优化案件生成

User/utils.py

@@ -214,12 +214,10 @@ def log_operation(request, operation_type, module, action, target_type, target_i
         operator_id = None
         
         if token:
-            try:
-                user = User.objects.get(token=token, is_deleted=False)
+            user = User.objects.filter(token=token, is_deleted=False).first()
+            if user:
                 operator = user.username
                 operator_id = user.id
-            except User.DoesNotExist:
-                pass
         
         # 获取IP地址
         ip_address = request.META.get('HTTP_X_FORWARDED_FOR', '').split(',')[0].strip()

jyls_django/middleware.py

@@ -92,27 +92,30 @@ class JWTAuthenticationMiddleware(MiddlewareMixin):
         # 允许登录接口（支持 /api2/user/login 和 /user/login）
         if request.path == '/api2/user/login' or request.path == '/user/login':
             return None
-        try:
-
-            if not token:
-                # 标记为未授权请求（可能是正常的前端访问，也可能是恶意扫描）
-                request.META['_is_unauthorized'] = True
-                return JsonResponse(
-                    {'status': 401,'message':"token为空"},
-                    status=401,
-                    content_type='application/json',
-                    headers={'Access-Control-Allow-Origin': '*'}
-                )
-            User.objects.get(token=token, is_deleted=False)
-        except User.DoesNotExist:
-            # 标记为未授权请求
+        if not token:
             request.META['_is_unauthorized'] = True
             return JsonResponse(
-                {'status': 401,'message':"身份过期"},
+                {'status': 401, 'message': "token为空"},
                 status=401,
                 content_type='application/json',
                 headers={'Access-Control-Allow-Origin': '*'}
             )
+        # 使用 filter().first() 避免同一 token 存在多条用户时 get() 抛出 MultipleObjectsReturned
+        users = User.objects.filter(token=token, is_deleted=False)
+        user = users.first()
+        if user is None:
+            request.META['_is_unauthorized'] = True
+            return JsonResponse(
+                {'status': 401, 'message': "身份过期"},
+                status=401,
+                content_type='application/json',
+                headers={'Access-Control-Allow-Origin': '*'}
+            )
+        if users.count() > 1:
+            logger.warning(
+                '同一 token 存在 %s 个用户（token 应唯一），请检查 User 表并清理重复数据。',
+                users.count()
+            )
         return None