wpic-dev/datahub
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update api key

Browse Source
This commit is contained in:
Nick Zeng
2026-04-02 14:41:31 +08:00
parent 3a2b175028
commit d28a014209
4 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/app/Middleware/AuthMiddleware.php
+7
View File
@@ -94,6 +94,13 @@ class AuthMiddleware implements MiddlewareInterface
])->withStatus(401); ])->withStatus(401);
} }
if (!$api_key->enabled) {
return $this->response->json([
'code' => 403,
'message' => '该 API Key 已被禁用',
])->withStatus(403);
}
$user = $api_key->user; $user = $api_key->user;
if (!$user || $user->status !== 1) { if (!$user || $user->status !== 1) {
backend/app/Model/ApiKey.php
-1
View File
@@ -86,7 +86,6 @@ class ApiKey extends Model
return static::query() return static::query()
->where('key_hash', $hash) ->where('key_hash', $hash)
->where('enabled', true)
->where(function ($query): void { ->where(function ($query): void {
$query->whereNull('expires_at') $query->whereNull('expires_at')
->orWhere('expires_at', '>', \Carbon\Carbon::now()); ->orWhere('expires_at', '>', \Carbon\Carbon::now());
backend/test/Cases/Integration/Auth/ApiKeyGlobalSwitchTest.php
+4 -2
View File
@@ -101,8 +101,10 @@ class ApiKeyGlobalSwitchTest extends TestCase
'X-API-Key' => $result['plain_key'], 'X-API-Key' => $result['plain_key'],
]); ]);
// ApiKey::findByPlainKey() 查询条件包含 enabled=true,所以禁用的 Key 返回 401(无效 Key // 禁用的 Key 返回 403(已被禁用),区别于无效/过期 Key 的 401
$response->assertStatus(401); $response->assertStatus(403);
$body = json_decode($response->getBody()->getContents(), true);
$this->assertStringContainsString('已被禁用', $body['message']);
$user->forceDelete(); $user->forceDelete();
} }
backend/test/Cases/Unit/Model/ApiKeyTest.php
+3 -2
View File
@@ -102,7 +102,7 @@ class ApiKeyTest extends TestCase
}); });
} }
public function test_find_by_plain_key_excludes_disabled_key(): void public function test_find_by_plain_key_returns_disabled_key(): void
{ {
$this->runInCoroutine(function (): void { $this->runInCoroutine(function (): void {
$user = $this->createTestUser(); $user = $this->createTestUser();
@@ -112,7 +112,8 @@ class ApiKeyTest extends TestCase
$result['api_key']->save(); $result['api_key']->save();
$found = ApiKey::findByPlainKey($result['plain_key']); $found = ApiKey::findByPlainKey($result['plain_key']);
$this->assertNull($found); $this->assertNotNull($found);
$this->assertFalse($found->enabled);
}); });
} }