优化案件生成

2026-02-04 14:13:17 +08:00
parent f533cfde79
commit 107192b14c
2 changed files with 20 additions and 19 deletions
--- a/User/utils.py
+++ b/User/utils.py
@@ -214,12 +214,10 @@ def log_operation(request, operation_type, module, action, target_type, target_i
        operator_id = None
        
        if token:
-            try:
-                user = User.objects.get(token=token, is_deleted=False)
+            user = User.objects.filter(token=token, is_deleted=False).first()
+            if user:
                operator = user.username
                operator_id = user.id
-            except User.DoesNotExist:
-                pass
        
        # 获取IP地址
        ip_address = request.META.get('HTTP_X_FORWARDED_FOR', '').split(',')[0].strip()
--- a/jyls_django/middleware.py
+++ b/jyls_django/middleware.py
@@ -92,27 +92,30 @@ class JWTAuthenticationMiddleware(MiddlewareMixin):
        # 允许登录接口（支持 /api2/user/login 和 /user/login）
        if request.path == '/api2/user/login' or request.path == '/user/login':
            return None
-        try:
-
-            if not token:
-                # 标记为未授权请求（可能是正常的前端访问，也可能是恶意扫描）
-                request.META['_is_unauthorized'] = True
-                return JsonResponse(
-                    {'status': 401,'message':"token为空"},
-                    status=401,
-                    content_type='application/json',
-                    headers={'Access-Control-Allow-Origin': '*'}
-                )
-            User.objects.get(token=token, is_deleted=False)
-        except User.DoesNotExist:
-            # 标记为未授权请求
+        if not token:
            request.META['_is_unauthorized'] = True
            return JsonResponse(
-                {'status': 401,'message':"身份过期"},
+                {'status': 401, 'message': "token为空"},
                status=401,
                content_type='application/json',
                headers={'Access-Control-Allow-Origin': '*'}
            )
+        # 使用 filter().first() 避免同一 token 存在多条用户时 get() 抛出 MultipleObjectsReturned
+        users = User.objects.filter(token=token, is_deleted=False)
+        user = users.first()
+        if user is None:
+            request.META['_is_unauthorized'] = True
+            return JsonResponse(
+                {'status': 401, 'message': "身份过期"},
+                status=401,
+                content_type='application/json',
+                headers={'Access-Control-Allow-Origin': '*'}
+            )
+        if users.count() > 1:
+            logger.warning(
+                '同一 token 存在 %s 个用户（token 应唯一），请检查 User 表并清理重复数据。',
+                users.count()
+            )
        return None