🐛 fix: playground gets token without verifying user's identity

2024-04-28 10:25:33 +08:00 · 2024-04-28 10:25:33 +08:00 · 317e0a6370
commit 317e0a6370
parent 490fb4c749
2 changed files with 5 additions and 4 deletions
--- a/controller/token.go
+++ b/controller/token.go
@ -56,10 +56,11 @@ func GetToken(c *gin.Context) {

 func GetPlaygroundToken(c *gin.Context) {
 	tokenName := "sys_playground"
-	token, err := model.GetTokenByName(tokenName)
+	userId := c.GetInt("id")
+	token, err := model.GetTokenByName(tokenName, userId)
 	if err != nil {
 		cleanToken := model.Token{
-			UserId:         c.GetInt("id"),
+			UserId:         userId,
 			Name:           tokenName,
 			Key:            common.GenerateKey(),
 			CreatedTime:    common.GetTimestamp(),
--- a/model/token.go
+++ b/model/token.go
@ -115,13 +115,13 @@ func GetTokenById(id int) (*Token, error) {
 	return &token, err
 }

-func GetTokenByName(name string) (*Token, error) {
+func GetTokenByName(name string, user_id int) (*Token, error) {
 	if name == "" {
 		return nil, errors.New("name 为空！")
 	}
 	token := Token{Name: name}
 	var err error = nil
-	err = DB.First(&token, "name = ?", name).Error
+	err = DB.First(&token, "user_id = ? and name = ?", user_id, name).Error
 	return &token, err
 }