wanwu/wwjcloud-nest-v1
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
01ed1735dfa0f35a0a3d59b52c5b2b1ca372744b
wwjcloud-nest-v1/wwjcloud/src/common/sys/controllers/admin/ConfigController.ts
万物街 01ed1735df feat: 全面修复安全漏洞和代码规范问题 
- 修复所有 site_id 默认值 0 的安全漏洞,强制从认证载荷获取
- 统一响应格式,移除手动包装,交由全局拦截器处理
- 为所有管理端控制器添加 @Roles 注解进行权限控制
- 移除 PayTemplate 相关代码,对齐 PHP 数据库结构
- 修复依赖注入和模块导入问题
- 解决路由冲突和编译错误
- 完善实体定义和字段对齐

安全修复:
- 修复 412 个文件中的 site_id 默认值问题
- 统一 33 个文件的响应格式
- 添加所有管理端控制器的角色权限控制

技术改进:
- 解决 TypeScript 编译错误
- 修复 NestJS 依赖注入问题
- 统一代码规范和最佳实践
- 与 PHP 业务逻辑 100% 对齐
2025-09-13 08:35:59 +08:00

138 lines
4.3 KiB
TypeScript
Raw Blame History

import { Controller, Get, Post, Body, UseGuards, Req, UnauthorizedException } from '@nestjs/common';
import { ApiTags, ApiOperation, ApiResponse } from '@nestjs/swagger';
import type { Request } from 'express';
import { JwtAuthGuard } from '../../../auth/guards/JwtAuthGuard';
import { RolesGuard } from '../../../auth/guards/RolesGuard';
import { Roles } from '../../../auth/decorators/RolesDecorator';
import { ConfigService } from '../../services/admin/ConfigService';
import {
CopyrightDto,
WebSiteDto,
SceneDomainDto,
ServiceDto,
} from '../../dto/ConfigDto';
interface AuthenticatedRequest extends Request {
user?: {
uid: number;
username: string;
siteId: number;
userType: string;
};
}
/**
* 系统配置控制器 - 管理端
* 路由前缀: /admin/sys/config
*/
@ApiTags('系统配置管理')
@Controller('admin/sys/config')
@UseGuards(JwtAuthGuard, RolesGuard)
@Roles('admin')
export class ConfigController {
constructor(private readonly configService: ConfigService) {}
@Get('copyright')
@ApiOperation({ summary: '获取版权信息' })
@ApiResponse({ status: 200, description: '获取成功' })
async getCopyright(@Req() req: AuthenticatedRequest) {
const siteId = req.user?.siteId;
if (!siteId) {
throw new UnauthorizedException('未授权访问:缺少 site_id');
}
return await this.configService.getCopyright(siteId);
}
@Post('copyright')
@ApiOperation({ summary: '设置版权信息' })
@ApiResponse({ status: 200, description: '设置成功' })
async setCopyright(
@Body() copyrightDto: CopyrightDto,
@Req() req: AuthenticatedRequest,
) {
const siteId = req.user?.siteId;
if (!siteId) {
throw new UnauthorizedException('未授权访问:缺少 site_id');
}
return await this.configService.setCopyright(siteId, copyrightDto);
}
@Get('website')
@ApiOperation({ summary: '获取网站信息' })
@ApiResponse({ status: 200, description: '获取成功' })
async getWebSite(@Req() req: AuthenticatedRequest) {
const siteId = req.user?.siteId;
if (!siteId) {
throw new UnauthorizedException('未授权访问:缺少 site_id');
}
return await this.configService.getWebSite(siteId);
}
@Post('website')
@ApiOperation({ summary: '设置网站信息' })
@ApiResponse({ status: 200, description: '设置成功' })
async setWebSite(
@Body() websiteDto: WebSiteDto,
@Req() req: AuthenticatedRequest,
) {
const siteId = req.user?.siteId;
if (!siteId) {
throw new UnauthorizedException('未授权访问:缺少 site_id');
}
return await this.configService.setWebSite(siteId, websiteDto);
}
@Get('scene-domain')
@ApiOperation({ summary: '获取场景域名配置' })
@ApiResponse({ status: 200, description: '获取成功' })
async getSceneDomain(@Req() req: AuthenticatedRequest) {
const siteId = req.user?.siteId;
if (!siteId) {
throw new UnauthorizedException('未授权访问:缺少 site_id');
}
return await this.configService.getSceneDomain(siteId);
}
@Post('scene-domain')
@ApiOperation({ summary: '设置场景域名配置' })
@ApiResponse({ status: 200, description: '设置成功' })
async setSceneDomain(
@Body() sceneDomainDto: SceneDomainDto,
@Req() req: AuthenticatedRequest,
) {
const siteId = req.user?.siteId;
if (!siteId) {
throw new UnauthorizedException('未授权访问:缺少 site_id');
}
return await this.configService.setSceneDomain(
siteId,
sceneDomainDto,
);
}
@Get('service')
@ApiOperation({ summary: '获取服务配置' })
@ApiResponse({ status: 200, description: '获取成功' })
async getService(@Req() req: AuthenticatedRequest) {
const siteId = req.user?.siteId;
if (!siteId) {
throw new UnauthorizedException('未授权访问:缺少 site_id');
}
return await this.configService.getService(siteId);
}
@Post('service')
@ApiOperation({ summary: '设置服务配置' })
@ApiResponse({ status: 200, description: '设置成功' })
async setService(
@Body() serviceDto: ServiceDto,
@Req() req: AuthenticatedRequest,
) {
const siteId = req.user?.siteId;
if (!siteId) {
throw new UnauthorizedException('未授权访问:缺少 site_id');
}
return await this.configService.setService(siteId, serviceDto);
}
}
Reference in New Issue View Git Blame Copy Permalink