perf: Authenticate invalid msg

fit2cloud-chenyw · fit2cloud-chenyw · commit c54f8640d7c5 · 2025-07-30T17:28:32.000+08:00
diff --git a/backend/apps/system/crud/user.py b/backend/apps/system/crud/user.py
@@ -26,6 +26,8 @@ def get_user_by_account(*, session: Session, account: str) -> BaseUserDTO | None
 @cache(namespace=CacheNamespace.AUTH_INFO, cacheName=CacheName.USER_INFO, keyExpression="user_id")
 async def get_user_info(*, session: Session, user_id: int) -> UserInfoDTO | None:
     db_user: UserModel = get_db_user(session = session, user_id = user_id)
+    if not db_user:
+        return None
     userInfo = UserInfoDTO.model_validate(db_user.model_dump())
     userInfo.isAdmin = userInfo.id == 1 and userInfo.account == 'admin'
     if userInfo.isAdmin:
diff --git a/backend/apps/system/middleware/auth.py b/backend/apps/system/middleware/auth.py
@@ -13,9 +13,11 @@
 from common.core import security
 from common.core.config import settings
 from common.core.schemas import TokenPayload
+from common.utils.locale import I18n
 from common.utils.utils import SQLBotLogUtil
 from common.utils.whitelist import whiteUtils
 from fastapi.security.utils import get_authorization_scheme_param
+from common.core.deps import get_i18n
 class TokenMiddleware(BaseHTTPMiddleware):
     
     
@@ -29,27 +31,31 @@ async def dispatch(self, request, call_next):
             return await call_next(request)
         assistantTokenKey = settings.ASSISTANT_TOKEN_KEY
         assistantToken = request.headers.get(assistantTokenKey)
+        trans = await get_i18n(request)
         #if assistantToken and assistantToken.lower().startswith("assistant "):
         if assistantToken:
             validator: tuple[any] = await self.validateAssistant(assistantToken)
             if validator[0]:
                 request.state.current_user = validator[1]
                 request.state.assistant = validator[2]
                 return await call_next(request)
-            return JSONResponse(f"Unauthorized:[{validator[1]}]", status_code=401, headers={"Access-Control-Allow-Origin": "*"})
+            message = trans('i18n_permission.authenticate_invalid', msg = validator[1])
+            return JSONResponse(message, status_code=401, headers={"Access-Control-Allow-Origin": "*"})
         #validate pass
         tokenkey = settings.TOKEN_KEY
         token = request.headers.get(tokenkey)
-        validate_pass, data = await self.validateToken(token)
+        validate_pass, data = await self.validateToken(token, trans)
         if validate_pass:
             request.state.current_user = data
             return await call_next(request)
-        return JSONResponse(f"Unauthorized:[{data}]", status_code=401, headers={"Access-Control-Allow-Origin": "*"})
+        
+        message = trans('i18n_permission.authenticate_invalid', msg = data)
+        return JSONResponse(message, status_code=401, headers={"Access-Control-Allow-Origin": "*"})
     
     def is_options(self, request: Request):
         return request.method == "OPTIONS"
     
-    async def validateToken(self, token: Optional[str]):
+    async def validateToken(self, token: Optional[str], trans: I18n):
         if not token:
             return False, f"Miss Token[{settings.TOKEN_KEY}]!"
         schema, param = get_authorization_scheme_param(token)
@@ -63,17 +69,15 @@ async def validateToken(self, token: Optional[str]):
             with Session(engine) as session:
                 session_user = await get_user_info(session = session, user_id = token_data.id)
                 if not session_user:
-                    raise Exception(f"User not found with id: {token_data.id}")
+                    message = trans('i18n_not_exist', msg = trans('i18n_user.account'))
+                    raise Exception(message)
                 session_user = UserInfoDTO.model_validate(session_user)
                 if session_user.status != 1:
-                    raise Exception(f"User is not active!")
+                    message = trans('i18n_login.user_disable', msg = trans('i18n_concat_admin'))
+                    raise Exception(message)
                 if not session_user.oid or session_user.oid == 0:
-                    raise Exception(f"User default space is not set!")
-                """ if token_data.oid != session_user.oid:
-                    raise HTTPException(
-                        status_code=401,
-                        detail="Default space has been changed, please login again!"
-                    ) """
+                    message = trans('i18n_login.no_associated_ws', msg = trans('i18n_concat_admin'))
+                    raise Exception(message)
                 return True, session_user
         except Exception as e:
             SQLBotLogUtil.exception(f"Token validation error: {str(e)}")
diff --git a/backend/locales/en.json b/backend/locales/en.json
@@ -24,7 +24,8 @@
     },
     "i18n_permission": {
         "only_admin": "Only administrators can call this!",
-        "no_permission": "No permission to access {url}{msg}"
+        "no_permission": "No permission to access {url}{msg}",
+        "authenticate_invalid": "Authenticate invalid [{msg}]"
     },
     "i18n_llm": {
         "validate_error": "Validation failed [{msg}]",
diff --git a/backend/locales/zh-CN.json b/backend/locales/zh-CN.json
@@ -24,7 +24,8 @@
     },
     "i18n_permission": {
         "only_admin": "仅支持管理员调用！",
-        "no_permission": "无权调用{url}{msg}"
+        "no_permission": "无权调用{url}{msg}",
+        "authenticate_invalid": "认证无效【{msg}】"
         
     },
     "i18n_llm": {
diff --git a/frontend/src/utils/request.ts b/frontend/src/utils/request.ts
@@ -182,7 +182,7 @@ class HttpService {
           setTimeout(() => {
             wsCache.delete('user.token')
             window.location.reload()
-          }, 1000)
+          }, 2000)
           return
         // break
         case 403:
