github/claude-relay-service
1
0
Fork 0
mirror of https://github.com/Wei-Shaw/claude-relay-service.git synced 2026-01-23 21:17:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: 修复apikey的服务权限失效问题

Browse Source
This commit is contained in:
shaw
2025-09-25 17:23:05 +08:00
parent 0d8311958b
commit 991dd1436f
1 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/routes/api.js
View File

@@ -20,6 +20,20 @@ async function handleMessagesRequest(req, res) {
try { try {
const startTime = Date.now() const startTime = Date.now()
// Claude 服务权限校验,阻止未授权的 Key
if (
req.apiKey.permissions &&
req.apiKey.permissions !== 'all' &&
req.apiKey.permissions !== 'claude'
) {
return res.status(403).json({
error: {
type: 'permission_error',
message: '此 API Key 无权访问 Claude 服务'
}
})
}
// 严格的输入验证 // 严格的输入验证
if (!req.body || typeof req.body !== 'object') { if (!req.body || typeof req.body !== 'object') {
return res.status(400).json({ return res.status(400).json({
@@ -988,3 +1002,4 @@ router.post('/v1/messages/count_tokens', authenticateApiKey, async (req, res) =>
}) })
module.exports = router module.exports = router
module.exports.handleMessagesRequest = handleMessagesRequest