member/member-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(auth): use group-only admin access and remove admin api-key flow from frontend/admin routes

Browse Source
This commit is contained in:
Chris
2026-03-30 21:39:43 +08:00
parent 15eee2fc9a
commit e1a6bbd844
11 changed files with 6 additions and 168 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
frontend/src/api/http.js
View File

@@ -2,8 +2,6 @@ import axios from 'axios'
import router from '@/router'
const BASE_URL = import.meta.env.VITE_API_BASE_URL
const ENV_ADMIN_CLIENT_KEY = import.meta.env.VITE_ADMIN_CLIENT_KEY
const ENV_ADMIN_API_KEY = import.meta.env.VITE_ADMIN_API_KEY
// 使用者 API帶 Bearer token
export const userHttp = axios.create({ baseURL: BASE_URL })
@@ -27,7 +25,7 @@ userHttp.interceptors.response.use(
}
)
// 管理員 APIX-Client-Key / X-API-Key
// 管理員 APIBearer token後端再檢查 admin 群組)
export const adminHttp = axios.create({ baseURL: BASE_URL })
adminHttp.interceptors.request.use(config => {
@@ -35,16 +33,6 @@ adminHttp.interceptors.request.use(config => {
if (token) {
config.headers['Authorization'] = `Bearer ${token}`
}
const clientKey = sessionStorage.getItem('admin_client_key') || ENV_ADMIN_CLIENT_KEY
const apiKey = sessionStorage.getItem('admin_api_key') || ENV_ADMIN_API_KEY
if (clientKey && !sessionStorage.getItem('admin_client_key')) {
sessionStorage.setItem('admin_client_key', clientKey)
}
if (apiKey && !sessionStorage.getItem('admin_api_key')) {
sessionStorage.setItem('admin_api_key', apiKey)
}
if (clientKey) config.headers['X-Client-Key'] = clientKey
if (apiKey) config.headers['X-API-Key'] = apiKey
return config
})