From 317e0a6370f2a5afc4865aa54ea1b8d93e4133c0 Mon Sep 17 00:00:00 2001
From: Martial BE <me@xiao5.info>
Date: Sun, 28 Apr 2024 10:25:33 +0800
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20fix:=20playground=20gets=20token?=
 =?UTF-8?q?=20without=20verifying=20user's=20identity?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 controller/token.go | 5 +++--
 model/token.go      | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/controller/token.go b/controller/token.go
index efbcac5d..d87391db 100644
--- a/controller/token.go
+++ b/controller/token.go
@@ -56,10 +56,11 @@ func GetToken(c *gin.Context) {
 
 func GetPlaygroundToken(c *gin.Context) {
 	tokenName := "sys_playground"
-	token, err := model.GetTokenByName(tokenName)
+	userId := c.GetInt("id")
+	token, err := model.GetTokenByName(tokenName, userId)
 	if err != nil {
 		cleanToken := model.Token{
-			UserId:         c.GetInt("id"),
+			UserId:         userId,
 			Name:           tokenName,
 			Key:            common.GenerateKey(),
 			CreatedTime:    common.GetTimestamp(),
diff --git a/model/token.go b/model/token.go
index f3a85ee8..44f85601 100644
--- a/model/token.go
+++ b/model/token.go
@@ -115,13 +115,13 @@ func GetTokenById(id int) (*Token, error) {
 	return &token, err
 }
 
-func GetTokenByName(name string) (*Token, error) {
+func GetTokenByName(name string, user_id int) (*Token, error) {
 	if name == "" {
 		return nil, errors.New("name 为空！")
 	}
 	token := Token{Name: name}
 	var err error = nil
-	err = DB.First(&token, "name = ?", name).Error
+	err = DB.First(&token, "user_id = ? and name = ?", user_id, name).Error
 	return &token, err
 }