fix: tighten route permission guards
This commit is contained in:
@@ -314,6 +314,9 @@ function validateRule(rule: RuleSummary | undefined, dependencyOptions: Dependen
|
||||
|
||||
export async function loader({ request }: LoaderFunctionArgs) {
|
||||
const url = new URL(request.url);
|
||||
const { frontendJWT, userInfo } = await getUserSession(request);
|
||||
const { requireRoutePermission } = await import('~/api/auth/check-route-permission.server');
|
||||
await requireRoutePermission('/rulesTest/detail', userInfo?.role || '', frontendJWT || undefined);
|
||||
const packId = url.searchParams.get('packId') || url.searchParams.get('id') || '';
|
||||
const requestedRuleId = url.searchParams.get('ruleId') || '';
|
||||
const packs = await loadRuleConfigPacks(request);
|
||||
@@ -330,6 +333,8 @@ export async function loader({ request }: LoaderFunctionArgs) {
|
||||
|
||||
export async function action({ request }: ActionFunctionArgs) {
|
||||
const { frontendJWT, userInfo } = await getUserSession(request);
|
||||
const { requireRoutePermission } = await import('~/api/auth/check-route-permission.server');
|
||||
await requireRoutePermission('/rulesTest/detail', userInfo?.role || '', frontendJWT || undefined);
|
||||
if (!frontendJWT) {
|
||||
return json<ActionData>({ success: false, intent: 'save', message: '登录已失效,请重新登录后再保存。' }, { status: 401 });
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user