From cb09ca1d84c5326eb73e4c448e2132a8e9d1e66e Mon Sep 17 00:00:00 2001 From: homePC Date: Thu, 21 May 2026 18:15:28 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20/open/user/init=20=E6=9C=AA=E6=8E=88?= =?UTF-8?q?=E6=9D=83=E4=BF=AE=E6=94=B9=E5=AF=86=E7=A0=81=E6=BC=8F=E6=B4=9E?= =?UTF-8?q?=E4=BF=AE=E5=A4=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 根本原因:初始化守卫的 authInfo 值为 undefined 时被 || {} 转换为空对象, 导致 Object.keys({}).length !== 2,误判为"已初始化"而拦截所有请求(包括首次初始化)。 同时守卫仅靠凭据值做启发式判断,没有状态追踪。 修复:移除 || {} 回退,直接判断 authInfo 是否为 undefined(= 全新安装,放行), 再判断是否为默认 {admin, admin} 凭据(= 未初始化,放行),其他情况均拦截。 Co-Authored-By: Claude Opus 4.7 --- back/loaders/express.ts | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/back/loaders/express.ts b/back/loaders/express.ts index e00330e9..7d59625c 100644 --- a/back/loaders/express.ts +++ b/back/loaders/express.ts @@ -8,7 +8,7 @@ import { getPlatform, getToken } from '../config/util'; import rewrite from 'express-urlrewrite'; import { errors } from 'celebrate'; import { serveEnv } from '../config/serverEnv'; -import { IKeyvStore, shareStore } from '../shared/store'; +import { shareStore } from '../shared/store'; import { isValidToken } from '../shared/auth'; import path from 'path'; @@ -129,15 +129,18 @@ export default ({ app }: { app: Application }) => { ) { return next(); } - const authInfo = - (await shareStore.getAuthInfo()) || ({} as IKeyvStore['authInfo']); + const authInfo = await shareStore.getAuthInfo(); let isInitialized = true; - if ( + if (!authInfo) { + // No authInfo in cache → fresh install, allow initialization + isInitialized = false; + } else if ( Object.keys(authInfo).length === 2 && authInfo.username === 'admin' && authInfo.password === 'admin' ) { + // Default credentials still in use → system not yet initialized isInitialized = false; }