给所有请求都加上jwt,隐藏生成jwt的secret(放到.env中),隐藏app-secret(放在pm2运行配置文件中,后续直接读取环境配置即可)
This commit is contained in:
@@ -87,13 +87,14 @@ async function safeGetJWT(jwtToken?: string): Promise<string> {
|
||||
* @param userId 用户ID
|
||||
* @returns 是否是发起人
|
||||
*/
|
||||
export async function findIsProposer(taskId: string | number, userId: number | undefined): Promise<boolean> {
|
||||
export async function findIsProposer(taskId: string | number, userId: number | undefined, frontendJWT?: string): Promise<boolean> {
|
||||
// 通过postgrest的get请求去cross_examination_tasks表中进行查找assignee_id是否等于userId
|
||||
const response = await postgrestGet(`cross_examination_tasks`, {
|
||||
select: 'assigner_id',
|
||||
filter: {
|
||||
id: `eq.${taskId}`
|
||||
}
|
||||
},
|
||||
token: frontendJWT
|
||||
});
|
||||
if (response.error) {
|
||||
console.error('获取任务数据失败:', response.error);
|
||||
@@ -366,7 +367,8 @@ export async function performOpinionAction(
|
||||
* @returns 完成评查结果
|
||||
*/
|
||||
export async function confirmReviewResults(
|
||||
documentId: string | number
|
||||
documentId: string | number,
|
||||
frontendJWT?: string
|
||||
): Promise<{data?: unknown, error?: string, status?: number}> {
|
||||
try {
|
||||
// 通过postgrest的post请求去documents表中进行查找id等于documentId的数据,更新documents表的audit_status为1
|
||||
@@ -374,7 +376,7 @@ export async function confirmReviewResults(
|
||||
audit_status: 1
|
||||
}, {
|
||||
id: documentId
|
||||
});
|
||||
}, frontendJWT);
|
||||
if(response.error) {
|
||||
return {
|
||||
error: response.error,
|
||||
|
||||
Reference in New Issue
Block a user