From be30ef7e3ecfd1510b4b6fdccc6894dc213ecabf Mon Sep 17 00:00:00 2001
From: zhl <zhl010101@gmail.com>
Date: Wed, 13 Jan 2021 15:44:22 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E6=8E=A5=E5=8F=A3=E7=9A=84?=
 =?UTF-8?q?=E9=AA=8C=E8=AF=81=E6=96=B9=E5=BC=8F?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/plugins/apiauth.ts | 45 +++++++++++++++++++++---------------------
 1 file changed, 23 insertions(+), 22 deletions(-)

diff --git a/src/plugins/apiauth.ts b/src/plugins/apiauth.ts
index 6eac69f..8c44943 100644
--- a/src/plugins/apiauth.ts
+++ b/src/plugins/apiauth.ts
@@ -30,29 +30,30 @@ const apiAuthPlugin: FastifyPluginAsync = async function(
             try {
                 if (request.roles.indexOf('svr') >= 0) {
                     // TODO: check svr
-                    return;
+                } else {
+                    // @ts-ignore
+                    let { accountid, sessionid } = request.params;
+                    //TODO: 增加sessionid的校验
+                    // if (!accountid || !sessionid) {
+                    //     return reply.send({code: 11, msg: 'need accountid and sessionid'});
+                    // }
+                    if (!accountid) {
+                        return reply.send({code: 2, msg: 'need accountid and sessionid'});
+                    }
+                    // const data = this.jwt.verify(request.token);
+                    // if (!data || !data.id) {
+                    //     return reply.send({code: 10, msg: 'need login'});
+                    // }
+                    let account = await User.findById(accountid);
+                    if (!account) {
+                        return reply.send({code: 5, msg: 'account not found'});
+                    }
+                    if (account.locked) {
+                        return reply.send({code: 4, msg: 'account locked'});
+                    }
+                    request.user = account;
                 }
-                // @ts-ignore
-                let { accountid, sessionid } = request.params;
-                //TODO: 增加sessionid的校验
-                // if (!accountid || !sessionid) {
-                //     return reply.send({code: 11, msg: 'need accountid and sessionid'});
-                // }
-                if (!accountid) {
-                    return reply.send({code: 2, msg: 'need accountid and sessionid'});
-                }
-                // const data = this.jwt.verify(request.token);
-                // if (!data || !data.id) {
-                //     return reply.send({code: 10, msg: 'need login'});
-                // }
-                let account = await User.findById(accountid);
-                if (!account) {
-                    return reply.send({code: 5, msg: 'account not found'});
-                }
-                if (account.locked) {
-                    return reply.send({code: 4, msg: 'account locked'});
-                }
-                request.user = account;
+
             } catch (err) {
                 return reply.send({code: 401, msg: 'need auth'})
             }