fix: 系统全扫描修复 7 个 HIGH 级 Bug

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Your Name
2026-06-02 01:22:00 +08:00
parent ea3046f635
commit 19cfb7caaa
8 changed files with 195 additions and 62 deletions
+10 -7
View File
@@ -636,23 +636,26 @@ async def lock_install():
"""
_reject_if_installed()
# Verify admin account exists before allowing lock
# Verify at least one active admin account exists before allowing lock
try:
from server.infrastructure.database.session import AsyncSessionLocal
from server.infrastructure.database.admin_repo import AdminRepositoryImpl
from sqlalchemy import text as _text
async with AsyncSessionLocal() as session:
repo = AdminRepositoryImpl(session)
admin = await repo.get_by_username("admin")
if not admin:
result = await session.execute(
_text("SELECT COUNT(*) FROM admins WHERE is_active = 1")
)
count = result.scalar() or 0
if count == 0:
raise HTTPException(
status_code=400,
detail="无法锁定:管理员账户尚未创建。请先完成安装步骤4。",
detail="无法锁定:尚无活跃管理员账户。请先完成安装步骤4。",
)
except HTTPException:
raise
except Exception as e:
logger.warning("Failed to verify admin account before locking: %s", e)
# If DB is unreachable, allow lock (admin may have been created but DB is temporarily down)
# If DB is temporarily unreachable, conservatively reject lock
raise HTTPException(status_code=503, detail="数据库暂时不可用,无法验证管理员账户,请稍后重试。")
# Create lock marker file
INSTALL_LOCK.write_text(