Feature/fix disable site (#825)

2023-08-13 17:32:23 +08:00
parent 8e15ba6cd6
commit 48a303b8e9
4 changed files with 32 additions and 10 deletions
--- a/api/controllers/web/wraps.py
+++ b/api/controllers/web/wraps.py
@@ -6,7 +6,7 @@ from flask_restful import Resource
 from werkzeug.exceptions import NotFound, Unauthorized

 from extensions.ext_database import db
-from models.model import App, EndUser
+from models.model import App, EndUser, Site
 from libs.passport import PassportService

 def validate_jwt_token(view=None):
@@ -35,9 +35,13 @@ def decode_jwt_token():
    if auth_scheme != 'bearer':
        raise Unauthorized('Invalid Authorization header format. Expected \'Bearer <api-key>\' format.')
    decoded = PassportService().verify(tk)
+    app_code = decoded.get('app_code')
    app_model = db.session.query(App).filter(App.id == decoded['app_id']).first()
+    site = db.session.query(Site).filter(Site.code == app_code).first()
    if not app_model:
        raise NotFound()
+    if not app_code and not site:
+        raise Unauthorized('Site URL is no longer valid.')
    if app_model.enable_site is False:
        raise Unauthorized('Site is disabled.')
    end_user = db.session.query(EndUser).filter(EndUser.id == decoded['end_user_id']).first()