wangdl/api-server
2
0
Fork 0
Code Issues 29 Pull Requests Actions Packages Projects Releases Wiki Activity

M-API-ADMIN-INFO P2 | Admin 端点接入 AdminJwtGuard 鉴权 #160

New Issue
Closed
opened 2026-06-09 21:48:38 +08:00 by wangdl · 1 comment
wangdl commented 2026-06-09 21:48:38 +08:00
Owner
Copy Link

审查发现(F3)

AdminReadingController 所有端点未添加 @UseGuards(AdminJwtGuard),当前任何人都可访问管理接口。

修复

@Controller("admin/learning")
@UseGuards(AdminJwtGuard)  // ← 添加此装饰器
// @Roles("ADMIN", "SUPER_ADMIN")  // 可选:角色限制

代码位置

src/modules/reading-event/admin-reading.controller.ts:4

## 审查发现(F3) `AdminReadingController` 所有端点未添加 `@UseGuards(AdminJwtGuard)`,当前任何人都可访问管理接口。 ## 修复 ```typescript @Controller("admin/learning") @UseGuards(AdminJwtGuard) // ← 添加此装饰器 // @Roles("ADMIN", "SUPER_ADMIN") // 可选:角色限制 ``` ## 代码位置 `src/modules/reading-event/admin-reading.controller.ts:4`
wangdl commented 2026-06-09 21:50:25 +08:00
Author
Owner
Copy Link

修复

@UseGuards(AdminJwtGuard) 已添加到 AdminReadingController

## 修复 `@UseGuards(AdminJwtGuard)` 已添加到 `AdminReadingController`。
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
area:activity
活动/统计
area:admin
管理后台
area:admin-api
area:ai
AI/RAG
area:ai-runtime
AI Runtime / AI 分析体系相关
area:analytics
area:api
API 接口
area:auth
认证与授权
area:cos
对象存储
area:database
数据库/Migration
area:import
文件导入/解析
area:knowledge
知识库/知识点
area:learning-info
area:learning-session
area:quiz
测验/自测
area:reading-event
area:reading-progress
area:review
复习系统
area:security
安全相关
audit:api-admin-info
audit:api-info
audit:planned
已完成宏观规划,尚未代码审查
audit:reviewed
blocked-by:api-info-aggregation
blocked-by:api-info-core
blocked-by:api-info-ops
blocked-by:api-info-schema
blocked-by:processor
blocked-by:schema
priority:p0
最高优先级,阻塞发布
priority:p1
高优先级,里程碑必需
priority:p2
中优先级,后续版本
repo:api
API 仓库 Issue
status:blocked
被阻塞
status:done
已完成
status:partial
status:todo
type:aggregation
type:bug
缺陷修复
type:design
设计
type:docs
文档
type:feature
新功能
type:migration
type:refactor
重构
type:test
work:admin-api
work:aggregation
work:api
work:artifact
题目/卡片产物
work:audit
work:circuit-breaker
熔断
work:contract
work:design
架构/协议设计工作
work:docs
work:export
work:extend-existing
work:internal-api
Runtime 内部接口
work:job
Job 调度相关
work:new-module
work:new-table
work:ops
work:query
work:quota
额度/限流
work:schema
Prisma Schema 设计
work:security
work:service
Service 层实现
work:snapshot
Snapshot 构建
work:test
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
suyun-Claude wangdl
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: wangdl/api-server#160
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?