Ecosystem/ai-gateway
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🐛 fix: playground gets token without verifying user's identity

Browse Source
This commit is contained in:
Martial BE 2024-04-28 10:25:33 +08:00
parent 490fb4c749
commit 317e0a6370
No known key found for this signature in database
GPG Key ID: D06C32DF0EDB9084
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
controller/token.go
View File

@ -56,10 +56,11 @@ func GetToken(c *gin.Context) {
func GetPlaygroundToken(c *gin.Context) { func GetPlaygroundToken(c *gin.Context) {
tokenName := "sys_playground" tokenName := "sys_playground"
token, err := model.GetTokenByName(tokenName) userId := c.GetInt("id")
token, err := model.GetTokenByName(tokenName, userId)
if err != nil { if err != nil {
cleanToken := model.Token{ cleanToken := model.Token{
UserId: c.GetInt("id"), UserId: userId,
Name: tokenName, Name: tokenName,
Key: common.GenerateKey(), Key: common.GenerateKey(),
CreatedTime: common.GetTimestamp(), CreatedTime: common.GetTimestamp(),

4
model/token.go
View File

@ -115,13 +115,13 @@ func GetTokenById(id int) (*Token, error) {
return &token, err return &token, err
} }
func GetTokenByName(name string) (*Token, error) { func GetTokenByName(name string, user_id int) (*Token, error) {
if name == "" { if name == "" {
return nil, errors.New("name 为空!") return nil, errors.New("name 为空!")
} }
token := Token{Name: name} token := Token{Name: name}
var err error = nil var err error = nil
err = DB.First(&token, "name = ?", name).Error err = DB.First(&token, "user_id = ? and name = ?", user_id, name).Error
return &token, err return &token, err
} }