admin/pdnode-account
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

支持速率限制

Browse Source 
然后把oauth单独放一个页面
一些UI调整
This commit is contained in:
Bret
2025-07-30 12:19:38 -07:00
parent b965f90c97
commit 9262ef4076
11 changed files with 745 additions and 404 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
routes/auth.js
View File

@ -6,11 +6,12 @@ const {
loginValidation,
handleValidationErrors
} = require('../middleware/validation');
const { authLimiter } = require('../middleware/rateLimit');
const router = express.Router();
// 注册路由
router.post('/register', registerValidation, handleValidationErrors, async (req, res) => {
router.post('/register', authLimiter, registerValidation, handleValidationErrors, async (req, res) => {
try {
const { username, email, password } = req.body;
@ -62,7 +63,7 @@ router.post('/register', registerValidation, handleValidationErrors, async (req,
});
// 登录路由
router.post('/login', loginValidation, handleValidationErrors, async (req, res) => {
router.post('/login', authLimiter, loginValidation, handleValidationErrors, async (req, res) => {
try {
const { username, password } = req.body;

3
routes/oauth-clients.js
View File

@ -2,6 +2,7 @@ const express = require('express');
const { body, validationResult } = require('express-validator');
const OAuthClient = require('../models/OAuthClient');
const { authenticateToken } = require('../middleware/auth');
const { oauthClientLimiter } = require('../middleware/rateLimit');
const router = express.Router();
@ -93,7 +94,7 @@ const validateRedirectUris = (req, res, next) => {
};
// 1. 创建OAuth客户端
router.post('/clients', authenticateToken, createClientValidation, validateRedirectUris, handleValidationErrors, async (req, res) => {
router.post('/clients', oauthClientLimiter, authenticateToken, createClientValidation, validateRedirectUris, handleValidationErrors, async (req, res) => {
try {
const { name, description, redirect_uris, scopes } = req.body;
const userId = req.user.userId;

9
routes/oauth.js
View File

@ -5,6 +5,7 @@ const OAuthToken = require('../models/OAuthToken');
const User = require('../models/User');
const { authenticateToken } = require('../middleware/auth');
const { authenticateOAuthToken, requireScope } = require('../middleware/oauth');
const { oauthAuthLimiter, oauthTokenLimiter } = require('../middleware/rateLimit');
const router = express.Router();
@ -58,7 +59,7 @@ const handleValidationErrors = (req, res, next) => {
};
// 1. 授权端点 - 验证参数并返回授权信息
router.get('/authorize', authenticateToken, async (req, res) => {
router.get('/authorize', oauthAuthLimiter, authenticateToken, async (req, res) => {
try {
const {
response_type,
@ -141,8 +142,8 @@ router.get('/authorize', authenticateToken, async (req, res) => {
}
});
// 2. 用户同意授权端点
router.post('/authorize/consent', authenticateToken, async (req, res) => {
// 2. 用户同意/拒绝授权端点
router.post('/authorize/consent', oauthAuthLimiter, authenticateToken, async (req, res) => {
try {
const {
client_id,
@ -247,7 +248,7 @@ router.post('/authorize/consent', authenticateToken, async (req, res) => {
});
// 3. 令牌端点 - 交换授权码获取访问令牌
router.post('/token', [
router.post('/token', oauthTokenLimiter, [
body('grant_type').notEmpty().withMessage('grant_type不能为空'),
body('client_id').notEmpty().withMessage('client_id不能为空'),
body('client_secret').notEmpty().withMessage('client_secret不能为空'),