diff --git a/apps/jingrow/jingrow/services/whitelist.py b/apps/jingrow/jingrow/services/whitelist.py index 2964710..03813d8 100644 --- a/apps/jingrow/jingrow/services/whitelist.py +++ b/apps/jingrow/jingrow/services/whitelist.py @@ -72,27 +72,31 @@ async def _process_whitelist_call(request: Request, full_module_path: str): # 确保 apps 目录在 sys.path 中(支持跨 app 导入) ensure_apps_on_sys_path() - # 解析路径并导入 + # 解析路径并导入模块 modulename = ".".join(full_module_path.split('.')[:-1]) methodname = full_module_path.split('.')[-1] module = import_module(modulename) func = getattr(module, methodname) - # 检查白名单(装饰器注册时使用 func.__module__) + # 检查白名单(使用实际导入后的模块名,因为装饰器注册时使用 func.__module__) actual_whitelist_path = f"{module.__name__}.{methodname}" whitelist_info = get_whitelisted_function(actual_whitelist_path) - if whitelist_info: - # 检查 HTTP 方法 - if request.method not in whitelist_info['methods']: - raise HTTPException(status_code=405, detail=f"Method {request.method} not allowed") - - # 检查权限 - if not whitelist_info['allow_guest']: - if not await authenticate_request(request, whitelist_info['allow_guest']): - raise HTTPException(status_code=401, detail="Authentication required") + # 如果函数不在白名单中,返回404(就像路由不存在一样) + if not whitelist_info: + logger.debug(f"函数未在白名单中,返回404: {actual_whitelist_path}") + raise HTTPException(status_code=404, detail="Not Found") - # 调用函数 + # 检查 HTTP 方法 + if request.method not in whitelist_info['methods']: + raise HTTPException(status_code=405, detail=f"Method {request.method} not allowed") + + # 检查权限 + if not whitelist_info['allow_guest']: + if not await authenticate_request(request, whitelist_info['allow_guest']): + raise HTTPException(status_code=401, detail="Authentication required") + + # 调用函数(只有通过白名单验证的函数才能执行到这里) request_data = await _get_request_data(request) result = func(**request_data)