GithubFollow/One-KVM
1
0
Fork 0
mirror of https://github.com/mofeng-git/One-KVM.git synced 2026-01-31 01:51:53 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: 修复部分资源未授权访问,删除冗余 Admin 判断逻辑

Browse Source
This commit is contained in:
mofeng
2026-01-29 20:16:53 +08:00
parent 9cb0dd146e
commit 78aca25722
10 changed files with 43 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/auth/middleware.rs
View File

@@ -40,20 +40,20 @@ pub async fn auth_middleware(
mut request: Request,
next: Next,
) -> Result<Response, StatusCode> {
let raw_path = request.uri().path();
// When this middleware is mounted under /api, Axum strips the prefix for the inner router.
// Normalize the path so checks work whether it is mounted or not.
let path = raw_path.strip_prefix("/api").unwrap_or(raw_path);
// Check if system is initialized
if !state.config.is_initialized() {
// Allow access to setup endpoints when not initialized
let path = request.uri().path();
if path.starts_with("/api/setup")
|| path == "/api/info"
|| path.starts_with("/") && !path.starts_with("/api/")
{
// Allow only setup-related endpoints when not initialized
if is_setup_public_endpoint(path) {
return Ok(next.run(request).await);
}
}
// Public endpoints that don't require auth
let path = request.uri().path();
if is_public_endpoint(path) {
return Ok(next.run(request).await);
}
@@ -89,21 +89,14 @@ fn unauthorized_response(message: &str) -> Response {
/// Check if endpoint is public (no auth required)
fn is_public_endpoint(path: &str) -> bool {
// Note: paths here are relative to /api since middleware is applied before nest
// Note: paths here are relative to /api since middleware is applied within the nested router
matches!(
path,
"/"
| "/auth/login"
| "/info"
| "/health"
| "/setup"
| "/setup/init"
// Also check with /api prefix for direct access
| "/api/auth/login"
| "/api/info"
| "/api/health"
| "/api/setup"
| "/api/setup/init"
) || path.starts_with("/assets/")
|| path.starts_with("/static/")
|| path.ends_with(".js")
@@ -112,3 +105,11 @@ fn is_public_endpoint(path: &str) -> bool {
|| path.ends_with(".png")
|| path.ends_with(".svg")
}
/// Setup-only endpoints allowed before initialization.
fn is_setup_public_endpoint(path: &str) -> bool {
matches!(
path,
"/setup" | "/setup/init" | "/devices" | "/stream/codecs"
)
}

2
src/web/handlers/mod.rs
View File

@@ -465,7 +465,6 @@ pub async fn logout(
pub struct AuthCheckResponse {
pub authenticated: bool,
pub user: Option<String>,
pub is_admin: bool,
}
pub async fn auth_check(
@@ -481,7 +480,6 @@ pub async fn auth_check(
Json(AuthCheckResponse {
authenticated: true,
user: username,
is_admin: true,
})
}

13
src/web/routes.rs
View File

@@ -32,7 +32,7 @@ pub fn create_router(state: Arc<AppState>) -> Router {
.route("/setup", get(handlers::setup_status))
.route("/setup/init", post(handlers::setup_init));
// User routes (authenticated users - both regular and admin)
// Authenticated routes (all logged-in users)
let user_routes = Router::new()
.route("/info", get(handlers::system_info))
.route("/auth/logout", post(handlers::logout))
@@ -71,10 +71,6 @@ pub fn create_router(state: Arc<AppState>) -> Router {
.route("/audio/devices", get(handlers::list_audio_devices))
// Audio WebSocket endpoint
.route("/ws/audio", any(audio_ws_handler))
;
// Admin-only routes (require admin privileges)
let admin_routes = Router::new()
// Configuration management (domain-separated endpoints)
.route("/config", get(handlers::config::get_all_config))
.route("/config", post(handlers::update_config))
@@ -199,11 +195,10 @@ pub fn create_router(state: Arc<AppState>) -> Router {
.route("/terminal", get(handlers::terminal::terminal_index))
.route("/terminal/", get(handlers::terminal::terminal_index))
.route("/terminal/ws", get(handlers::terminal::terminal_ws))
.route("/terminal/{*path}", get(handlers::terminal::terminal_proxy))
;
.route("/terminal/{*path}", get(handlers::terminal::terminal_proxy));
// Combine protected routes (user + admin)
let protected_routes = Router::new().merge(user_routes).merge(admin_routes);
// Protected routes (all authenticated users)
let protected_routes = user_routes;
// Stream endpoints (accessible with auth, but typically embedded in pages)
let stream_routes = Router::new()

2
web/src/api/index.ts
View File

@@ -16,7 +16,7 @@ export const authApi = {
request<{ success: boolean }>('/auth/logout', { method: 'POST' }),
check: () =>
request<{ authenticated: boolean; user?: string; is_admin?: boolean }>('/auth/check'),
request<{ authenticated: boolean; user?: string }>('/auth/check'),
changePassword: (currentPassword: string, newPassword: string) =>
request<{ success: boolean }>('/auth/password', {

22
web/src/components/ActionBar.vue
View File

@@ -52,14 +52,13 @@ const overflowMenuOpen = ref(false)
const hidBackend = computed(() => (systemStore.hid?.backend ?? '').toLowerCase())
const isCh9329Backend = computed(() => hidBackend.value.includes('ch9329'))
const showMsd = computed(() => {
return props.isAdmin && !isCh9329Backend.value
return !!systemStore.msd?.available && !isCh9329Backend.value
})
const props = defineProps<{
mouseMode?: 'absolute' | 'relative'
videoMode?: VideoMode
ttydRunning?: boolean
isAdmin?: boolean
}>()
const emit = defineEmits<{
@@ -93,18 +92,16 @@ const extensionOpen = ref(false)
<VideoConfigPopover
v-model:open="videoPopoverOpen"
:video-mode="props.videoMode || 'mjpeg'"
:is-admin="props.isAdmin"
@update:video-mode="emit('update:videoMode', $event)"
/>
<!-- Audio Config - Always visible -->
<AudioConfigPopover v-model:open="audioPopoverOpen" :is-admin="props.isAdmin" />
<AudioConfigPopover v-model:open="audioPopoverOpen" />
<!-- HID Config - Always visible -->
<HidConfigPopover
v-model:open="hidPopoverOpen"
:mouse-mode="mouseMode"
:is-admin="props.isAdmin"
@update:mouse-mode="emit('toggleMouseMode')"
/>
@@ -125,7 +122,7 @@ const extensionOpen = ref(false)
</TooltipProvider>
<!-- ATX Power Control - Hidden on small screens -->
<Popover v-if="props.isAdmin" v-model:open="atxOpen" class="hidden sm:block">
<Popover v-model:open="atxOpen" class="hidden sm:block">
<PopoverTrigger as-child>
<Button variant="ghost" size="sm" class="h-8 gap-1.5 text-xs">
<Power class="h-4 w-4" />
@@ -159,8 +156,8 @@ const extensionOpen = ref(false)
<!-- Right side buttons -->
<div class="flex items-center gap-1.5 shrink-0">
<!-- Extension Menu - Admin only, hidden on small screens -->
<Popover v-if="props.isAdmin" v-model:open="extensionOpen" class="hidden lg:block">
<!-- Extension Menu - Hidden on small screens -->
<Popover v-model:open="extensionOpen" class="hidden lg:block">
<PopoverTrigger as-child>
<Button variant="ghost" size="sm" class="h-8 gap-1.5 text-xs">
<Cable class="h-4 w-4" />
@@ -183,8 +180,8 @@ const extensionOpen = ref(false)
</PopoverContent>
</Popover>
<!-- Settings - Admin only, hidden on small screens -->
<TooltipProvider v-if="props.isAdmin" class="hidden lg:block">
<!-- Settings - Hidden on small screens -->
<TooltipProvider class="hidden lg:block">
<Tooltip>
<TooltipTrigger as-child>
<Button variant="ghost" size="sm" class="h-8 gap-1.5 text-xs" @click="router.push('/settings')">
@@ -270,7 +267,7 @@ const extensionOpen = ref(false)
</DropdownMenuItem>
<!-- ATX - Mobile only -->
<DropdownMenuItem v-if="props.isAdmin" class="sm:hidden" @click="atxOpen = true; overflowMenuOpen = false">
<DropdownMenuItem class="sm:hidden" @click="atxOpen = true; overflowMenuOpen = false">
<Power class="h-4 w-4 mr-2" />
{{ t('actionbar.power') }}
</DropdownMenuItem>
@@ -291,7 +288,6 @@ const extensionOpen = ref(false)
<!-- Extension - Tablet and below -->
<DropdownMenuItem
v-if="props.isAdmin"
class="lg:hidden"
:disabled="!props.ttydRunning"
@click="emit('openTerminal'); overflowMenuOpen = false"
@@ -301,7 +297,7 @@ const extensionOpen = ref(false)
</DropdownMenuItem>
<!-- Settings - Tablet and below -->
<DropdownMenuItem v-if="props.isAdmin" class="lg:hidden" @click="router.push('/settings'); overflowMenuOpen = false">
<DropdownMenuItem class="lg:hidden" @click="router.push('/settings'); overflowMenuOpen = false">
<Settings class="h-4 w-4 mr-2" />
{{ t('actionbar.settings') }}
</DropdownMenuItem>

9
web/src/components/AudioConfigPopover.vue
View File

@@ -30,7 +30,6 @@ interface AudioDevice {
const props = defineProps<{
open: boolean
isAdmin?: boolean
}>()
const emit = defineEmits<{
@@ -203,11 +202,10 @@ watch(() => props.open, (isOpen) => {
</div>
</div>
<!-- Device Settings (requires apply) - Admin only -->
<template v-if="props.isAdmin">
<Separator />
<!-- Device Settings (requires apply) -->
<Separator />
<div class="space-y-3">
<div class="space-y-3">
<div class="flex items-center justify-between">
<h5 class="text-xs font-medium text-muted-foreground">
{{ t('actionbar.audioDeviceSettings') }}
@@ -311,7 +309,6 @@ watch(() => props.open, (isOpen) => {
<span>{{ applying ? t('actionbar.applying') : t('common.apply') }}</span>
</Button>
</div>
</template>
</div>
</PopoverContent>
</Popover>

11
web/src/components/HidConfigPopover.vue
View File

@@ -27,7 +27,6 @@ import { useSystemStore } from '@/stores/system'
const props = defineProps<{
open: boolean
mouseMode?: 'absolute' | 'relative'
isAdmin?: boolean
}>()
const emit = defineEmits<{
@@ -304,11 +303,10 @@ watch(() => props.open, (isOpen) => {
</div>
</div>
<!-- HID Device Settings (Requires Apply) - Admin only -->
<template v-if="props.isAdmin">
<Separator />
<!-- HID Device Settings (Requires Apply) -->
<Separator />
<div class="space-y-3">
<div class="space-y-3">
<div class="flex items-center justify-between">
<h5 class="text-xs font-medium text-muted-foreground">{{ t('actionbar.hidDeviceSettings') }}</h5>
<Button
@@ -393,8 +391,7 @@ watch(() => props.open, (isOpen) => {
<Loader2 v-if="applying" class="h-3.5 w-3.5 mr-1.5 animate-spin" />
<span>{{ applying ? t('actionbar.applying') : t('common.apply') }}</span>
</Button>
</div>
</template>
</div>
</div>
</PopoverContent>
</Popover>

