yumoqing/rbac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: verify user exists before returning existing apikey in usersync, clean stale downapikey records

Browse Source
This commit is contained in:
yumoqing 2026-05-12 18:13:50 +08:00
parent 09acce0637
commit f1ed6ad151
1 changed files with 78 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

141
wwwroot/usersync/index.dspy
View File

@ -71,27 +71,34 @@ async with db.sqlorContext(dbname) as sor:
) )
return json.dumps(result, ensure_ascii=False) return json.dumps(result, ensure_ascii=False)
# 否则自己创建apikey # 否则自己创建apikey
# 检查apikey是否已存在 # 检查apikey是否已存在
existing = await sor.R('downapikey', { existing = await sor.R('downapikey', {
'dappid': dappid, 'dappid': dappid,
'duserid': user_id, 'duserid': user_id,
'dorgid': user_orgid 'dorgid': user_orgid
}) })
if existing: if existing:
apikey = password_decode(existing[0].apikey) # 验证用户是否存在
return json.dumps({ user_check = await sor.R('users', {'id': existing[0].userid})
'status': 'success', if not user_check:
'data': [{ # 脏数据downapikey 存在但用户已删除,清理后重新创建
'user_id': user_id, await sor.D('downapikey', {'id': existing[0].id})
'username': user_data.get('username', ''), existing = None
'apikey': apikey, else:
'status': 'existing' apikey = password_decode(existing[0].apikey)
}] return json.dumps({
}, ensure_ascii=False) 'status': 'success',
'data': [{
# 创建新apikey 'user_id': user_id,
'username': user_data.get('username', ''),
'apikey': apikey,
'status': 'existing'
}]
}, ensure_ascii=False)
# 创建新apikey
apikey_id = getID() apikey_id = getID()
apikey_value = getID() apikey_value = getID()
@ -160,48 +167,56 @@ async with db.sqlorContext(dbname) as sor:
'status': result.get('message', 'created'), 'status': result.get('message', 'created'),
'result_status': result.get('status') 'result_status': result.get('status')
}) })
else: else:
# 检查apikey是否已存在 # 检查apikey是否已存在
existing = await sor.R('downapikey', { existing = await sor.R('downapikey', {
'dappid': dappid, 'dappid': dappid,
'duserid': user_id, 'duserid': user_id,
'dorgid': user_orgid 'dorgid': user_orgid
}) })
if existing: if existing:
apikey = password_decode(existing[0].apikey) # 验证用户是否存在
result_data.append({ user_check = await sor.R('users', {'id': existing[0].userid})
'user_id': user_id, if not user_check:
'username': user_data.get('username', ''), # 脏数据,清理后重新创建
'apikey': apikey, await sor.D('downapikey', {'id': existing[0].id})
'status': 'existing' existing = None
}) else:
else: apikey = password_decode(existing[0].apikey)
# 创建新apikey result_data.append({
apikey_id = getID() 'user_id': user_id,
apikey_value = getID() 'username': user_data.get('username', ''),
'apikey': apikey,
ns = { 'status': 'existing'
'id': apikey_id, })
'dappid': dappid, continue
'dorgid': user_orgid, else:
'duserid': user_id, # 创建新apikey
'orgid': user_orgid, apikey_id = getID()
'userid': user_id, apikey_value = getID()
'apikey': password_encode(apikey_value),
'enabled': '1', ns = {
'created_at': datetime.now().strftime('%Y-%m-%d'), 'id': apikey_id,
'expired_date': '9999-12-31' 'dappid': dappid,
} 'dorgid': user_orgid,
'duserid': user_id,
await sor.C('downapikey', ns) 'orgid': user_orgid,
'userid': user_id,
result_data.append({ 'apikey': password_encode(apikey_value),
'user_id': user_id, 'enabled': '1',
'username': user_data.get('username', ''), 'created_at': datetime.now().strftime('%Y-%m-%d'),
'apikey': apikey_value, 'expired_date': '9999-12-31'
'status': 'created' }
})
await sor.C('downapikey', ns)
result_data.append({
'user_id': user_id,
'username': user_data.get('username', ''),
'apikey': apikey_value,
'status': 'created'
})
return json.dumps({ return json.dumps({
'status': 'success', 'status': 'success',