fix: Access can only be granted after OpenAPI authentication

shaohuzhang1 · shaohuzhang1 · commit 8b5f9ff19cdd · 2025-07-15T14:50:51.000+08:00
diff --git a/apps/common/middleware/doc_headers_middleware.py b/apps/common/middleware/doc_headers_middleware.py
@@ -14,52 +14,99 @@
 from maxkb.const import CONFIG
 
 content = """
-<!doctype html>
+<!DOCTYPE html>
 <html lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta http-equiv="X-UA-Compatible" content="IE=edge" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>Document</title>
-    <script>
-    function setCookie(name, value, days) {
-    var expires = "";
-    if (days) {
-        var date = new Date();
-        date.setTime(date.getTime() + (days*2));
-        expires = "; expires=" + date.toUTCString();
+  </head>
+  <style>
+    /* 弹框内容样式 */
+    .modal-content {
+      background-color: #fefefe;
+      margin: 15% auto; /* 15% 从顶部和自动水平居中 */
+      padding: 20px;
+      border: 1px solid #888;
+      width: 80%; /* 宽度 */
     }
-    document.cookie = name + "=" + (value || "")  + expires + "; path=/";
-}
-      window.onload = () => {
-        var xhr = new XMLHttpRequest()
-        xhr.open('GET', '/api/user/profile', true)
+  </style>
+  <body>
+    <div class="modal-content">
+      <input type="text" id="auth-input" />
+      <button id="auth">认证</button>
+      <button id="goLogin">去登录</button>
+    </div>
+    <script>
+      const setCookie = (name, value, days) => {
+        var expires = "";
+        if (days) {
+          var date = new Date();
+          date.setTime(date.getTime() + days * 2);
+          expires = "; expires=" + date.toUTCString();
+        }
+        document.cookie = name + "=" + (value || "") + expires + "; path=/";
+      };
+      const authToken = (token) => {
+        return new Promise((resolve, reject) => {
+          try {
+            var xhr = new XMLHttpRequest();
+            xhr.open("GET", "/api/user/profile", true);
+            xhr.setRequestHeader("Content-Type", "application/json");
+            const pathname = window.location.pathname;
+            if (token) {
+              xhr.setRequestHeader("Authorization", "Bearer " + token);
+              xhr.onreadystatechange = function () {
+                if (xhr.readyState === 4) {
+                  if (xhr.status === 200) {
+                    resolve(true);
+                  } else {
+                    reject(true);
+                  }
+                }
+              };
 
-        xhr.setRequestHeader('Content-Type', 'application/json')
-        const token = localStorage.getItem('token')
-        const pathname = window.location.pathname
-        if (token) {
-          xhr.setRequestHeader('Authorization', 'Bearer '+token)
-          xhr.onreadystatechange = function () {
-            if (xhr.readyState === 4) {
-              if (xhr.status === 200) {
-                setCookie("Authorization",'Bearer '+token)
-                window.location.href = pathname
-              }
-              if (xhr.status === 401) {
-                window.location.href = '/admin/login'
-              }
+              xhr.send();
             }
+          } catch (e) {
+            reject(false);
           }
+        });
+      };
+      window.onload = () => {
+        const token = localStorage.getItem("token");
+        authToken(token)
+          .then(() => {
+            setCookie("Authorization", "Bearer " + token);
+            window.location.href = window.location.pathname;
+          })
+          .catch((e) => {});
+      };
+      // 获取元素
+      const auth = document.getElementById("auth");
+      const goLogin = document.getElementById("goLogin");
 
-          xhr.send()
-        } else {
-          window.location.href = '/admin/login'
-        }
-      }
+      // 打开弹框函数
+      auth.onclick = ()=> {
+        const authInput = document.getElementById("auth-input");
+        const token = authInput.value
+        authToken(token)
+          .then(() => {
+            setCookie("Authorization", "Bearer " + token);
+            window.location.href = window.location.pathname;
+          })
+          .catch((e) => {
+            alert("令牌错误");
+          });
+      };
+
+      // 去系统的登录页面
+      goLogin.onclick =  ()=> {
+        window.location.href = "/admin/login";
+      };
     </script>
-  </head>
-  <body></body>
+  </body>
 </html>
 
 """.replace("/api/user/profile", CONFIG.get_admin_path() + '/api/user/profile').replace('/admin/login',
