修复显示问题

2026-03-28 18:03:13 +08:00
parent e5611df24e
commit b66ba41431
11 changed files with 139 additions and 27 deletions
--- a/backend/cmd/server/backend/data/filefast.db
+++ b/backend/cmd/server/backend/data/filefast.db
--- a/backend/internal/handler/http.go
+++ b/backend/internal/handler/http.go
@@ -37,6 +37,11 @@ type HTTPHandler struct {
 	deps Dependencies
 }

+const (
+	deviceIDCookieName    = "filefast_device_id"
+	deviceTokenCookieName = "filefast_device_token"
+)
+
 func NewHTTPHandler(deps Dependencies) *HTTPHandler {
 	return &HTTPHandler{deps: deps}
 }
@@ -531,8 +536,7 @@ func (h *HTTPHandler) requireAdmin() gin.HandlerFunc {

 func (h *HTTPHandler) requireDevice() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		deviceID := strings.TrimSpace(c.GetHeader("X-Device-ID"))
-		token := strings.TrimSpace(c.GetHeader("X-Device-Token"))
+		deviceID, token := deviceCredentialsFromRequest(c)
 		if deviceID == "" || token == "" {
 			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "missing device credentials"})
 			return
@@ -546,6 +550,27 @@ func (h *HTTPHandler) requireDevice() gin.HandlerFunc {
 	}
 }

+func deviceCredentialsFromRequest(c *gin.Context) (string, string) {
+	deviceID := strings.TrimSpace(c.GetHeader("X-Device-ID"))
+	token := strings.TrimSpace(c.GetHeader("X-Device-Token"))
+	if deviceID != "" && token != "" {
+		return deviceID, token
+	}
+
+	if deviceID == "" {
+		if value, err := c.Cookie(deviceIDCookieName); err == nil {
+			deviceID = strings.TrimSpace(value)
+		}
+	}
+	if token == "" {
+		if value, err := c.Cookie(deviceTokenCookieName); err == nil {
+			token = strings.TrimSpace(value)
+		}
+	}
+
+	return deviceID, token
+}
+
 func (h *HTTPHandler) authenticatedDeviceID(c *gin.Context) string {
 	value, ok := c.Get("device_id")
 	if !ok {
--- a/backend/internal/handler/http_test.go
+++ b/backend/internal/handler/http_test.go
@@ -114,6 +114,26 @@ func TestTransferStatusUpdateRequiresParticipantOwnership(t *testing.T) {
 	}
 }

+func TestProtectedRoutesAcceptDeviceCredentialsFromCookies(t *testing.T) {
+	router, _ := newTestRouter()
+
+	device := registerDevice(t, router, map[string]any{
+		"device_id": "cookie-device",
+		"name":      "Cookie Device",
+		"type":      "desktop",
+	})
+
+	req := httptest.NewRequest(http.MethodGet, "/api/devices/candidates?deviceId="+device.ID, nil)
+	req.AddCookie(&http.Cookie{Name: deviceIDCookieName, Value: device.ID})
+	req.AddCookie(&http.Cookie{Name: deviceTokenCookieName, Value: device.AuthToken})
+	resp := httptest.NewRecorder()
+	router.ServeHTTP(resp, req)
+
+	if resp.Code != http.StatusOK {
+		t.Fatalf("expected cookie-authenticated request to succeed, got %d: %s", resp.Code, resp.Body.String())
+	}
+}
+
 func newTestRouter() (http.Handler, *store.MemoryStore) {
 	memStore := store.NewMemoryStore(model.RuntimeConfig{})
 	logger := slog.New(slog.NewTextHandler(io.Discard, nil))