member/member-frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(security): enforce admin allowlist guard on admin APIs and attach bearer for admin client

Browse Source
This commit is contained in:
Chris
2026-03-30 21:25:57 +08:00
parent b9e9df350c
commit d90862205c
1 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/api/http.js
View File

@@ -31,6 +31,10 @@ userHttp.interceptors.response.use(
export const adminHttp = axios.create({ baseURL: BASE_URL }) export const adminHttp = axios.create({ baseURL: BASE_URL })
adminHttp.interceptors.request.use(config => { adminHttp.interceptors.request.use(config => {
const token = localStorage.getItem('access_token')
if (token) {
config.headers['Authorization'] = `Bearer ${token}`
}
const clientKey = sessionStorage.getItem('admin_client_key') || ENV_ADMIN_CLIENT_KEY const clientKey = sessionStorage.getItem('admin_client_key') || ENV_ADMIN_CLIENT_KEY
const apiKey = sessionStorage.getItem('admin_api_key') || ENV_ADMIN_API_KEY const apiKey = sessionStorage.getItem('admin_api_key') || ENV_ADMIN_API_KEY
if (clientKey && !sessionStorage.getItem('admin_client_key')) { if (clientKey && !sessionStorage.getItem('admin_client_key')) {
@@ -43,3 +47,14 @@ adminHttp.interceptors.request.use(config => {
if (apiKey) config.headers['X-API-Key'] = apiKey if (apiKey) config.headers['X-API-Key'] = apiKey
return config return config
}) })
adminHttp.interceptors.response.use(
res => res,
err => {
if (err.response?.status === 401) {
localStorage.removeItem('access_token')
router.push('/login')
}
return Promise.reject(err)
}
)