优化案件生成

2026-02-04 14:13:17 +08:00
parent f533cfde79
commit 107192b14c
2 changed files with 20 additions and 19 deletions
--- a/User/utils.py
+++ b/User/utils.py
@@ -214,12 +214,10 @@ def log_operation(request, operation_type, module, action, target_type, target_i
        operator_id = None
        if token:
-            try:
+            user = User.objects.filter(token=token, is_deleted=False).first()
-                user = User.objects.get(token=token, is_deleted=False)
+            if user:
                operator = user.username
                operator_id = user.id
            except User.DoesNotExist:
                pass
        # 获取IP地址
        ip_address = request.META.get('HTTP_X_FORWARDED_FOR', '').split(',')[0].strip()
--- a/jyls_django/middleware.py
+++ b/jyls_django/middleware.py
@@ -92,27 +92,30 @@ class JWTAuthenticationMiddleware(MiddlewareMixin):
        # 允许登录接口（支持 /api2/user/login 和 /user/login）
        if request.path == '/api2/user/login' or request.path == '/user/login':
            return None
-        try:
+        if not token:
            if not token:
                # 标记为未授权请求（可能是正常的前端访问，也可能是恶意扫描）
                request.META['_is_unauthorized'] = True
                return JsonResponse(
                    {'status': 401,'message':"token为空"},
                    status=401,
                    content_type='application/json',
                    headers={'Access-Control-Allow-Origin': '*'}
                )
            User.objects.get(token=token, is_deleted=False)
        except User.DoesNotExist:
            # 标记为未授权请求
            request.META['_is_unauthorized'] = True
            return JsonResponse(
-                {'status': 401,'message':"身份过期"},
+                {'status': 401, 'message': "token为空"},
                status=401,
                content_type='application/json',
                headers={'Access-Control-Allow-Origin': '*'}
            )
        # 使用 filter().first() 避免同一 token 存在多条用户时 get() 抛出 MultipleObjectsReturned
        users = User.objects.filter(token=token, is_deleted=False)
        user = users.first()
        if user is None:
            request.META['_is_unauthorized'] = True
            return JsonResponse(
                {'status': 401, 'message': "身份过期"},
                status=401,
                content_type='application/json',
                headers={'Access-Control-Allow-Origin': '*'}
            )
        if users.count() > 1:
            logger.warning(
                '同一 token 存在 %s 个用户（token 应唯一），请检查 User 表并清理重复数据。',
                users.count()
            )
        return None