fix:auth bug

Author: whxxxxxxxxxx

build/server

@@ -1,13 +1,13 @@
 {
   "files": {
     "main.css": "/static/css/main.d802e3cd.css",
-    "main.js": "/static/js/main.4a33c7d9.js",
+    "main.js": "/static/js/main.20b2f18c.js",
     "index.html": "/index.html",
     "main.d802e3cd.css.map": "/static/css/main.d802e3cd.css.map",
-    "main.4a33c7d9.js.map": "/static/js/main.4a33c7d9.js.map"
+    "main.20b2f18c.js.map": "/static/js/main.20b2f18c.js.map"
   },
   "entrypoints": [
     "static/css/main.d802e3cd.css",
-    "static/js/main.4a33c7d9.js"
+    "static/js/main.20b2f18c.js"
   ]
 }

build/static/asset-manifest.json

@@ -1 +1 @@
-<!doctype html><html lang="en"><head><meta charset="utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="Academic Support System"/><title>Academic Support System</title><script defer="defer" src="/static/js/main.4a33c7d9.js"></script><link href="/static/css/main.d802e3cd.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div></body></html>
+<!doctype html><html lang="en"><head><meta charset="utf-8"/><meta name="viewport" content="width=device-width,initial-scale=1"/><meta name="theme-color" content="#000000"/><meta name="description" content="Academic Support System"/><title>Academic Support System</title><script defer="defer" src="/static/js/main.20b2f18c.js"></script><link href="/static/css/main.d802e3cd.css" rel="stylesheet"></head><body><noscript>You need to enable JavaScript to run this app.</noscript><div id="root"></div></body></html>

build/static/index.html

@@ -1 +1,2 @@
-export const BASE_URL = 'https://learnpal.hdu.edu.cn/api';
+// export const BASE_URL = 'https://learnpal.hdu.edu.cn/api';
+export const BASE_URL = 'http://localhost:9001';

build/static/static/js/main.4a33c7d9.js build/static/static/js/main.20b2f18c.jsbuild/static/static/js/main.4a33c7d9.js renamed to build/static/static/js/main.20b2f18c.js

@@ -14,5 +14,8 @@ axios.interceptors.response.use(
 );
 
 export const getSubjectLink = (staffId) => {
-  return axios.get(`/subject/get/links/${staffId}`);
+  const token = localStorage.getItem('token');
+  return axios.get(`/subject/get/links/${staffId}`, {
+    headers: { Authorization: `Bearer ${token}` }
+  });
 };

…c/static/js/main.4a33c7d9.js.LICENSE.txt …c/static/js/main.20b2f18c.js.LICENSE.txtbuild/static/static/js/main.4a33c7d9.js.LICENSE.txt renamed to build/static/static/js/main.20b2f18c.js.LICENSE.txt build/static/static/js/main.4a33c7d9.js.LICENSE.txt renamed to build/static/static/js/main.20b2f18c.js.LICENSE.txt

@@ -181,11 +181,15 @@ func HandleImportStudentSubjectsExcel(c flamego.Context, r flamego.Render) {
 }
 
 // HandleAddManager 添加管理员
-func HandleAddManager(r flamego.Render, c flamego.Context, req dto.AddManagerRequest, errs binding.Errors) {
+func HandleAddManager(r flamego.Render, c flamego.Context, req dto.AddManagerRequest, errs binding.Errors, authInfo auth.Info) {
 	if errs != nil {
 		response.InValidParam(r, errs)
 		return
 	}
+	if authInfo.Uid != req.StaffId {
+		response.HTTPFail(r, 403001, "不能添加自己")
+		return
+	}
 
 	// 检查用户名是否已存在
 	existing, err := dao.Managers.GetManagerByStaffID(req.StaffId)
@@ -257,7 +261,11 @@ func HandleDeleteManager(r flamego.Render, c flamego.Context, req dto.DeleteMana
 }
 
 // HandleGetManagerList 获取管理员列表
-func HandleGetManagerList(r flamego.Render, c flamego.Context) {
+func HandleGetManagerList(r flamego.Render, c flamego.Context, authInfo auth.Info) {
+	if authInfo.Uid == "" {
+		response.HTTPFail(r, 403002, "permission denied")
+		return
+	}
 	managers, total, err := dao.Managers.GetAllManagers()
 	if err != nil {
 		logx.SystemLogger.CtxError(c.Request().Context(), err)

…ld/static/static/js/main.4a33c7d9.js.map …ld/static/static/js/main.20b2f18c.js.mapbuild/static/static/js/main.4a33c7d9.js.map renamed to build/static/static/js/main.20b2f18c.js.map build/static/static/js/main.4a33c7d9.js.map renamed to build/static/static/js/main.20b2f18c.js.map

@@ -24,16 +24,16 @@ func AppManagersInit(e *flamego.Flame) {
 
 	e.Group("/managers", func() {
 		// 管理员管理相关接口（需要登录）
-		e.Get("/list", handler.HandleGetManagerList, web.Authorization)
-		e.Post("/add", binding.JSON(dto.AddManagerRequest{}), handler.HandleAddManager, web.Authorization)
-		e.Post("/delete", binding.JSON(dto.DeleteManagerRequest{}), handler.HandleDeleteManager, web.Authorization)
+		e.Get("/list", handler.HandleGetManagerList)
+		e.Post("/add", binding.JSON(dto.AddManagerRequest{}), handler.HandleAddManager)
+		e.Post("/delete", binding.JSON(dto.DeleteManagerRequest{}), handler.HandleDeleteManager)
 
 		// 学生科目导入接口（Excel上传）
-		e.Post("/import/students", handler.HandleImportStudentSubjectsExcel, web.Authorization)
+		e.Post("/import/students", handler.HandleImportStudentSubjectsExcel)
 
 		// 下载导入模板
 		e.Get("/import/template", handler.HandleDownloadTemplate)
-	})
+	}, web.Authorization)
 
 }