Skip to content

Commit

Permalink
fix: remove cors whitelist
Browse files Browse the repository at this point in the history
  • Loading branch information
RaoHai committed Sep 26, 2024
1 parent 4a02727 commit 03a5cd5
Showing 1 changed file with 5 additions and 4 deletions.
9 changes: 5 additions & 4 deletions server/auth/middleware.py
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import traceback
from typing import Awaitable, Callable
from fastapi import HTTPException, Request, status
from fastapi.responses import JSONResponse
Expand Down Expand Up @@ -33,18 +34,18 @@ class AuthMiddleWare(BaseHTTPMiddleware):
async def oauth(self, request: Request):
try:
referer = request.headers.get('referer')
origin = request.headers.get('origin')
if referer and referer.startswith(WEB_URL):
return True

token = await oauth2_scheme(request=request)

if token:
bot_dao = BotDAO()
bot = bot_dao.get_bot(bot_id=token)
return bot and (
"*" in bot.domain_whitelist
or
referer in bot.domain_whitelist
origin in bot.domain_whitelist
)
except HTTPException:
return False
Expand All @@ -65,7 +66,7 @@ async def dispatch(self, request: Request, call_next: Callable[[Request], Awaita
return await call_next(request)

# 获取 session 中的用户信息
user = request.session.get("user")
user = request.session.get("user")
if not user:
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Unauthorized")

Expand All @@ -78,7 +79,7 @@ async def dispatch(self, request: Request, call_next: Callable[[Request], Awaita

return await call_next(request)
except HTTPException as e:

print(traceback.format_exception(e))
# 处理 HTTP 异常
return JSONResponse(status_code=e.status_code, content={"detail": e.detail})
except Exception as e:
Expand Down

0 comments on commit 03a5cd5

Please sign in to comment.