wanwu/sub2apipay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: 管理后台支持 Sub2API 管理员 token 认证

Browse Source 
保留原有 ADMIN_TOKEN 认证,同时支持传入 Sub2API 用户 token,
通过 /api/v1/auth/me 验证 role=admin 身份。

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
erio
2026-03-03 00:41:27 +08:00
parent c9462f4f14
commit 21cc90a71f
6 changed files with 31 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/app/api/admin/orders/[id]/cancel/route.ts
View File

@@ -3,7 +3,7 @@ import { verifyAdminToken, unauthorizedResponse } from '@/lib/admin-auth';
import { adminCancelOrder, OrderError } from '@/lib/order/service';
export async function POST(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
if (!verifyAdminToken(request)) return unauthorizedResponse();
if (!await verifyAdminToken(request)) return unauthorizedResponse();
try {
const { id } = await params;

2
src/app/api/admin/orders/[id]/retry/route.ts
View File

@@ -3,7 +3,7 @@ import { verifyAdminToken, unauthorizedResponse } from '@/lib/admin-auth';
import { retryRecharge, OrderError } from '@/lib/order/service';
export async function POST(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
if (!verifyAdminToken(request)) return unauthorizedResponse();
if (!await verifyAdminToken(request)) return unauthorizedResponse();
try {
const { id } = await params;

2
src/app/api/admin/orders/[id]/route.ts
View File

@@ -3,7 +3,7 @@ import { prisma } from '@/lib/db';
import { verifyAdminToken, unauthorizedResponse } from '@/lib/admin-auth';
export async function GET(request: NextRequest, { params }: { params: Promise<{ id: string }> }) {
if (!verifyAdminToken(request)) return unauthorizedResponse();
if (!await verifyAdminToken(request)) return unauthorizedResponse();
const { id } = await params;

2
src/app/api/admin/orders/route.ts
View File

@@ -4,7 +4,7 @@ import { verifyAdminToken, unauthorizedResponse } from '@/lib/admin-auth';
import { Prisma, OrderStatus } from '@prisma/client';
export async function GET(request: NextRequest) {
if (!verifyAdminToken(request)) return unauthorizedResponse();
if (!await verifyAdminToken(request)) return unauthorizedResponse();
const searchParams = request.nextUrl.searchParams;
const page = Math.max(1, Number(searchParams.get('page') || '1'));

2
src/app/api/admin/refund/route.ts
View File

@@ -10,7 +10,7 @@ const refundSchema = z.object({
});
export async function POST(request: NextRequest) {
if (!verifyAdminToken(request)) return unauthorizedResponse();
if (!await verifyAdminToken(request)) return unauthorizedResponse();
try {
const body = await request.json();