admin/Hermes-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[codex] fix auth startup and profile model defaults (#966)

Browse Source 
* docs release 0.6.0 changelog

* fix auth startup and profile model defaults
This commit is contained in:
ekko
2026-05-24 14:00:31 +08:00
committed by GitHub
parent 634a622934
commit f61a1d9454
24 changed files with 310 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/server/src/controllers/auth.ts
+1 -1
View File
@@ -56,7 +56,7 @@ export async function currentUser(ctx: Context) {
created_at: user.created_at,
updated_at: user.updated_at,
last_login_at: user.last_login_at,
requiresCredentialChange: user.username === DEFAULT_USERNAME || verifyPassword(DEFAULT_PASSWORD, user.password_hash),
requiresCredentialChange: user.username === DEFAULT_USERNAME && verifyPassword(DEFAULT_PASSWORD, user.password_hash),
},
}
}
packages/server/src/controllers/hermes/models.ts
+10 -2
View File
@@ -201,7 +201,15 @@ function requestedProfileName(ctx: any): string {
}
function requestScopedProfileName(ctx: any): string {
return ctx.state?.profile?.name || getActiveProfileName() || 'default'
const headerProfile = typeof ctx.get === 'function' ? ctx.get('x-hermes-profile') : ''
const queryProfile = typeof ctx.query?.profile === 'string' ? ctx.query.profile : ''
const bodyProfile = typeof ctx.request?.body?.profile === 'string' ? ctx.request.body.profile : ''
return ctx.state?.profile?.name ||
headerProfile.trim() ||
queryProfile.trim() ||
bodyProfile.trim() ||
getActiveProfileName() ||
'default'
}
function visibleProfileNamesForUser(ctx: any): string[] {
@@ -411,7 +419,7 @@ export async function getAvailable(ctx: any) {
const mergedGroups = mergeAvailableGroups(profileResults.flatMap(result => result.groups))
const groupsWithAliases = applyModelAliases(mergedGroups, modelAliases)
const visibleGroups = applyModelVisibility(groupsWithAliases, modelVisibility)
const activeProfile = getActiveProfileName()
const activeProfile = requestScopedProfileName(ctx)
const defaultProfile = profileResults.find(result => result.profile === activeProfile && (result.default || result.default_provider))
|| profileResults.find(result => result.default && result.default_provider)
|| profileResults.find(result => result.default)
packages/server/src/middleware/user-auth.ts
+12
View File
@@ -83,6 +83,13 @@ async function allowServerTokenForMedia(ctx: Context, token: string): Promise<bo
return true
}
function isProtectedHttpPath(path: string): boolean {
const lowerPath = path.toLowerCase()
return lowerPath.startsWith('/api') ||
lowerPath.startsWith('/v1') ||
lowerPath.startsWith('/upload')
}
export function signUserJwt(user: Pick<UserRecord, 'id' | 'username' | 'role'>, secret: string, now = Date.now()): string {
const iat = Math.floor(now / 1000)
const payload: JwtPayload = {
@@ -154,6 +161,11 @@ export async function isAuthEnabled(): Promise<boolean> {
}
export async function requireUserJwt(ctx: Context, next: Next): Promise<void> {
if (!isProtectedHttpPath(ctx.path)) {
await next()
return
}
const secret = await getJwtSecret()
if (!secret) {
await next()