CrescentLeaf/LingChair
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: 限制用户访问任意私聊

Browse Source
This commit is contained in:
CrescentLeaf
2025-10-19 11:55:57 +08:00
parent 306bfa2b82
commit 5a34054024
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/api/ChatApi.ts
View File

@@ -43,6 +43,10 @@ export default class ChatApi extends BaseApi {
// 私聊 // 私聊
if (chat!.bean.type == 'private') { if (chat!.bean.type == 'private') {
if (!UserChatLinker.checkUserIsLinkedToChat(token.author, chat!.bean.id)) return {
code: 403,
msg: "用户无权访问此对话",
}
const mine = User.findById(token.author) as User const mine = User.findById(token.author) as User
return { return {