From 79ec33b33e002f74c4c0a5335feb9fdce1e7c0eb Mon Sep 17 00:00:00 2001
From: zhangchenhao <zch@bt.cn>
Date: Fri, 9 May 2025 10:39:55 +0800
Subject: [PATCH] =?UTF-8?q?api=E6=B5=8B=E8=AF=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 backend/internal/cert/deploy/btpanel.go | 16 ++++++++--------
 backend/middleware/auth.go              |  3 +++
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/backend/internal/cert/deploy/btpanel.go b/backend/internal/cert/deploy/btpanel.go
index a843efe..d689e45 100644
--- a/backend/internal/cert/deploy/btpanel.go
+++ b/backend/internal/cert/deploy/btpanel.go
@@ -18,7 +18,7 @@ import (
 func generateSignature(timestamp, apiKey string) string {
 	keyMd5 := md5.Sum([]byte(apiKey))
 	keyMd5Hex := strings.ToLower(hex.EncodeToString(keyMd5[:]))
-	
+
 	signMd5 := md5.Sum([]byte(timestamp + keyMd5Hex))
 	signMd5Hex := strings.ToLower(hex.EncodeToString(signMd5[:]))
 	return signMd5Hex
@@ -41,21 +41,21 @@ func RequestBt(data *url.Values, method, providerID, requestUrl string) (map[str
 	}
 	timestamp := time.Now().Unix()
 	token := generateSignature(fmt.Sprintf("%d", timestamp), providerConfig["api_key"])
-	
+
 	data.Set("request_time", fmt.Sprintf("%d", timestamp))
 	data.Set("request_token", token)
-	
+
 	parsedURL, err := url.Parse(providerConfig["url"])
 	if err != nil {
 		return nil, err
 	}
 	baseURL := fmt.Sprintf("%s://%s/", parsedURL.Scheme, parsedURL.Host)
-	
+
 	req, err := http.NewRequest(method, baseURL+requestUrl, strings.NewReader(data.Encode()))
 	if err != nil {
 		return nil, err
 	}
-	
+
 	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
 	req.Header.Set("user-agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36")
 	// 自定义 Transport，跳过 SSL 证书验证
@@ -66,7 +66,7 @@ func RequestBt(data *url.Values, method, providerID, requestUrl string) (map[str
 	tr := &http.Transport{
 		TLSClientConfig: &tls.Config{InsecureSkipVerify: ignoreSsl},
 	}
-	
+
 	client := &http.Client{Transport: tr}
 	resp, err := client.Do(req)
 	if err != nil {
@@ -75,13 +75,13 @@ func RequestBt(data *url.Values, method, providerID, requestUrl string) (map[str
 	}
 	body, _ := io.ReadAll(resp.Body)
 	defer resp.Body.Close()
-	
+
 	var res map[string]interface{}
 	err = json.Unmarshal(body, &res)
 	if err != nil {
 		return nil, fmt.Errorf("返回值解析失败: %v", err)
 	}
-	
+
 	if res["status"] != nil && !res["status"].(bool) {
 		return nil, fmt.Errorf("请求出错: %s", res["msg"].(string))
 	}
diff --git a/backend/middleware/auth.go b/backend/middleware/auth.go
index a3257f7..f57483b 100644
--- a/backend/middleware/auth.go
+++ b/backend/middleware/auth.go
@@ -133,6 +133,9 @@ func checkApiKey(c *gin.Context) bool {
 		c.JSON(http.StatusBadRequest, gin.H{"error": "invalid request"})
 		return false
 	}
+	if form.ApiToken == "" || form.Timestamp == "" {
+		return false
+	}
 	apiKey := public.GetSettingIgnoreError("api_key")
 	if apiKey == "" {
 		c.JSON(http.StatusBadRequest, gin.H{"error": "未开启api"})