fix: check user status when validating token (#23)

2023-04-27 15:05:33 +08:00 · 2023-04-27 15:05:33 +08:00 · 54b1e4adef
commit 54b1e4adef
parent 9272884381
2 changed files with 23 additions and 0 deletions
--- a/middleware/auth.go
+++ b/middleware/auth.go
@ -98,6 +98,16 @@ func TokenAuth() func(c *gin.Context) {
 			c.Abort()
 			return
 		}
 		if !model.IsUserEnabled(token.UserId) {
 			c.JSON(http.StatusOK, gin.H{
 				"error": gin.H{
 					"message": "用户已被封禁",
 					"type":    "one_api_error",
 				},
 			})
 			c.Abort()
 			return
 		}
 		c.Set("id", token.UserId)
 		c.Set("token_id", token.Id)
 		c.Set("unlimited_times", token.UnlimitedTimes)
--- a/model/user.go
+++ b/model/user.go
@ -195,6 +195,19 @@ func IsAdmin(userId int) bool {
 	return user.Role >= common.RoleAdminUser
 }
 func IsUserEnabled(userId int) bool {
 	if userId == 0 {
 		return false
 	}
 	var user User
 	err := DB.Where("id = ?", userId).Select("status").Find(&user).Error
 	if err != nil {
 		common.SysError("No such user " + err.Error())
 		return false
 	}
 	return user.Status == common.UserStatusEnabled
 }
 func ValidateAccessToken(token string) (user *User) {
 	if token == "" {
 		return nil