From 06b1b443caea296fa0cb00b212b8e30638f0a794 Mon Sep 17 00:00:00 2001
From: jingrow <support@jingrow.com>
Date: Wed, 29 Oct 2025 23:25:01 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E5=87=BD=E6=95=B0=E6=9C=AA?=
 =?UTF-8?q?=E9=80=9A=E8=BF=87=E7=99=BD=E5=90=8D=E5=8D=95=E6=B3=A8=E5=86=8C?=
 =?UTF-8?q?=E4=B9=9F=E8=83=BD=E8=A2=AB=E8=AE=BF=E9=97=AE=E7=9A=84=E9=97=AE?=
 =?UTF-8?q?=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/jingrow/jingrow/services/whitelist.py | 28 ++++++++++++----------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/apps/jingrow/jingrow/services/whitelist.py b/apps/jingrow/jingrow/services/whitelist.py
index 2964710..03813d8 100644
--- a/apps/jingrow/jingrow/services/whitelist.py
+++ b/apps/jingrow/jingrow/services/whitelist.py
@@ -72,27 +72,31 @@ async def _process_whitelist_call(request: Request, full_module_path: str):
         # 确保 apps 目录在 sys.path 中（支持跨 app 导入）
         ensure_apps_on_sys_path()
         
-        # 解析路径并导入
+        # 解析路径并导入模块
         modulename = ".".join(full_module_path.split('.')[:-1])
         methodname = full_module_path.split('.')[-1]
         module = import_module(modulename)
         func = getattr(module, methodname)
         
-        # 检查白名单（装饰器注册时使用 func.__module__）
+        # 检查白名单（使用实际导入后的模块名，因为装饰器注册时使用 func.__module__）
         actual_whitelist_path = f"{module.__name__}.{methodname}"
         whitelist_info = get_whitelisted_function(actual_whitelist_path)
         
-        if whitelist_info:
-            # 检查 HTTP 方法
-            if request.method not in whitelist_info['methods']:
-                raise HTTPException(status_code=405, detail=f"Method {request.method} not allowed")
-            
-            # 检查权限
-            if not whitelist_info['allow_guest']:
-                if not await authenticate_request(request, whitelist_info['allow_guest']):
-                    raise HTTPException(status_code=401, detail="Authentication required")
+        # 如果函数不在白名单中，返回404（就像路由不存在一样）
+        if not whitelist_info:
+            logger.debug(f"函数未在白名单中，返回404: {actual_whitelist_path}")
+            raise HTTPException(status_code=404, detail="Not Found")
         
-        # 调用函数
+        # 检查 HTTP 方法
+        if request.method not in whitelist_info['methods']:
+            raise HTTPException(status_code=405, detail=f"Method {request.method} not allowed")
+        
+        # 检查权限
+        if not whitelist_info['allow_guest']:
+            if not await authenticate_request(request, whitelist_info['allow_guest']):
+                raise HTTPException(status_code=401, detail="Authentication required")
+        
+        # 调用函数（只有通过白名单验证的函数才能执行到这里）
         request_data = await _get_request_data(request)
         result = func(**request_data)