From 9a5d42c5bf67f56f02691abee3817a5c83fa3e8d Mon Sep 17 00:00:00 2001
From: cool <cool_team@163.com>
Date: Wed, 18 Oct 2023 13:43:56 +0800
Subject: [PATCH] =?UTF-8?q?app=E5=8F=82=E6=95=B0=E9=85=8D=E7=BD=AE?=
 =?UTF-8?q?=E6=8E=A7=E5=88=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/modules/base/config.ts              | 2 ++
 src/modules/base/controller/app/comm.ts | 7 +++++++
 2 files changed, 9 insertions(+)

diff --git a/src/modules/base/config.ts b/src/modules/base/config.ts
index c512e64..62e3189 100644
--- a/src/modules/base/config.ts
+++ b/src/modules/base/config.ts
@@ -15,6 +15,8 @@ export default () => {
     globalMiddlewares: [BaseAuthorityMiddleware, BaseLogMiddleware],
     // 模块加载顺序，默认为0，值越大越优先加载
     order: 10,
+    // app参数配置允许读取的key
+    allowKeys: [],
     // jwt 生成解密token的
     jwt: {
       // 单点登录
diff --git a/src/modules/base/controller/app/comm.ts b/src/modules/base/controller/app/comm.ts
index 1a38efb..e91852b 100644
--- a/src/modules/base/controller/app/comm.ts
+++ b/src/modules/base/controller/app/comm.ts
@@ -24,14 +24,21 @@ export class BaseAppCommController extends BaseController {
   @Inject()
   ctx: Context;
 
+  @Inject('module.base.allowKeys')
+  allowKeys: string[];
+
   @Inject()
   eps: CoolEps;
 
   @Inject()
   baseSysParamService: BaseSysParamService;
 
+  @CoolTag(TagTypes.IGNORE_TOKEN)
   @Get('/param', { summary: '参数配置' })
   async param(@Query('key') key: string) {
+    if (!this.allowKeys.indexOf(key)) {
+      return this.fail('非法操作');
+    }
     return this.ok(await this.baseSysParamService.dataByKey(key));
   }