update: 修复基于长亭monkeycode扫描结果的12处安全漏洞

2026-04-24 10:11:23 +08:00
parent 63bfabc6de
commit 4af9a31eba
17 changed files with 366 additions and 75 deletions
@@ -2,7 +2,7 @@
 更新日志API
 提供GitHub提交历史的缓存和代理服务
 """
-from fastapi import APIRouter, HTTPException, Query
+from fastapi import APIRouter, HTTPException, Query, Request, Depends
 from typing import List, Optional
 import httpx
 from datetime import datetime, timedelta
@@ -13,6 +13,12 @@ logger = logging.getLogger(__name__)

 router = APIRouter()

+
+def require_login(request: Request):
+    if not hasattr(request.state, "user") or not request.state.user:
+        raise HTTPException(status_code=401, detail="需要登录")
+    return request.state.user
+
 # GitHub API配置
 GITHUB_API_BASE = "https://api.github.com"
 REPO_OWNER = "xiamuceer-j"
@@ -173,7 +179,7 @@ async def get_changelog(


@router.post("/changelog/refresh")
-async def refresh_changelog():
+async def refresh_changelog(user=Depends(require_login)):
    """
    刷新更新日志缓存
    
@@ -230,4 +236,4 @@ async def refresh_changelog():
        raise HTTPException(
            status_code=500,
            detail=f"刷新缓存失败: {str(e)}"
-        )
+        )