wuyuan/ClassworksKV
1
1
Fork 0
mirror of https://github.com/ZeroCatDev/ClassworksKV.git synced 2025-12-08 22:53:10 +00:00
Code Releases Activity

Deprecate device password management endpoints to resolve JWT token error

Browse Source 
Co-authored-by: Sunwuyuan <88357633+Sunwuyuan@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot] 2025-11-14 14:15:04 +00:00
parent 8a7500a01c
commit 6b3e58d68f
1 changed files with 10 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

151
routes/device.js
View File

@ -173,192 +173,61 @@ router.put(
/** /**
* POST /devices/:uuid/password * POST /devices/:uuid/password
* @deprecated 此端点已弃用请使用 AutoAuth 自动授权功能
* 初次设置设备密码 (无需认证仅当设备未设置密码时) * 初次设置设备密码 (无需认证仅当设备未设置密码时)
*/ */
router.post( router.post(
"/:uuid/password", "/:uuid/password",
errors.catchAsync(async (req, res, next) => { errors.catchAsync(async (req, res, next) => {
const { uuid } = req.params; return next(errors.createError(410, "此功能已弃用,请使用 AutoAuth 自动授权功能代替设备密码"));
const newPassword = req.query.newPassword || req.body.newPassword;
if (!newPassword) {
return next(errors.createError(400, "新密码是必需的"));
}
// 查找设备
const device = await prisma.device.findUnique({
where: { uuid },
});
if (!device) {
return next(errors.createError(404, "设备不存在"));
}
// 只有在设备未设置密码时才允许无认证设置
if (device.password) {
return next(errors.createError(403, "设备已设置密码,请使用修改密码接口"));
}
const hashedPassword = await hashPassword(newPassword);
await prisma.device.update({
where: { id: device.id },
data: {
password: hashedPassword,
},
});
return res.json({
success: true,
message: "密码设置成功",
});
}) })
); );
/** /**
* PUT /devices/:uuid/password * PUT /devices/:uuid/password
* @deprecated 此端点已弃用请使用 AutoAuth 自动授权功能
* 修改设备密码 (需要UUID认证和当前密码验证账户拥有者除外) * 修改设备密码 (需要UUID认证和当前密码验证账户拥有者除外)
*/ */
router.put( router.put(
"/:uuid/password", "/:uuid/password",
uuidAuth,
errors.catchAsync(async (req, res, next) => { errors.catchAsync(async (req, res, next) => {
const currentPassword = req.query.currentPassword; return next(errors.createError(410, "此功能已弃用,请使用 AutoAuth 自动授权功能代替设备密码"));
const newPassword = req.query.newPassword || req.body.newPassword;
const passwordHint = req.query.passwordHint || req.body.passwordHint;
const device = res.locals.device;
const isAccountOwner = res.locals.isAccountOwner;
if (!newPassword) {
return next(errors.createError(400, "新密码是必需的"));
}
// 如果是账户拥有者,无需验证当前密码
if (!isAccountOwner) {
if (!device.password) {
return next(errors.createError(400, "设备未设置密码,请使用设置密码接口"));
}
if (!currentPassword) {
return next(errors.createError(400, "当前密码是必需的"));
}
// 验证当前密码
const isCurrentPasswordValid = await verifyDevicePassword(currentPassword, device.password);
if (!isCurrentPasswordValid) {
return next(errors.createError(401, "当前密码错误"));
}
}
const hashedNewPassword = await hashPassword(newPassword);
await prisma.device.update({
where: { id: device.id },
data: {
password: hashedNewPassword,
passwordHint: passwordHint !== undefined ? passwordHint : device.passwordHint,
},
});
return res.json({
success: true,
message: "密码修改成功",
});
}) })
); );
/** /**
* PUT /devices/:uuid/password-hint * PUT /devices/:uuid/password-hint
* @deprecated 此端点已弃用请使用 AutoAuth 自动授权功能
* 设置密码提示 (需要UUID认证) * 设置密码提示 (需要UUID认证)
*/ */
router.put( router.put(
"/:uuid/password-hint", "/:uuid/password-hint",
uuidAuth,
errors.catchAsync(async (req, res, next) => { errors.catchAsync(async (req, res, next) => {
const { passwordHint } = req.body; return next(errors.createError(410, "此功能已弃用,请使用 AutoAuth 自动授权功能代替设备密码"));
const device = res.locals.device;
await prisma.device.update({
where: { id: device.id },
data: { passwordHint: passwordHint || null },
});
return res.json({
success: true,
message: "密码提示设置成功",
passwordHint: passwordHint || null,
});
}) })
); );
/** /**
* GET /devices/:uuid/password-hint * GET /devices/:uuid/password-hint
* @deprecated 此端点已弃用请使用 AutoAuth 自动授权功能
* 获取设备密码提示 (无需认证) * 获取设备密码提示 (无需认证)
*/ */
router.get( router.get(
"/:uuid/password-hint", "/:uuid/password-hint",
errors.catchAsync(async (req, res, next) => { errors.catchAsync(async (req, res, next) => {
const { uuid } = req.params; return next(errors.createError(410, "此功能已弃用,请使用 AutoAuth 自动授权功能代替设备密码"));
const device = await prisma.device.findUnique({
where: { uuid },
select: {
passwordHint: true,
},
});
if (!device) {
return next(errors.createError(404, "设备不存在"));
}
return res.json({
success: true,
passwordHint: device.passwordHint || null,
});
}) })
); );
/** /**
* DELETE /devices/:uuid/password * DELETE /devices/:uuid/password
* @deprecated 此端点已弃用请使用 AutoAuth 自动授权功能
* 删除设备密码 (需要UUID认证和密码验证账户拥有者除外) * 删除设备密码 (需要UUID认证和密码验证账户拥有者除外)
*/ */
router.delete( router.delete(
"/:uuid/password", "/:uuid/password",
uuidAuth,
errors.catchAsync(async (req, res, next) => { errors.catchAsync(async (req, res, next) => {
const password = req.query.password; return next(errors.createError(410, "此功能已弃用,请使用 AutoAuth 自动授权功能代替设备密码"));
const device = res.locals.device;
const isAccountOwner = res.locals.isAccountOwner;
if (!device.password) {
return next(errors.createError(400, "设备未设置密码"));
}
// 如果不是账户拥有者,需要验证密码
if (!isAccountOwner) {
if (!password) {
return next(errors.createError(400, "密码是必需的"));
}
// 验证密码
const isPasswordValid = await verifyDevicePassword(password, device.password);
if (!isPasswordValid) {
return next(errors.createError(401, "密码错误"));
}
}
await prisma.device.update({
where: { id: device.id },
data: {
password: null,
passwordHint: null,
},
});
return res.json({
success: true,
message: "密码删除成功",
});
}) })
); );