github/claude-relay-service
1
0
Fork 0
mirror of https://github.com/Wei-Shaw/claude-relay-service.git synced 2026-01-22 16:43:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: 统一权限检查逻辑,使用 apiKeyService.hasPermission

Browse Source 
将散布在各处的权限检查逻辑(permissions || 'all')统一为
apiKeyService.hasPermission() 方法调用,确保:

- 权限检查的唯一真实来源
- 避免默认值不一致导致的安全问题
- 便于后续权限模型的扩展和维护

影响文件:
- geminiHandlers.js: key-info 端点
- apiStats.js: user-stats 统计端点
- openaiClaudeRoutes.js: 权限校验辅助函数
- openaiRoutes.js: key-info 端点
This commit is contained in:
QTom
2026-01-09 14:36:31 +08:00
parent 4723328be4
commit 1dad810d15
4 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/handlers/geminiHandlers.js
View File

@@ -862,7 +862,7 @@ async function handleKeyInfo(req, res) {
res.json({ res.json({
id: keyData.id, id: keyData.id,
name: keyData.name, name: keyData.name,
permissions: keyData.permissions || 'all', permissions: keyData.permissions,
token_limit: keyData.tokenLimit, token_limit: keyData.tokenLimit,
tokens_used: keyData.usage.total.tokens, tokens_used: keyData.usage.total.tokens,
tokens_remaining: tokens_remaining:

2
src/routes/apiStats.js
View File

@@ -155,7 +155,7 @@ router.post('/api/user-stats', async (req, res) => {
restrictedModels, restrictedModels,
enableClientRestriction: keyData.enableClientRestriction === 'true', enableClientRestriction: keyData.enableClientRestriction === 'true',
allowedClients, allowedClients,
permissions: keyData.permissions || 'all', permissions: keyData.permissions,
// 添加激活相关字段 // 添加激活相关字段
expirationMode: keyData.expirationMode || 'fixed', expirationMode: keyData.expirationMode || 'fixed',
isActivated: keyData.isActivated === 'true', isActivated: keyData.isActivated === 'true',

3
src/routes/openaiClaudeRoutes.js
View File

@@ -20,8 +20,7 @@ const { getEffectiveModel } = require('../utils/modelHelper')
// 🔧 辅助函数:检查 API Key 权限 // 🔧 辅助函数:检查 API Key 权限
function checkPermissions(apiKeyData, requiredPermission = 'claude') { function checkPermissions(apiKeyData, requiredPermission = 'claude') {
const permissions = apiKeyData.permissions || 'all' return apiKeyService.hasPermission(apiKeyData?.permissions, requiredPermission)
return permissions === 'all' || permissions === requiredPermission
} }
function queueRateLimitUpdate(rateLimitInfo, usageSummary, model, context = '') { function queueRateLimitUpdate(rateLimitInfo, usageSummary, model, context = '') {

2
src/routes/openaiRoutes.js
View File

@@ -904,7 +904,7 @@ router.get('/key-info', authenticateApiKey, async (req, res) => {
id: keyData.id, id: keyData.id,
name: keyData.name, name: keyData.name,
description: keyData.description, description: keyData.description,
permissions: keyData.permissions || 'all', permissions: keyData.permissions,
token_limit: keyData.tokenLimit, token_limit: keyData.tokenLimit,
tokens_used: keyData.usage.total.tokens, tokens_used: keyData.usage.total.tokens,
tokens_remaining: tokens_remaining: