From f46889619cf1b57894e33e5e7529b3bec4bbbb64 Mon Sep 17 00:00:00 2001 From: zhl Date: Fri, 5 Feb 2021 12:10:56 +0800 Subject: [PATCH] =?UTF-8?q?=E6=B5=8B=E8=AF=95=E7=8E=AF=E5=A2=83=E8=8E=B7?= =?UTF-8?q?=E5=8F=96=E6=B5=8B=E8=AF=95=E7=8E=AF=E5=A2=83=E7=9A=84=E9=82=AE?= =?UTF-8?q?=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/plugins/apiauth.ts | 8 +++++++- src/service/mail.ts | 3 ++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/src/plugins/apiauth.ts b/src/plugins/apiauth.ts index b70aea9..3a75e84 100644 --- a/src/plugins/apiauth.ts +++ b/src/plugins/apiauth.ts @@ -8,6 +8,9 @@ import fastifyPlugin from 'fastify-plugin' import { User } from '../models/User' import { ZError } from '../common/ZError' +const isProd = process.env.NODE_ENV === 'production' +const SERVER_TOKEN = 'ibDbuTmpQn3f48uJr2mBMkGrqvIhSbIg' + declare module 'fastify' { interface FastifyInstance { apiAuth: (request: FastifyRequest, reply: FastifyReply) => {}; @@ -29,7 +32,10 @@ const apiAuthPlugin: FastifyPluginAsync = async function ( fastify.decorate('apiAuth', async function (request: FastifyRequest, reply: FastifyReply) { if (request.url.startsWith('/svr')) { // @ts-ignore - let { accountid } = request.params + let { accountid, token } = request.params + if (isProd && (!token || token != SERVER_TOKEN)) { + throw new ZError(403, 'no auth') + } if (accountid) { request.user = await User.findById(accountid) } diff --git a/src/service/mail.ts b/src/service/mail.ts index 47ae0b9..3646215 100644 --- a/src/service/mail.ts +++ b/src/service/mail.ts @@ -1,7 +1,8 @@ import axios from 'axios' import { generateKeyValStr } from '../utils/string.util' -const MAIL_ATTACHMENT_URL = 'https://gamemail.kingsome.cn/webapp/index.php?c=Mail&a=getAttachment' +const isProd = process.env.NODE_ENV === 'production' +const MAIL_ATTACHMENT_URL = `https://gamemail${isProd ? '' : '-test'}.kingsome.cn/webapp/index.php?c=Mail&a=getAttachment` /** * 领取邮件附件