给所有请求都加上jwt,隐藏生成jwt的secret(放到.env中),隐藏app-secret(放在pm2运行配置文件中,后续直接读取环境配置即可)
This commit is contained in:
@@ -129,9 +129,9 @@ interface ScoringProposal {
|
||||
* @param request Remix请求对象,用于获取用户会话
|
||||
* @returns 评查点结果列表和统计数据
|
||||
*/
|
||||
export async function getReviewPoints(fileId: string, request: Request) {
|
||||
export async function getReviewPoints(fileId: string, request: Request) {
|
||||
// 获取用户会话信息
|
||||
const { userInfo } = await getUserSession(request);
|
||||
const { userInfo, frontendJWT } = await getUserSession(request);
|
||||
|
||||
if (!userInfo?.user_id) {
|
||||
console.error("用户身份验证失败");
|
||||
@@ -141,7 +141,7 @@ export async function getReviewPoints(fileId: string, request: Request) {
|
||||
// const userId = userInfo.user_id.toString();
|
||||
|
||||
// 首先先获取这个文档的数据
|
||||
const documentData = await getDocumentWithNoUserId(fileId);
|
||||
const documentData = await getDocumentWithNoUserId(fileId, frontendJWT);
|
||||
if (documentData.error) {
|
||||
console.error("获取文档数据错误:", documentData.error);
|
||||
return Response.json({ error: documentData.error }, { status: documentData.status || 500 });
|
||||
@@ -154,7 +154,8 @@ export async function getReviewPoints(fileId: string, request: Request) {
|
||||
'document_id': `eq.${fileId}`
|
||||
},
|
||||
order: 'id.desc',
|
||||
limit: 1
|
||||
limit: 1,
|
||||
token: frontendJWT
|
||||
};
|
||||
const contractStructureComparisonResponse = await postgrestGet('contract_structure_comparison', contractStructureComparisonParams);
|
||||
|
||||
@@ -195,7 +196,8 @@ export async function getReviewPoints(fileId: string, request: Request) {
|
||||
select: '*',
|
||||
filter: {
|
||||
'document_id': `eq.${fileId}`
|
||||
}
|
||||
},
|
||||
token: frontendJWT
|
||||
};
|
||||
const evaluationResultsResponse = await postgrestGet('evaluation_results', evaluationResultsParams);
|
||||
|
||||
@@ -223,7 +225,8 @@ export async function getReviewPoints(fileId: string, request: Request) {
|
||||
select: '*',
|
||||
filter: {
|
||||
'id': `in.(${evaluationPointIds.join(',')})`
|
||||
}
|
||||
},
|
||||
token: frontendJWT
|
||||
};
|
||||
const evaluationPointsResponse = await postgrestGet('evaluation_points', evaluationPointsParams);
|
||||
|
||||
@@ -249,7 +252,8 @@ export async function getReviewPoints(fileId: string, request: Request) {
|
||||
select: '*',
|
||||
filter: {
|
||||
'id': `in.(${groupIds.join(',')})`
|
||||
}
|
||||
},
|
||||
token: frontendJWT
|
||||
};
|
||||
const groupsResponse = await postgrestGet('evaluation_point_groups', groupsParams);
|
||||
|
||||
@@ -272,7 +276,8 @@ export async function getReviewPoints(fileId: string, request: Request) {
|
||||
filter: {
|
||||
'document_id': `eq.${fileId}`,
|
||||
'evaluation_point_id': `in.(${manualReviewPointsIds.join(',')})`
|
||||
}
|
||||
},
|
||||
token: frontendJWT
|
||||
};
|
||||
const manualReviewPointsResponse = await postgrestGet('audit_status', manualReviewPointsParams);
|
||||
if (manualReviewPointsResponse.error) {
|
||||
@@ -326,7 +331,8 @@ export async function getReviewPoints(fileId: string, request: Request) {
|
||||
filter: {
|
||||
'document_id': `eq.${fileId}`,
|
||||
'deleted_at': `is.null`
|
||||
}
|
||||
},
|
||||
token: frontendJWT
|
||||
};
|
||||
const scoringProposalsResponse = await postgrestGet('cross_scoring_proposals', scoringProposalsParams);
|
||||
|
||||
@@ -754,7 +760,7 @@ export async function updateReviewResult(
|
||||
}> {
|
||||
try {
|
||||
// 获取用户会话信息
|
||||
const { userInfo } = await getUserSession(request);
|
||||
const { userInfo, frontendJWT } = await getUserSession(request);
|
||||
|
||||
if (!userInfo?.user_id) {
|
||||
console.error("用户身份验证失败");
|
||||
@@ -770,7 +776,8 @@ export async function updateReviewResult(
|
||||
// 首先获取当前评查结果数据
|
||||
const currentResultResponse = await postgrestGet('evaluation_results', {
|
||||
select: '*',
|
||||
filter: { id: `eq.${resultId}` }
|
||||
filter: { id: `eq.${resultId}` },
|
||||
token: frontendJWT
|
||||
});
|
||||
|
||||
if (currentResultResponse.error) {
|
||||
@@ -805,7 +812,8 @@ export async function updateReviewResult(
|
||||
const resultResponse = await postgrestPut<unknown, typeof updatedData>(
|
||||
'evaluation_results',
|
||||
updatedData,
|
||||
{ id: resultId }
|
||||
{ id: resultId },
|
||||
frontendJWT
|
||||
);
|
||||
|
||||
if (resultResponse.error) {
|
||||
@@ -830,7 +838,8 @@ export async function updateReviewResult(
|
||||
{
|
||||
id: editAuditStatusId,
|
||||
user_id: userId // 添加用户ID条件,确保只能更新自己的记录
|
||||
}
|
||||
},
|
||||
frontendJWT
|
||||
);
|
||||
|
||||
if (auditStatusResponse.error) {
|
||||
@@ -853,7 +862,7 @@ export async function updateReviewResult(
|
||||
};
|
||||
|
||||
// 使用postgrestPost创建新记录
|
||||
const postResponse = await postgrestPost('audit_status', newAuditStatus);
|
||||
const postResponse = await postgrestPost('audit_status', newAuditStatus, frontendJWT);
|
||||
|
||||
if (postResponse.error) {
|
||||
return { error: postResponse.error, status: postResponse.status || 500 };
|
||||
@@ -889,7 +898,7 @@ export async function confirmReviewResults(documentId: string, request: Request)
|
||||
}> {
|
||||
try {
|
||||
// 获取用户会话信息
|
||||
const { userInfo } = await getUserSession(request);
|
||||
const { userInfo, frontendJWT } = await getUserSession(request);
|
||||
|
||||
if (!userInfo?.user_id) {
|
||||
console.error("用户身份验证失败");
|
||||
@@ -932,7 +941,8 @@ export async function confirmReviewResults(documentId: string, request: Request)
|
||||
{
|
||||
id: documentId,
|
||||
user_id: userId // 添加用户ID条件,确保只能更新自己的文档
|
||||
}
|
||||
},
|
||||
frontendJWT
|
||||
);
|
||||
|
||||
if (response.error) {
|
||||
|
||||
Reference in New Issue
Block a user