MCPcopy
hub / github.com/7836246/cursor2api / logViewerAuth

Function logViewerAuth

src/index.ts:46–65  ·  view source on GitHub ↗
(req: express.Request, res: express.Response, next: express.NextFunction)

Source from the content-addressed store, hash-verified

44
45// ★ 日志查看器鉴权中间件:配置了 authTokens 时需要验证
46const logViewerAuth = (req: express.Request, res: express.Response, next: express.NextFunction) => {
47 const tokens = getConfig().authTokens;
48 if (!tokens || tokens.length === 0) return next(); // 未配置 token 则放行
49
50 // 支持多种传入方式: query ?token=xxx, Authorization header, x-api-key header
51 const tokenFromQuery = req.query.token as string | undefined;
52 const authHeader = req.headers['authorization'] || req.headers['x-api-key'];
53 const tokenFromHeader = authHeader ? String(authHeader).replace(/^Bearer\s+/i, '').trim() : undefined;
54 const token = tokenFromQuery || tokenFromHeader;
55
56 if (!token || !tokens.includes(token)) {
57 // HTML 页面请求 → 返回登录页; API 请求 → 返回 JSON 错误
58 if (req.path === '/logs') {
59 return serveLogViewerLogin(req, res);
60 }
61 res.status(401).json({ error: { message: 'Unauthorized. Provide token via ?token=xxx or Authorization header.', type: 'auth_error' } });
62 return;
63 }
64 next();
65};
66
67// ★ 日志查看器路由(带鉴权)
68app.get('/logs', logViewerAuth, serveLogViewer);

Callers

nothing calls this directly

Calls 4

getConfigFunction · 0.90
serveLogViewerLoginFunction · 0.85
jsonMethod · 0.45
statusMethod · 0.45

Tested by

no test coverage detected