fix: me switch me bugs

2024-11-03 01:48:20 +08:00 · 2024-11-03 01:48:20 +08:00 · 8bfa81842b
commit 8bfa81842b
parent 6021aca4ba
2 changed files with 20 additions and 6 deletions
--- a/src/models/user.ts
+++ b/src/models/user.ts
@ -33,8 +33,8 @@ export class User extends Model {
  }
  /**
   * uid 是用于 orgId 的用户id
-   * @param uid 
-   * @returns 
+   * @param uid
+   * @returns
   */
  async createToken(uid?: string) {
    const { id, username, type, supaId } = this;
@ -113,6 +113,9 @@ export class User extends Model {
    if (this.type === 'org') {
      if (this.tokenUser && this.tokenUser.uid) {
        id = this.tokenUser.uid;
+      } else {
+        console.log('getOrgs', 'no uid', this.id, this.username);
+        throw new CustomError('Permission denied');
      }
    }
    const cache = await redis.get(`user:${id}:orgs`);
--- a/src/routes/user/me.ts
+++ b/src/routes/user/me.ts
@ -108,13 +108,20 @@ app
      throw new CustomError('username is required');
    }
    if (tokenUser.username === username) {
+      // 自己刷新自己的token
      const user = await User.findByPk(tokenUser.id);
      if (!user) {
        throw new CustomError('user not found');
      }
-      const token = await user.createToken();
-      ctx.body = token;
-      return;
+      if (user.type === 'user') {
+        const token = await user.createToken();
+        ctx.body = token;
+        return;
+      } else if (user.type === 'org' && tokenUser.uid) {
+        const token = await user.createToken(tokenUser.uid);
+        ctx.body = token;
+        return;
+      }
    }
    let me: User;
    if (tokenUser.uid) {
@ -122,6 +129,10 @@ app
    } else {
      me = await User.findByPk(tokenUser.id); // 真实用户
    }
+    if (!me || me.type === 'org') {
+      console.log('switch Error ', me.username, me.type);
+      throw new CustomError('Permission denied');
+    }
    if (type === 'user') {
      const token = await me.createToken();
      ctx.body = token;
@ -129,7 +140,7 @@ app
    }
    const orgUser = await User.findOne({ where: { username } });
    if (!orgUser) {
-      throw new CustomError('org not found');
+      throw new CustomError('org user not found');
    }
    const user = await Org.findOne({ where: { username } });
    const users = user.users;