13
web/src/components/VideoConfigPopover.vue
View File

@@ -43,7 +43,6 @@ interface VideoDevice {
const props = defineProps<{
open: boolean
videoMode: VideoMode
isAdmin?: boolean
}>()
const emit = defineEmits<{
@@ -619,9 +618,7 @@ watch(currentConfig, () => {
</div>
</div>
<!-- Settings Link - Admin only -->
<Button
v-if="props.isAdmin"
variant="ghost"
size="sm"
class="w-full h-7 text-xs text-muted-foreground hover:text-foreground justify-start px-0"
@@ -632,11 +629,10 @@ watch(currentConfig, () => {
</Button>
</div>
<!-- Device Settings Section - Admin only -->
<template v-if="props.isAdmin">
<Separator />
<!-- Device Settings Section -->
<Separator />
<div class="space-y-3">
<div class="space-y-3">
<div class="flex items-center justify-between">
<h5 class="text-xs font-medium text-muted-foreground">{{ t('actionbar.deviceSettings') }}</h5>
<Button
@@ -784,8 +780,7 @@ watch(currentConfig, () => {
<Loader2 v-if="applying" class="h-3.5 w-3.5 mr-1.5 animate-spin" />
<span>{{ applying ? t('actionbar.applying') : t('common.apply') }}</span>
</Button>
</div>
</template>
</div>
</div>
</PopoverContent>
</Popover>

12
web/src/stores/auth.ts
View File

@@ -4,7 +4,6 @@ import { authApi, systemApi } from '@/api'
export const useAuthStore = defineStore('auth', () => {
const user = ref<string | null>(null)
const isAdmin = ref(false)
const isAuthenticated = ref(false)
const initialized = ref(false)
const needsSetup = ref(false)
@@ -30,12 +29,10 @@ export const useAuthStore = defineStore('auth', () => {
const result = await authApi.check()
isAuthenticated.value = result.authenticated
user.value = result.user || null
isAdmin.value = result.is_admin ?? false
return result
} catch (e) {
isAuthenticated.value = false
user.value = null
isAdmin.value = false
error.value = e instanceof Error ? e.message : 'Not authenticated'
if (e instanceof Error) {
throw e
@@ -53,13 +50,6 @@ export const useAuthStore = defineStore('auth', () => {
if (result.success) {
isAuthenticated.value = true
user.value = username
// After login, fetch admin status
try {
const authResult = await authApi.check()
isAdmin.value = authResult.is_admin ?? false
} catch {
isAdmin.value = false
}
return true
} else {
error.value = result.message || 'Login failed'
@@ -79,7 +69,6 @@ export const useAuthStore = defineStore('auth', () => {
} finally {
isAuthenticated.value = false
user.value = null
isAdmin.value = false
}
}
@@ -124,7 +113,6 @@ export const useAuthStore = defineStore('auth', () => {
return {
user,
isAdmin,
isAuthenticated,
initialized,
needsSetup,

5
web/src/views/ConsoleView.vue
View File

@@ -1923,9 +1923,9 @@ onUnmounted(() => {
:details="hidDetails"
/>
<!-- MSD Status - Admin only, hidden when CH9329 backend (no USB gadget support) -->
<!-- MSD Status - Hidden when CH9329 backend (no USB gadget support) -->
<StatusCard
v-if="authStore.isAdmin && systemStore.msd?.available && systemStore.hid?.backend !== 'ch9329'"
v-if="systemStore.msd?.available && systemStore.hid?.backend !== 'ch9329'"
:title="t('statusCard.msd')"
type="msd"
:status="msdStatus"
@@ -1988,7 +1988,6 @@ onUnmounted(() => {
:mouse-mode="mouseMode"
:video-mode="videoMode"
:ttyd-running="ttydStatus?.running"
:is-admin="authStore.isAdmin"
@toggle-fullscreen="toggleFullscreen"
@toggle-stats="statsSheetOpen = true"
@toggle-virtual-keyboard="handleToggleVirtualKeyboard"