URL(request.url); const source = searchParams.get('source'); const id = searchParams.get('id'); @@ -44,6 +56,17 @@ export async function POST(request: NextRequest) { return NextResponse.json({ error: '未登录' }, { status: 401 }); } + const adminConfig = await getConfig(); + if (adminConfig.UserConfig.Users) { + // 检查用户是否被封禁 + const user = adminConfig.UserConfig.Users.find( + (u) => u.username === authInfo.username + ); + if (user && user.banned) { + return NextResponse.json({ error: '用户已被封禁' }, { status: 401 }); + } + } + const body = await request.json(); const { key, config } = body; @@ -83,6 +106,17 @@ export async function DELETE(request: NextRequest) { return NextResponse.json({ error: '未登录' }, { status: 401 }); } + const adminConfig = await getConfig(); + if (adminConfig.UserConfig.Users) { + // 检查用户是否被封禁 + const user = adminConfig.UserConfig.Users.find( + (u) => u.username === authInfo.username + ); + if (user && user.banned) { + return NextResponse.json({ error: '用户已被封禁' }, { status: 401 }); + } + } + const { searchParams } = new URL(request.url); const key = searchParams.get('key'); diff --git a/src/lib/db.client.ts b/src/lib/db.client.ts index 76ebdcd..56d3b0a 100644 --- a/src/lib/db.client.ts +++ b/src/lib/db.client.ts @@ -414,6 +414,15 @@ async function fetchWithAuth( if (!res.ok) { // 如果是 401 未授权,跳转到登录页面 if (res.status === 401) { + // 调用 logout 接口 + try { + await fetch('/api/logout', { + method: 'POST', + headers: { 'Content-Type': 'application/json' }, + }); + } catch (error) { + console.error('注销请求失败:', error); + } const currentUrl = window.location.pathname + window.location.search; const loginUrl = new URL('/login', window.location.origin); loginUrl.searchParams.set('redirect', currentUrl); diff --git a/src/lib/version.ts b/src/lib/version.ts index 2fd213c..478196a 100644 --- a/src/lib/version.ts +++ b/src/lib/version.ts @@ -2,7 +2,7 @@ 'use client'; -const CURRENT_VERSION = '20250806184650'; +const CURRENT_VERSION = '20250806191001'; // 版本检查结果枚举 export enum UpdateStatus {