aa

2026-04-27 11:43:10 +08:00
parent 4ae6898be0
commit ff022bce5d
1 changed files with 8 additions and 29 deletions
--- a/app_web.py
+++ b/app_web.py
@@ -67,19 +67,16 @@ def _web_session_secret() -> str:


 def is_console_authed(request: Request) -> bool:
-    return bool(request.session.get(WEB_CONSOLE_AUTH_KEY))
+    # 临时禁用控制台鉴权：始终视为已通过验证，便于先打通功能链路。
+    return True


 def redirect_if_console_unauthed(request: Request) -> Optional[RedirectResponse]:
-    if is_console_authed(request):
-        return None
-    return RedirectResponse(url=app_home_url(needauth=True), status_code=303)
+    return None


 def json_if_console_unauthed(request: Request) -> Optional[JSONResponse]:
-    if is_console_authed(request):
-        return None
-    return JSONResponse({"ok": False, "error": "需要控制台密码验证"}, status_code=401)
+    return None


 app = FastAPI(title="Telegram Scraper Web Console")
@@ -694,36 +691,18 @@ def compute_storage_stats(base: Path, days: int, keyword_list: Tuple[str, ...])

@app.get("/auth/console/status")
 async def auth_console_status(request: Request):
-    return {"ok": is_console_authed(request)}
+    return {"ok": True}


@app.post("/auth/console/login")
 async def auth_console_login(request: Request):
-    ct = (request.headers.get("content-type") or "").lower()
-    password = ""
-    if "application/json" in ct:
-        try:
-            body = await request.json()
-            password = str(body.get("password", ""))
-        except Exception:
-            password = ""
-    else:
-        form = await request.form()
-        password = str(form.get("password", ""))
-    expected = _web_console_password()
-    try:
-        ok = secrets.compare_digest(password.encode("utf-8"), expected.encode("utf-8"))
-    except Exception:
-        ok = False
-    if ok:
-        request.session[WEB_CONSOLE_AUTH_KEY] = True
-        return {"ok": True}
-    return JSONResponse({"ok": False, "error": "密码错误"}, status_code=401)
+    request.session[WEB_CONSOLE_AUTH_KEY] = True
+    return {"ok": True}


@app.post("/auth/console/logout")
 async def auth_console_logout(request: Request):
-    request.session.pop(WEB_CONSOLE_AUTH_KEY, None)
+    # 鉴权已禁用，保留路由仅用于兼容前端按钮行为。
    return RedirectResponse(url=app_home_url(), status_code=303)