fix: 修复 admin change-password 接口 401 和 CORS 问题
- CORS 配置显式放行 PUT/PATCH/DELETE 方法(默认只有 GET/POST/HEAD) - admin-auth 白名单路径修正 /v1/admin/auth/login → /v1/admin/login - JWT verify 后手动赋值 request.user,修复 decoded payload 丢失
This commit is contained in:
parent
2c97412c82
commit
c70748dde2
@ -32,7 +32,7 @@ async function main(): Promise<void> {
|
||||
// ── Plugins ──────────────────────────────────────────────────────
|
||||
|
||||
await app.register(helmet);
|
||||
await app.register(cors, { origin: true });
|
||||
await app.register(cors, { origin: true, methods: ['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'] });
|
||||
await app.register(rateLimit, {
|
||||
max: 60,
|
||||
timeWindow: '1 minute',
|
||||
|
||||
@ -18,7 +18,7 @@ async function adminAuthMiddleware(app: FastifyInstance): Promise<void> {
|
||||
}
|
||||
|
||||
// Skip public admin endpoints
|
||||
const publicPaths = ['/v1/admin/auth', '/v1/admin/auth/login'];
|
||||
const publicPaths = ['/v1/admin/auth', '/v1/admin/login'];
|
||||
if (publicPaths.some((p) => request.url === p)) {
|
||||
return;
|
||||
}
|
||||
@ -34,7 +34,7 @@ async function adminAuthMiddleware(app: FastifyInstance): Promise<void> {
|
||||
try {
|
||||
const decoded = app.jwt.verify<JwtPayload>(token);
|
||||
if (decoded.authType === 'admin') {
|
||||
// Successfully verified admin JWT - request.jwtVerify() will attach the decoded payload
|
||||
request.user = decoded;
|
||||
return;
|
||||
}
|
||||
} catch {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user