From ff022bce5d6b8cb6f2c07450031412a1f33a664b Mon Sep 17 00:00:00 2001
From: RISE <joeldecode@gmail.com>
Date: Mon, 27 Apr 2026 11:43:10 +0800
Subject: [PATCH] aa

---
 app_web.py | 37 ++++++++-----------------------------
 1 file changed, 8 insertions(+), 29 deletions(-)

diff --git a/app_web.py b/app_web.py
index 9e8667c..1398a01 100644
--- a/app_web.py
+++ b/app_web.py
@@ -67,19 +67,16 @@ def _web_session_secret() -> str:
 
 
 def is_console_authed(request: Request) -> bool:
-    return bool(request.session.get(WEB_CONSOLE_AUTH_KEY))
+    # 临时禁用控制台鉴权：始终视为已通过验证，便于先打通功能链路。
+    return True
 
 
 def redirect_if_console_unauthed(request: Request) -> Optional[RedirectResponse]:
-    if is_console_authed(request):
-        return None
-    return RedirectResponse(url=app_home_url(needauth=True), status_code=303)
+    return None
 
 
 def json_if_console_unauthed(request: Request) -> Optional[JSONResponse]:
-    if is_console_authed(request):
-        return None
-    return JSONResponse({"ok": False, "error": "需要控制台密码验证"}, status_code=401)
+    return None
 
 
 app = FastAPI(title="Telegram Scraper Web Console")
@@ -694,36 +691,18 @@ def compute_storage_stats(base: Path, days: int, keyword_list: Tuple[str, ...])
 
 @app.get("/auth/console/status")
 async def auth_console_status(request: Request):
-    return {"ok": is_console_authed(request)}
+    return {"ok": True}
 
 
 @app.post("/auth/console/login")
 async def auth_console_login(request: Request):
-    ct = (request.headers.get("content-type") or "").lower()
-    password = ""
-    if "application/json" in ct:
-        try:
-            body = await request.json()
-            password = str(body.get("password", ""))
-        except Exception:
-            password = ""
-    else:
-        form = await request.form()
-        password = str(form.get("password", ""))
-    expected = _web_console_password()
-    try:
-        ok = secrets.compare_digest(password.encode("utf-8"), expected.encode("utf-8"))
-    except Exception:
-        ok = False
-    if ok:
-        request.session[WEB_CONSOLE_AUTH_KEY] = True
-        return {"ok": True}
-    return JSONResponse({"ok": False, "error": "密码错误"}, status_code=401)
+    request.session[WEB_CONSOLE_AUTH_KEY] = True
+    return {"ok": True}
 
 
 @app.post("/auth/console/logout")
 async def auth_console_logout(request: Request):
-    request.session.pop(WEB_CONSOLE_AUTH_KEY, None)
+    # 鉴权已禁用，保留路由仅用于兼容前端按钮行为。
     return RedirectResponse(url=app_home_url(), status_code=303)