优化案件生成
This commit is contained in:
ddrwode
@@ -214,12 +214,10 @@ def log_operation(request, operation_type, module, action, target_type, target_i
|
|||||||
operator_id = None
|
operator_id = None
|
||||||
|
|
||||||
if token:
|
if token:
|
||||||
try:
|
user = User.objects.filter(token=token, is_deleted=False).first()
|
||||||
user = User.objects.get(token=token, is_deleted=False)
|
if user:
|
||||||
operator = user.username
|
operator = user.username
|
||||||
operator_id = user.id
|
operator_id = user.id
|
||||||
except User.DoesNotExist:
|
|
||||||
pass
|
|
||||||
|
|
||||||
# 获取IP地址
|
# 获取IP地址
|
||||||
ip_address = request.META.get('HTTP_X_FORWARDED_FOR', '').split(',')[0].strip()
|
ip_address = request.META.get('HTTP_X_FORWARDED_FOR', '').split(',')[0].strip()
|
||||||
|
|||||||
@@ -92,10 +92,7 @@ class JWTAuthenticationMiddleware(MiddlewareMixin):
|
|||||||
# 允许登录接口(支持 /api2/user/login 和 /user/login)
|
# 允许登录接口(支持 /api2/user/login 和 /user/login)
|
||||||
if request.path == '/api2/user/login' or request.path == '/user/login':
|
if request.path == '/api2/user/login' or request.path == '/user/login':
|
||||||
return None
|
return None
|
||||||
try:
|
|
||||||
|
|
||||||
if not token:
|
if not token:
|
||||||
# 标记为未授权请求(可能是正常的前端访问,也可能是恶意扫描)
|
|
||||||
request.META['_is_unauthorized'] = True
|
request.META['_is_unauthorized'] = True
|
||||||
return JsonResponse(
|
return JsonResponse(
|
||||||
{'status': 401, 'message': "token为空"},
|
{'status': 401, 'message': "token为空"},
|
||||||
@@ -103,9 +100,10 @@ class JWTAuthenticationMiddleware(MiddlewareMixin):
|
|||||||
content_type='application/json',
|
content_type='application/json',
|
||||||
headers={'Access-Control-Allow-Origin': '*'}
|
headers={'Access-Control-Allow-Origin': '*'}
|
||||||
)
|
)
|
||||||
User.objects.get(token=token, is_deleted=False)
|
# 使用 filter().first() 避免同一 token 存在多条用户时 get() 抛出 MultipleObjectsReturned
|
||||||
except User.DoesNotExist:
|
users = User.objects.filter(token=token, is_deleted=False)
|
||||||
# 标记为未授权请求
|
user = users.first()
|
||||||
|
if user is None:
|
||||||
request.META['_is_unauthorized'] = True
|
request.META['_is_unauthorized'] = True
|
||||||
return JsonResponse(
|
return JsonResponse(
|
||||||
{'status': 401, 'message': "身份过期"},
|
{'status': 401, 'message': "身份过期"},
|
||||||
@@ -113,6 +111,11 @@ class JWTAuthenticationMiddleware(MiddlewareMixin):
|
|||||||
content_type='application/json',
|
content_type='application/json',
|
||||||
headers={'Access-Control-Allow-Origin': '*'}
|
headers={'Access-Control-Allow-Origin': '*'}
|
||||||
)
|
)
|
||||||
|
if users.count() > 1:
|
||||||
|
logger.warning(
|
||||||
|
'同一 token 存在 %s 个用户(token 应唯一),请检查 User 表并清理重复数据。',
|
||||||
|
users.count()
|
||||||
|
)
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user