fix: verify user exists before returning existing apikey in create_user_apikey
This commit is contained in:
parent
5fc90a8033
commit
b2369cd00c
25
dapi/dapi.py
25
dapi/dapi.py
@ -227,15 +227,22 @@ async def create_user_apikey(sor, dappid, user_id, user_orgid, **kwargs):
|
|||||||
})
|
})
|
||||||
|
|
||||||
if existing:
|
if existing:
|
||||||
# 返回现有apikey
|
# 验证关联的 users 记录是否仍然存在
|
||||||
f = get_serverenv('password_decode')
|
user_records = await sor.R('users', {'id': existing[0].userid})
|
||||||
apikey = f(existing[0].apikey)
|
if not user_records:
|
||||||
return {
|
# downapikey 有记录但 users 表无对应用户(脏数据),清理后重新创建
|
||||||
'status': 'success',
|
debug(f'create_user_apikey: downapikey exists but user {existing[0].userid} not found, recreating')
|
||||||
'apikey': apikey,
|
await sor.D('downapikey', {'id': existing[0].id})
|
||||||
'user_id': user_id,
|
else:
|
||||||
'message': '用户apikey已存在'
|
# 返回现有apikey
|
||||||
}
|
f = get_serverenv('password_decode')
|
||||||
|
apikey = f(existing[0].apikey)
|
||||||
|
return {
|
||||||
|
'status': 'success',
|
||||||
|
'apikey': apikey,
|
||||||
|
'user_id': user_id,
|
||||||
|
'message': '用户apikey已存在'
|
||||||
|
}
|
||||||
|
|
||||||
# 创建新apikey
|
# 创建新apikey
|
||||||
apikey_id = getID()
|
apikey_id = getID()
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user