From 6b2c58c9197bd9522ebaffb817fa046d05607863 Mon Sep 17 00:00:00 2001
From: kingmo888 <17401091+kingmo888@users.noreply.github.com>
Date: Fri, 15 Dec 2023 08:49:23 +0800
Subject: [PATCH] =?UTF-8?q?=E8=B0=83=E6=95=B4=E6=8E=A5=E5=8F=A3=EF=BC=8C?=
 =?UTF-8?q?=E4=BF=9D=E8=AF=81=E5=AE=A2=E6=88=B7=E7=AB=AF=E7=99=BB=E9=99=86?=
 =?UTF-8?q?=E5=90=8E=E4=B8=8B=E6=AC=A1=E8=87=AA=E5=8A=A8=E7=99=BB=E5=BD=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 api/views_api.py                | 14 +++++++++-----
 rustdesk_server_api/settings.py |  2 +-
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/api/views_api.py b/api/views_api.py
index 2c4dc86..d753b8d 100644
--- a/api/views_api.py
+++ b/api/views_api.py
@@ -91,18 +91,22 @@ def currentUser(request):
     if request.method == 'GET':
         result['error'] = '错误的提交方式！'
         return JsonResponse(result)
-
     postdata = json.loads(request.body)
     rid = postdata.get('id', '')
     uuid = postdata.get('uuid', '')
-
-    user = UserProfile.objects.filter(Q(rid=rid) & Q(uuid=uuid)).first()
-    token = RustDeskToken.objects.filter(Q(uid=user.id) & Q(rid=user.rid)).first()
+    
+    access_token = request.META.get('HTTP_AUTHORIZATION', '')
+    access_token = access_token.split('Bearer ')[-1]
+    token = RustDeskToken.objects.filter(Q(access_token=access_token) ).first()
+    user = None
+    if token:
+        user = UserProfile.objects.filter(Q(id=token.uid)).first()
+    
     if user:
         if token:
             result['access_token'] = token.access_token
         result['type'] = 'access_token'
-        result['user'] = {'name':user.username}
+        result['name'] = {user.username}
     return JsonResponse(result)
 
 
diff --git a/rustdesk_server_api/settings.py b/rustdesk_server_api/settings.py
index 3604bfa..f790d0d 100644
--- a/rustdesk_server_api/settings.py
+++ b/rustdesk_server_api/settings.py
@@ -23,7 +23,7 @@ CSRF_TRUSTED_ORIGINS = [os.environ.get("CSRF_TRUSTED_ORIGINS", "http://www.baidu
 SECRET_KEY = 'j%7yjvygpih=6b%qf!q%&ixpn+27dngzdu-i3xh-^3xgy3^nnc'
 
 # SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
+DEBUG = False
 DEFAULT_AUTO_FIELD = 'django.db.models.AutoField'
 ALLOWED_HOSTS = ["*"]
 AUTH_USER_MODEL = 'api.UserProfile'      #AppName.自定义user