/api/search/resources add user check

Author: senshinya

CHANGELOG

@@ -1,3 +1,9 @@
+## [100.0.2] - 2025-10-23
+
+### Fixed
+
+- 修复 /api/search/resources 接口越权问题
+
 ## [100.0.1] - 2025-09-25
 
 ### Fixed

VERSION.txt

@@ -1 +1 @@
-100.0.1
+100.0.2

src/app/api/search/resources/route.ts

@@ -1,16 +1,19 @@
 /* eslint-disable no-console */
 
 import { NextRequest, NextResponse } from 'next/server';
-
+import { getAuthInfoFromCookie } from '@/lib/auth';
 import { getAvailableApiSites } from '@/lib/config';
 
 export const runtime = 'nodejs';
 
 // OrionTV 兼容接口
 export async function GET(request: NextRequest) {
-  console.log('request', request.url);
+  const authInfo = getAuthInfoFromCookie(request);
+  if (!authInfo || !authInfo.username) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
+  }
   try {
-    const apiSites = await getAvailableApiSites();
+    const apiSites = await getAvailableApiSites(authInfo.username);
 
     return NextResponse.json(apiSites);
   } catch (error) {

src/lib/changelog.ts

@@ -10,6 +10,19 @@ export interface ChangelogEntry {
 }
 
 export const changelog: ChangelogEntry[] = [
+  {
+    version: "100.0.2",
+    date: "2025-10-23",
+    added: [
+      // 无新增内容
+    ],
+    changed: [
+      // 无变更内容
+    ],
+    fixed: [
+      "修复 /api/search/resources 接口越权问题"
+    ]
+  },
   {
     version: "100.0.1",
     date: "2025-09-25",
@@ -19,7 +32,7 @@ export const changelog: ChangelogEntry[] = [
     changed: [
       // 无变更内容
     ],
-      fixed: [
+    fixed: [
       "修复错误的环境变量 ADMIN_USERNAME",
       "修复 bangumi 数据中没有图片导致首页崩溃问题"
     ]

src/lib/version.ts

@@ -1,6 +1,6 @@
 /* eslint-disable no-console */
 
-const CURRENT_VERSION = '100.0.1';
+const CURRENT_VERSION = '100.0.2';
 
 // 导出当前版本号供其他地方使用
 export { CURRENT_VERSION };