Fix 403 bug for /api/login/* APIs

2025-07-03 12:30:19 +08:00 · 2022-09-09 01:53:21 +08:00
parent 6035b98653
commit 10f1c37730
1 changed files with 3 additions and 1 deletions
--- a/authz/authz.go
+++ b/authz/authz.go
@ -15,6 +15,8 @@
 package authz

 import (
+	"strings"
+
 	"github.com/casbin/casbin/v2"
 	"github.com/casbin/casbin/v2/model"
 	xormadapter "github.com/casbin/xorm-adapter/v2"
@ -144,7 +146,7 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o

 func isAllowedInDemoMode(subOwner string, subName string, method string, urlPath string, objOwner string, objName string) bool {
 	if method == "POST" {
-		if urlPath == "/api/login" || urlPath == "/api/logout" || urlPath == "/api/signup" || urlPath == "/api/send-verification-code" {
+		if strings.HasPrefix(urlPath, "/api/login") || urlPath == "/api/logout" || urlPath == "/api/signup" || urlPath == "/api/send-verification-code" {
 			return true
 		} else if urlPath == "/api/update-user" {
 			// Allow ordinary users to update their own information