From d0688c57b7125e64b9ae538d3aa7d3b17abd6268 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E8=96=87=E8=96=87=E5=AE=89?= Date: Tue, 3 Feb 2026 11:45:20 +0800 Subject: [PATCH] a --- backend/api/routes/accounts.py | 35 ++++++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/backend/api/routes/accounts.py b/backend/api/routes/accounts.py index 7a4ccc4..81d6c86 100644 --- a/backend/api/routes/accounts.py +++ b/backend/api/routes/accounts.py @@ -90,8 +90,12 @@ async def create_account( @router.get("/{account_id}") -async def get_account_detail(account_id: int, user: Dict[str, Any] = Depends(require_account_access)): +async def get_account_detail( + account_id: int, + user: Dict[str, Any] = Depends(get_current_user) +): """获取账号详情""" + require_account_access(account_id, user) try: acc = Account.get_by_id(account_id) if not acc: @@ -131,9 +135,10 @@ async def update_account( async def update_credentials( account_id: int, data: AccountCredentialsUpdate, - user: Dict[str, Any] = Depends(require_account_owner) + user: Dict[str, Any] = Depends(get_current_user) ): """更新API密钥""" + require_account_owner(account_id, user) try: updates = {} if data.api_key is not None: @@ -155,8 +160,14 @@ async def update_credentials( @router.get("/{account_id}/trading/status") @router.get("/{account_id}/service/status", include_in_schema=False) # 兼容旧路由 -async def get_service_status(account_id: int, user: Dict[str, Any] = Depends(require_account_access)): +async def get_service_status( + account_id: int, + user: Dict[str, Any] = Depends(get_current_user) +): """获取该账号关联的交易服务状态""" + # 手动调用权限检查,因为 Depends(require_account_access) 无法直接获取路径参数 account_id + require_account_access(account_id, user) + try: program = program_name_for_account(account_id) # status @@ -185,8 +196,12 @@ async def get_service_status(account_id: int, user: Dict[str, Any] = Depends(req @router.post("/{account_id}/service/start") -async def start_service(account_id: int, user: Dict[str, Any] = Depends(require_account_owner)): +async def start_service( + account_id: int, + user: Dict[str, Any] = Depends(get_current_user) +): """启动交易服务""" + require_account_owner(account_id, user) try: program = program_name_for_account(account_id) out = run_supervisorctl(["start", program]) @@ -207,8 +222,12 @@ async def start_service(account_id: int, user: Dict[str, Any] = Depends(require_ @router.post("/{account_id}/service/stop") -async def stop_service(account_id: int, user: Dict[str, Any] = Depends(require_account_owner)): +async def stop_service( + account_id: int, + user: Dict[str, Any] = Depends(get_current_user) +): """停止交易服务""" + require_account_owner(account_id, user) try: program = program_name_for_account(account_id) out = run_supervisorctl(["stop", program]) @@ -229,8 +248,12 @@ async def stop_service(account_id: int, user: Dict[str, Any] = Depends(require_a @router.post("/{account_id}/service/restart") -async def restart_service(account_id: int, user: Dict[str, Any] = Depends(require_account_owner)): +async def restart_service( + account_id: int, + user: Dict[str, Any] = Depends(get_current_user) +): """重启交易服务""" + require_account_owner(account_id, user) try: program = program_name_for_account(account_id) out = run_supervisorctl(["restart", program])