初始提交

2026-02-17 08:52:10 +08:00 · 2025-12-28 17:01:42 +08:00
parent 3cace74c08
commit d67e42b067
20 changed files with 1284 additions and 0 deletions
--- a/app/decorators.py
+++ b/app/decorators.py
@@ -0,0 +1,22 @@
+from flask import request, jsonify
+from bson import ObjectId
+from app.extensions import client, logger
+from app.utils.jwt_utils import verify_token
+
+def require_maintainer_permission(f):
+    def wrapper(*args, **kwargs):
+        token = request.headers.get('Authorization', '').replace('Bearer ', '')
+        user_id = verify_token(token)
+
+        if not user_id:
+            return jsonify({"code": 1, "message": "Invalid token"}), 401
+
+        user = client.ht_server.users.find_one({"_id": ObjectId(user_id)})
+        if not user or not user.get("IsMaintainer", False):
+            return jsonify({"code": 2, "message": "Permission denied"}), 403
+
+        request.current_user = user
+        return f(*args, **kwargs)
+
+    wrapper.__name__ = f.__name__
+    return wrapper