mirror of
https://github.com/MoonTechLab/LunaTV.git
synced 2026-02-26 22:24:42 +08:00
feat: limit config file edit to owner
This commit is contained in:
shinya
@@ -28,14 +28,12 @@ export async function POST(request: NextRequest) {
|
||||
let adminConfig = await getConfig();
|
||||
const storage = getStorage();
|
||||
|
||||
// 仅站长可以修改配置文件
|
||||
if (username !== process.env.USERNAME) {
|
||||
const user = adminConfig.UserConfig.Users.find((u) => u.username === username);
|
||||
if (!user || user.role !== 'admin' || user.banned) {
|
||||
return NextResponse.json(
|
||||
{ error: '权限不足,只有管理员可以修改配置文件' },
|
||||
{ status: 403 }
|
||||
);
|
||||
}
|
||||
return NextResponse.json(
|
||||
{ error: '权限不足,只有站长可以修改配置文件' },
|
||||
{ status: 403 }
|
||||
);
|
||||
}
|
||||
|
||||
// 获取请求体
|
||||
|
||||
@@ -1,7 +1,24 @@
|
||||
/* eslint-disable no-console */
|
||||
|
||||
import { NextRequest, NextResponse } from 'next/server';
|
||||
|
||||
import { getAuthInfoFromCookie } from '@/lib/auth';
|
||||
|
||||
export async function POST(request: NextRequest) {
|
||||
try {
|
||||
// 权限检查:仅站长可以拉取配置订阅
|
||||
const authInfo = getAuthInfoFromCookie(request);
|
||||
if (!authInfo || !authInfo.username) {
|
||||
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
|
||||
}
|
||||
|
||||
if (authInfo.username !== process.env.USERNAME) {
|
||||
return NextResponse.json(
|
||||
{ error: '权限不足,只有站长可以拉取配置订阅' },
|
||||
{ status: 403 }
|
||||
);
|
||||
}
|
||||
|
||||
const { url } = await request.json();
|
||||
|
||||
if (!url) {
|
||||
@@ -27,7 +44,7 @@ export async function POST(request: NextRequest) {
|
||||
const decodedBytes = bs58.decode(configContent);
|
||||
decodedContent = new TextDecoder().decode(decodedBytes);
|
||||
} catch (decodeError) {
|
||||
console.warn('Base58 解码失败,返回原始内容:', decodeError);
|
||||
console.warn('Base58 解码失败', decodeError);
|
||||
throw decodeError;
|
||||
}
|
||||
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
/* eslint-disable no-console */
|
||||
/* eslint-disable no-console,@typescript-eslint/no-explicit-any */
|
||||
|
||||
import { NextRequest, NextResponse } from 'next/server';
|
||||
|
||||
import { getConfig, refineConfig } from '@/lib/config';
|
||||
import { db, getStorage } from '@/lib/db';
|
||||
import { fetchVideoDetail } from '@/lib/fetchVideoDetail';
|
||||
import { SearchResult } from '@/lib/types';
|
||||
import { getConfig, refineConfig } from '@/lib/config';
|
||||
|
||||
export const runtime = 'edge';
|
||||
|
||||
|
||||
@@ -1,3 +1,5 @@
|
||||
/* eslint-disable no-console */
|
||||
|
||||
import { NextRequest, NextResponse } from 'next/server';
|
||||
|
||||
import { getAvailableApiSites } from '@/lib/config';
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
/* eslint-disable no-console */
|
||||
|
||||
import { NextRequest, NextResponse } from 'next/server';
|
||||
import { CURRENT_VERSION } from '@/lib/version'
|
||||
|
||||
import { getConfig } from '@/lib/config';
|
||||
import { CURRENT_VERSION } from '@/lib/version'
|
||||
|
||||
export const runtime = 'edge';
|
||||
|
||||
|
||||
Reference in New Issue
Block a user