From c70748dde2e2afe794a6a08b9a97a9f4406d8c44 Mon Sep 17 00:00:00 2001 From: Wang Zhuoxuan Date: Thu, 23 Apr 2026 22:27:23 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=20admin=20change-pass?= =?UTF-8?q?word=20=E6=8E=A5=E5=8F=A3=20401=20=E5=92=8C=20CORS=20=E9=97=AE?= =?UTF-8?q?=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - CORS 配置显式放行 PUT/PATCH/DELETE 方法(默认只有 GET/POST/HEAD) - admin-auth 白名单路径修正 /v1/admin/auth/login → /v1/admin/login - JWT verify 后手动赋值 request.user,修复 decoded payload 丢失 --- src/index.ts | 2 +- src/middleware/admin-auth.ts | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/index.ts b/src/index.ts index 8c4a1c5..46ad68f 100644 --- a/src/index.ts +++ b/src/index.ts @@ -32,7 +32,7 @@ async function main(): Promise { // ── Plugins ────────────────────────────────────────────────────── await app.register(helmet); - await app.register(cors, { origin: true }); + await app.register(cors, { origin: true, methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'] }); await app.register(rateLimit, { max: 60, timeWindow: '1 minute', diff --git a/src/middleware/admin-auth.ts b/src/middleware/admin-auth.ts index 0e39e32..3816d9f 100644 --- a/src/middleware/admin-auth.ts +++ b/src/middleware/admin-auth.ts @@ -18,7 +18,7 @@ async function adminAuthMiddleware(app: FastifyInstance): Promise { } // Skip public admin endpoints - const publicPaths = ['/v1/admin/auth', '/v1/admin/auth/login']; + const publicPaths = ['/v1/admin/auth', '/v1/admin/login']; if (publicPaths.some((p) => request.url === p)) { return; } @@ -34,7 +34,7 @@ async function adminAuthMiddleware(app: FastifyInstance): Promise { try { const decoded = app.jwt.verify(token); if (decoded.authType === 'admin') { - // Successfully verified admin JWT - request.jwtVerify() will attach the decoded payload + request.user = decoded; return; } } catch {