s'c1'
This commit is contained in:
@@ -4,18 +4,23 @@ import { getPocketBaseConfig, SITE_ID, VIP_MASTER_SITE_ID } from "@/config/servi
|
||||
const COOKIE_NAME = "pb_session";
|
||||
|
||||
async function getAdminToken(): Promise<string | null> {
|
||||
const email = process.env.POCKETBASE_EMAIL;
|
||||
const password = process.env.POCKETBASE_PASSWORD;
|
||||
const email = process.env.POCKETBASE_EMAIL || process.env.PB_ADMIN_EMAIL;
|
||||
const password = process.env.POCKETBASE_PASSWORD || process.env.PB_ADMIN_PASSWORD;
|
||||
if (!email || !password) return null;
|
||||
const pb = getPocketBaseConfig();
|
||||
const res = await fetch(`${pb.url}/api/admins/auth-with-password`, {
|
||||
method: "POST",
|
||||
headers: { "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ identity: email, password }),
|
||||
});
|
||||
if (!res.ok) return null;
|
||||
const data = await res.json();
|
||||
return data?.token ?? null;
|
||||
const paths = ["/api/admins/auth-with-password", "/api/collections/_superusers/auth-with-password"];
|
||||
for (const path of paths) {
|
||||
const res = await fetch(`${pb.url}${path}`, {
|
||||
method: "POST",
|
||||
headers: { "Content-Type": "application/json" },
|
||||
body: JSON.stringify({ identity: email, password }),
|
||||
});
|
||||
if (res.ok) {
|
||||
const data = await res.json();
|
||||
if (data?.token) return data.token;
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
/** 检查单条 site_vip 是否有效 */
|
||||
@@ -26,18 +31,45 @@ function isValidVip(record: { expires_at?: string | null } | null): boolean {
|
||||
}
|
||||
|
||||
export async function GET(request: NextRequest) {
|
||||
const cookie = request.cookies.get(COOKIE_NAME)?.value;
|
||||
if (!cookie) {
|
||||
return NextResponse.json({ ok: true, vip: false });
|
||||
const token = await getAdminToken();
|
||||
if (!token) return NextResponse.json({ ok: true, vip: false });
|
||||
|
||||
let userId: string | null = null;
|
||||
|
||||
// 优先用邮箱查(Header 传 email,更可靠)
|
||||
const email = request.nextUrl.searchParams.get("email")?.trim();
|
||||
if (email) {
|
||||
const pb = getPocketBaseConfig();
|
||||
const filter = `email="${email.replace(/"/g, '\\"')}"`;
|
||||
const collections = [pb.usersCollection, "_pb_users_auth_"];
|
||||
for (const coll of collections) {
|
||||
const userRes = await fetch(
|
||||
`${pb.url}/api/collections/${coll}/records?filter=${encodeURIComponent(filter)}&perPage=1`,
|
||||
{ headers: { Authorization: `Bearer ${token}` } }
|
||||
);
|
||||
if (userRes.ok) {
|
||||
const userData = await userRes.json();
|
||||
userId = userData?.items?.[0]?.id ?? null;
|
||||
if (userId) break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// 无邮箱或未查到:回退到 cookie 中的 userId
|
||||
if (!userId) {
|
||||
const cookie = request.cookies.get(COOKIE_NAME)?.value;
|
||||
if (!cookie) return NextResponse.json({ ok: true, vip: false });
|
||||
try {
|
||||
const payload = JSON.parse(Buffer.from(cookie, "base64url").toString("utf-8"));
|
||||
userId = payload?.userId ?? null;
|
||||
} catch {
|
||||
return NextResponse.json({ ok: true, vip: false });
|
||||
}
|
||||
}
|
||||
|
||||
if (!userId) return NextResponse.json({ ok: true, vip: false });
|
||||
|
||||
try {
|
||||
const payload = JSON.parse(Buffer.from(cookie, "base64url").toString("utf-8"));
|
||||
const userId = payload?.userId;
|
||||
if (!userId) return NextResponse.json({ ok: true, vip: false });
|
||||
|
||||
const token = await getAdminToken();
|
||||
if (!token) return NextResponse.json({ ok: true, vip: false });
|
||||
|
||||
const pb = getPocketBaseConfig();
|
||||
// 1) 本专题站 VIP(site_id = SITE_ID)2) vip 站 master VIP(site_id = vip)可解锁所有 digital 专题站
|
||||
const filter = `user_id = "${userId}" && (site_id = "${SITE_ID}" || site_id = "${VIP_MASTER_SITE_ID}")`;
|
||||
|
||||
Reference in New Issue
Block a user